Not working?????

Discussion in 'ASP General' started by Matt, Apr 11, 2006.

  1. Matt

    Matt Guest

    why isn't this working??? I get an 'Expected end of statement' error
    on last line

    <!-- #include file="adovbs.inc" -->

    <%

    function SetCheckbox(arg)
    if arg then
    SetCheckbox="checked"
    else
    SetCheckbox=""
    end if
    end function

    %>

    <%

    Dim Conn, RS, SQL
    Dim strConnect, strJobArea

    strJobArea = Request.Form("SelectJobArea")


    strConnect = "Driver={Microsoft Access Driver
    (*.mdb)};DBQ=\\CALSJ1\PMAPPS\pmdata.mdb"
    Set conn = Server.CreateObject("ADODB.Connection")

    SQL = "SELECT J.*, D.JobName " _
    & " FROM mstJobs AS J, dtlContacts AS D " _
    & " WHERE J.JobNumber = D.JobNumber " _
    & " AND J.JobAdministrator= '" & strJobArea & "' " _
    & " AND J.ContractStatusClosed = False " _
    & " AND J.ContractStatus = True " _

    Set RS = conn.Execute( SQL )

    %>
    Matt, Apr 11, 2006
    #1
    1. Advertising

  2. Matt wrote:
    > why isn't this working??? I get an 'Expected end of statement' error
    > on last line

    <snip>
    > & " AND J.ContractStatus = True " _
    > Set RS = conn.Execute( SQL )
    >

    You have a line continuation character with no line continuation ...


    Further points to consider:
    You use of dynamic sql is leaving you vulnerable to hackers using sql
    injection:
    http://mvp.unixwiz.net/techtips/sql-injection.html
    http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23

    See here for a better, more secure way to execute your queries by using
    parameter markers:
    http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36562fee7804e

    Personally, I prefer using stored procedures, or saved parameter queries as
    they are known in Access:

    Access:
    http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=

    http://groups.google.com/groups?hl=...=1&selm=


    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.
    Bob Barrows [MVP], Apr 11, 2006
    #2
    1. Advertising

  3. Matt

    Matt Guest

    After removing the continuation character I am getting...

    Error Type:
    ADODB.Connection (0x800A0E78)
    Operation is not allowed when the object is closed.
    Matt, Apr 11, 2006
    #3
  4. Matt wrote:
    > After removing the continuation character I am getting...
    >
    > Error Type:
    > ADODB.Connection (0x800A0E78)
    > Operation is not allowed when the object is closed.


    Open your connection. It's pointless to create a connection string and then
    fail to use it.


    --
    Dave Anderson

    Unsolicited commercial email will be read at a cost of $500 per message. Use
    of this email address implies consent to these terms.
    Dave Anderson, Apr 11, 2006
    #4
  5. Matt

    Matt Guest

    that's what I am having trouble with... i'm not a real strong swimmer
    in this arena! :)
    Matt, Apr 11, 2006
    #5
  6. Matt

    Matt Guest

    I added:

    conn.Open strConnect
    Set RS = conn.Execute( SQL )

    but now i get the following error - 'Too few parameters. Expected 1"

    ????
    Matt, Apr 11, 2006
    #6
  7. Matt

    Matt Guest

    I added:

    conn.Open strConnect
    Set RS = conn.Execute( SQL )

    but now i get the following error - 'Too few parameters. Expected 1"

    ????
    Matt, Apr 11, 2006
    #7
  8. Matt wrote:
    > I added:
    >
    > conn.Open strConnect
    > Set RS = conn.Execute( SQL )
    >
    > but now i get the following error - 'Too few parameters. Expected 1"
    >

    You should go read the links i posted in my first reply.

    It is time to take a look at the actual sql statement:
    response.write SQL

    --
    Microsoft MVP - ASP/ASP.NET
    Please reply to the newsgroup. This email account is my spam trap so I
    don't check it very often. If you must reply off-line, then remove the
    "NO SPAM"
    Bob Barrows [MVP], Apr 12, 2006
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ratman
    Replies:
    0
    Views:
    652
    Ratman
    Sep 14, 2004
  2. Martin Heuckeroth
    Replies:
    5
    Views:
    677
    JiangZemin
    Apr 1, 2005
  3. Alan Silver
    Replies:
    1
    Views:
    3,771
    Alan Silver
    Aug 2, 2005
  4. gaurav tyagi
    Replies:
    14
    Views:
    1,322
    gaurav tyagi
    Jan 20, 2006
  5. Priyanka AGARWAL
    Replies:
    9
    Views:
    9,971
    Gordon Beaton
    May 25, 2004
Loading...

Share This Page