syntax error in update statement in vb.net

Discussion in 'ASP .Net' started by amitbadgi@gmail.com, Aug 12, 2005.

  1. Guest

    HI i am getting the foll error while conv an asp application to
    asp.net
    Exception Details: System.Runtime.InteropServices.COMException: Syntax
    error in UPDATE statement.

    Source Error:

    Line 112: MM_editCmd.ActiveConnection = MM_editConnection
    Line 113: MM_editCmd.CommandText = MM_editQuery
    Line 114: MM_editCmd.Execute
    Line 115: MM_editCmd.ActiveConnection.Close
    Line 116:


    Source File: C:\Documents and Settings\amit\WebSite1\edit_location.aspx
    Line: 114

    Stack Trace:

    [COMException (0x80040e14): Syntax error in UPDATE statement.]

    Microsoft.VisualBasic.CompilerServices.LateBinding.InternalLateCall(Object
    o, Type objType, String name, Object[] args, String[] paramnames,
    Boolean[] CopyBack, Boolean IgnoreReturn) +776

    Microsoft.VisualBasic.CompilerServices.NewLateBinding.LateCall(Object
    Instance, Type Type, String MemberName, Object[] Arguments, String[]
    ArgumentNames, Type[] TypeArguments, Boolean[] CopyBack, Boolean
    IgnoreReturn) +193987
    ASP.edit_location_aspx.__Render__control1(HtmlTextWriter __w,
    Control parameterContainer) in C:\Documents and
    Settings\amit\WebSite1\edit_location.aspx:114
    System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer,
    ICollection children) +98
    System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
    System.Web.UI.Page.Render(HtmlTextWriter writer) +27
    System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,
    ControlAdapter adapter) +53
    System.Web.UI.Control.RenderControl(HtmlTextWriter writer,
    ControlAdapter adapter) +280
    System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +24

    The code whre the statement was declared is as follows,

    <%
    ' *** Update Record: construct a sql update statement and execute it

    If (Trim(Request("MM_update")) <> "" And Trim(Request("MM_recordId"))
    <> "") Then

    ' create the sql update statement
    MM_editQuery = "update " & MM_editTable & " set "
    For MM_i = LBound(MM_fields) To UBound(MM_fields) Step 2
    MM_formVal = MM_fields(MM_i+1)
    MM_typeArray = Split(MM_columns(MM_i+1),",")
    MM_delim = MM_typeArray(0)
    If (MM_delim = "none") Then MM_delim = ""
    MM_altVal = MM_typeArray(1)
    If (MM_altVal = "none") Then MM_altVal = ""
    MM_emptyVal = MM_typeArray(2)
    If (MM_emptyVal = "none") Then MM_emptyVal = ""
    If (MM_formVal = "") Then
    MM_formVal = MM_emptyVal
    Else
    If (MM_altVal <> "") Then
    MM_formVal = MM_altVal
    ElseIf (MM_delim = "'") Then ' escape quotes
    MM_formVal = "'" & Replace(MM_formVal,"'","''") & "'"
    Else
    MM_formVal = MM_delim + MM_formVal + MM_delim
    End If
    End If
    If (MM_i <> LBound(MM_fields)) Then
    MM_editQuery = MM_editQuery & ","
    End If
    MM_editQuery = MM_editQuery & MM_columns(MM_i) & " = " & MM_formVal
    Next
    MM_editQuery = MM_editQuery & " where " & MM_editColumn & " = " &
    MM_recordId

    If (Not MM_abortEdit) Then
    ' execute the update
    MM_editCmd = Server.CreateObject("ADODB.Command")
    MM_editCmd.ActiveConnection = MM_editConnection
    MM_editCmd.CommandText = MM_editQuery
    MM_editCmd.Execute
    MM_editCmd.ActiveConnection.Close

    If (MM_editRedirectUrl <> "") Then
    Response.Redirect(MM_editRedirectUrl)
    End If
    End If

    End If
    %>
     
    , Aug 12, 2005
    #1
    1. Advertising

  2. note that you are very susceptible to a type of malicious attack called SQL
    Injection with the code below. You need to use parameters instead of
    building your SQL statement this way.

    The error is caused because the SQL statement that you are submitting to the
    database is not valid. Look at it in the debugger and see if you can see
    the error. You didn't post the actual SQL statement, so it is hard for me
    to help.

    --
    --- Nick Malik [Microsoft]
    MCSD, CFPS, Certified Scrummaster
    http://blogs.msdn.com/nickmalik

    Disclaimer: Opinions expressed in this forum are my own, and not
    representative of my employer.
    I do not answer questions on behalf of my employer. I'm just a
    programmer helping programmers.
    --
    <> wrote in message
    news:...
    > HI i am getting the foll error while conv an asp application to
    > asp.net
    > Exception Details: System.Runtime.InteropServices.COMException: Syntax
    > error in UPDATE statement.
    >
    > Source Error:
    >
    > Line 112: MM_editCmd.ActiveConnection = MM_editConnection
    > Line 113: MM_editCmd.CommandText = MM_editQuery
    > Line 114: MM_editCmd.Execute
    > Line 115: MM_editCmd.ActiveConnection.Close
    > Line 116:
    >
    >
    > Source File: C:\Documents and Settings\amit\WebSite1\edit_location.aspx
    > Line: 114
    >
    > Stack Trace:
    >
    > [COMException (0x80040e14): Syntax error in UPDATE statement.]
    >
    > Microsoft.VisualBasic.CompilerServices.LateBinding.InternalLateCall(Object
    > o, Type objType, String name, Object[] args, String[] paramnames,
    > Boolean[] CopyBack, Boolean IgnoreReturn) +776
    >
    > Microsoft.VisualBasic.CompilerServices.NewLateBinding.LateCall(Object
    > Instance, Type Type, String MemberName, Object[] Arguments, String[]
    > ArgumentNames, Type[] TypeArguments, Boolean[] CopyBack, Boolean
    > IgnoreReturn) +193987
    > ASP.edit_location_aspx.__Render__control1(HtmlTextWriter __w,
    > Control parameterContainer) in C:\Documents and
    > Settings\amit\WebSite1\edit_location.aspx:114
    > System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer,
    > ICollection children) +98
    > System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
    > System.Web.UI.Page.Render(HtmlTextWriter writer) +27
    > System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,
    > ControlAdapter adapter) +53
    > System.Web.UI.Control.RenderControl(HtmlTextWriter writer,
    > ControlAdapter adapter) +280
    > System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +24
    >
    > The code whre the statement was declared is as follows,
    >
    > <%
    > ' *** Update Record: construct a sql update statement and execute it
    >
    > If (Trim(Request("MM_update")) <> "" And Trim(Request("MM_recordId"))
    > <> "") Then
    >
    > ' create the sql update statement
    > MM_editQuery = "update " & MM_editTable & " set "
    > For MM_i = LBound(MM_fields) To UBound(MM_fields) Step 2
    > MM_formVal = MM_fields(MM_i+1)
    > MM_typeArray = Split(MM_columns(MM_i+1),",")
    > MM_delim = MM_typeArray(0)
    > If (MM_delim = "none") Then MM_delim = ""
    > MM_altVal = MM_typeArray(1)
    > If (MM_altVal = "none") Then MM_altVal = ""
    > MM_emptyVal = MM_typeArray(2)
    > If (MM_emptyVal = "none") Then MM_emptyVal = ""
    > If (MM_formVal = "") Then
    > MM_formVal = MM_emptyVal
    > Else
    > If (MM_altVal <> "") Then
    > MM_formVal = MM_altVal
    > ElseIf (MM_delim = "'") Then ' escape quotes
    > MM_formVal = "'" & Replace(MM_formVal,"'","''") & "'"
    > Else
    > MM_formVal = MM_delim + MM_formVal + MM_delim
    > End If
    > End If
    > If (MM_i <> LBound(MM_fields)) Then
    > MM_editQuery = MM_editQuery & ","
    > End If
    > MM_editQuery = MM_editQuery & MM_columns(MM_i) & " = " & MM_formVal
    > Next
    > MM_editQuery = MM_editQuery & " where " & MM_editColumn & " = " &
    > MM_recordId
    >
    > If (Not MM_abortEdit) Then
    > ' execute the update
    > MM_editCmd = Server.CreateObject("ADODB.Command")
    > MM_editCmd.ActiveConnection = MM_editConnection
    > MM_editCmd.CommandText = MM_editQuery
    > MM_editCmd.Execute
    > MM_editCmd.ActiveConnection.Close
    >
    > If (MM_editRedirectUrl <> "") Then
    > Response.Redirect(MM_editRedirectUrl)
    > End If
    > End If
    >
    > End If
    > %>
    >
     
    Nick Malik [Microsoft], Aug 12, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. sean
    Replies:
    2
    Views:
    561
    Kevin Spencer
    Dec 2, 2003
  2. compuglobalhypermeganetz0r

    adapter update problem Syntax error in INSERT INTO statement.

    compuglobalhypermeganetz0r, Dec 8, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    843
    compuglobalhypermeganetz0r
    Dec 8, 2003
  3. Mark Sandfox
    Replies:
    1
    Views:
    3,415
    Mark Sandfox
    May 7, 2004
  4. Robert Mark Bram

    Syntax error in UPDATE statement- asp/jscript

    Robert Mark Bram, Oct 21, 2003, in forum: ASP General
    Replies:
    2
    Views:
    308
    Ray at
    Oct 21, 2003
  5. Maximus

    Syntax Error in SQL Update Statement

    Maximus, Feb 26, 2007, in forum: ASP General
    Replies:
    3
    Views:
    139
    Bob Barrows [MVP]
    Feb 26, 2007
Loading...

Share This Page