syntax error in update statement in vb.net

A

amitbadgi

HI i am getting the foll error while conv an asp application to
asp.net
Exception Details: System.Runtime.InteropServices.COMException: Syntax
error in UPDATE statement.

Source Error:

Line 112: MM_editCmd.ActiveConnection = MM_editConnection
Line 113: MM_editCmd.CommandText = MM_editQuery
Line 114: MM_editCmd.Execute
Line 115: MM_editCmd.ActiveConnection.Close
Line 116:


Source File: C:\Documents and Settings\amit\WebSite1\edit_location.aspx
Line: 114

Stack Trace:

[COMException (0x80040e14): Syntax error in UPDATE statement.]

Microsoft.VisualBasic.CompilerServices.LateBinding.InternalLateCall(Object
o, Type objType, String name, Object[] args, String[] paramnames,
Boolean[] CopyBack, Boolean IgnoreReturn) +776

Microsoft.VisualBasic.CompilerServices.NewLateBinding.LateCall(Object
Instance, Type Type, String MemberName, Object[] Arguments, String[]
ArgumentNames, Type[] TypeArguments, Boolean[] CopyBack, Boolean
IgnoreReturn) +193987
ASP.edit_location_aspx.__Render__control1(HtmlTextWriter __w,
Control parameterContainer) in C:\Documents and
Settings\amit\WebSite1\edit_location.aspx:114
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer,
ICollection children) +98
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.Page.Render(HtmlTextWriter writer) +27
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,
ControlAdapter adapter) +53
System.Web.UI.Control.RenderControl(HtmlTextWriter writer,
ControlAdapter adapter) +280
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +24

The code whre the statement was declared is as follows,

<%
' *** Update Record: construct a sql update statement and execute it

If (Trim(Request("MM_update")) <> "" And Trim(Request("MM_recordId"))
<> "") Then

' create the sql update statement
MM_editQuery = "update " & MM_editTable & " set "
For MM_i = LBound(MM_fields) To UBound(MM_fields) Step 2
MM_formVal = MM_fields(MM_i+1)
MM_typeArray = Split(MM_columns(MM_i+1),",")
MM_delim = MM_typeArray(0)
If (MM_delim = "none") Then MM_delim = ""
MM_altVal = MM_typeArray(1)
If (MM_altVal = "none") Then MM_altVal = ""
MM_emptyVal = MM_typeArray(2)
If (MM_emptyVal = "none") Then MM_emptyVal = ""
If (MM_formVal = "") Then
MM_formVal = MM_emptyVal
Else
If (MM_altVal <> "") Then
MM_formVal = MM_altVal
ElseIf (MM_delim = "'") Then ' escape quotes
MM_formVal = "'" & Replace(MM_formVal,"'","''") & "'"
Else
MM_formVal = MM_delim + MM_formVal + MM_delim
End If
End If
If (MM_i <> LBound(MM_fields)) Then
MM_editQuery = MM_editQuery & ","
End If
MM_editQuery = MM_editQuery & MM_columns(MM_i) & " = " & MM_formVal
Next
MM_editQuery = MM_editQuery & " where " & MM_editColumn & " = " &
MM_recordId

If (Not MM_abortEdit) Then
' execute the update
MM_editCmd = Server.CreateObject("ADODB.Command")
MM_editCmd.ActiveConnection = MM_editConnection
MM_editCmd.CommandText = MM_editQuery
MM_editCmd.Execute
MM_editCmd.ActiveConnection.Close

If (MM_editRedirectUrl <> "") Then
Response.Redirect(MM_editRedirectUrl)
End If
End If

End If
%>
 
N

Nick Malik [Microsoft]

note that you are very susceptible to a type of malicious attack called SQL
Injection with the code below. You need to use parameters instead of
building your SQL statement this way.

The error is caused because the SQL statement that you are submitting to the
database is not valid. Look at it in the debugger and see if you can see
the error. You didn't post the actual SQL statement, so it is hard for me
to help.

--
--- Nick Malik [Microsoft]
MCSD, CFPS, Certified Scrummaster
http://blogs.msdn.com/nickmalik

Disclaimer: Opinions expressed in this forum are my own, and not
representative of my employer.
I do not answer questions on behalf of my employer. I'm just a
programmer helping programmers.
--
HI i am getting the foll error while conv an asp application to
asp.net
Exception Details: System.Runtime.InteropServices.COMException: Syntax
error in UPDATE statement.

Source Error:

Line 112: MM_editCmd.ActiveConnection = MM_editConnection
Line 113: MM_editCmd.CommandText = MM_editQuery
Line 114: MM_editCmd.Execute
Line 115: MM_editCmd.ActiveConnection.Close
Line 116:


Source File: C:\Documents and Settings\amit\WebSite1\edit_location.aspx
Line: 114

Stack Trace:

[COMException (0x80040e14): Syntax error in UPDATE statement.]

Microsoft.VisualBasic.CompilerServices.LateBinding.InternalLateCall(Object
o, Type objType, String name, Object[] args, String[] paramnames,
Boolean[] CopyBack, Boolean IgnoreReturn) +776

Microsoft.VisualBasic.CompilerServices.NewLateBinding.LateCall(Object
Instance, Type Type, String MemberName, Object[] Arguments, String[]
ArgumentNames, Type[] TypeArguments, Boolean[] CopyBack, Boolean
IgnoreReturn) +193987
ASP.edit_location_aspx.__Render__control1(HtmlTextWriter __w,
Control parameterContainer) in C:\Documents and
Settings\amit\WebSite1\edit_location.aspx:114
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer,
ICollection children) +98
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.Page.Render(HtmlTextWriter writer) +27
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,
ControlAdapter adapter) +53
System.Web.UI.Control.RenderControl(HtmlTextWriter writer,
ControlAdapter adapter) +280
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +24

The code whre the statement was declared is as follows,

<%
' *** Update Record: construct a sql update statement and execute it

If (Trim(Request("MM_update")) <> "" And Trim(Request("MM_recordId"))
<> "") Then

' create the sql update statement
MM_editQuery = "update " & MM_editTable & " set "
For MM_i = LBound(MM_fields) To UBound(MM_fields) Step 2
MM_formVal = MM_fields(MM_i+1)
MM_typeArray = Split(MM_columns(MM_i+1),",")
MM_delim = MM_typeArray(0)
If (MM_delim = "none") Then MM_delim = ""
MM_altVal = MM_typeArray(1)
If (MM_altVal = "none") Then MM_altVal = ""
MM_emptyVal = MM_typeArray(2)
If (MM_emptyVal = "none") Then MM_emptyVal = ""
If (MM_formVal = "") Then
MM_formVal = MM_emptyVal
Else
If (MM_altVal <> "") Then
MM_formVal = MM_altVal
ElseIf (MM_delim = "'") Then ' escape quotes
MM_formVal = "'" & Replace(MM_formVal,"'","''") & "'"
Else
MM_formVal = MM_delim + MM_formVal + MM_delim
End If
End If
If (MM_i <> LBound(MM_fields)) Then
MM_editQuery = MM_editQuery & ","
End If
MM_editQuery = MM_editQuery & MM_columns(MM_i) & " = " & MM_formVal
Next
MM_editQuery = MM_editQuery & " where " & MM_editColumn & " = " &
MM_recordId

If (Not MM_abortEdit) Then
' execute the update
MM_editCmd = Server.CreateObject("ADODB.Command")
MM_editCmd.ActiveConnection = MM_editConnection
MM_editCmd.CommandText = MM_editQuery
MM_editCmd.Execute
MM_editCmd.ActiveConnection.Close

If (MM_editRedirectUrl <> "") Then
Response.Redirect(MM_editRedirectUrl)
End If
End If

End If
%>
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

syntax error while converting asp to asp.net 5
Javascript on ASP Survey Page 1
Help ASP; get last inserted value from one table, insert multiple rows in another table. 1
Microsoft VBScript & JScript Help 1
asp to asp.net error 3
MS SQL ASP Update timestamp 4
Abort Edit Issue 0
syntax error in query expression in vb.net 1

Members online

Total: 44 (members: 4, guests: 40)
Robots: 464

Forum statistics

Threads
473,768
Messages
2,569,575
Members
45,054
Latest member
LucyCarper

Latest Threads

Top