M
MasterChief
I have a form that uses the POST method to call up test.asp and it
passes what is typed into the text box. Since is uses the Like command
the user can enter stuff like %Constant% to get something that is like
what the user typed in. When I call up the test.asp page it is grabbing
the text fine but isn't running the SQL command the correct way. The
SQL command ends up being
SELECT * FROM [Everyone] WHERE (Name LIKE ':: & strName & ::')
Here is my code
strName = Request.Form("Search")
Set Conn = Server.CreateObject("ADODB.Connection")
Set Rs = Server.CreateObject("ADODB.RecordSet")
Conn.Open "PhoneList"
sSQL = "SELECT * FROM [Everyone] WHERE (Name LIKE ':: & strName & ::')"
Set Rs = Conn.Execute(sSQL)
passes what is typed into the text box. Since is uses the Like command
the user can enter stuff like %Constant% to get something that is like
what the user typed in. When I call up the test.asp page it is grabbing
the text fine but isn't running the SQL command the correct way. The
SQL command ends up being
SELECT * FROM [Everyone] WHERE (Name LIKE ':: & strName & ::')
Here is my code
strName = Request.Form("Search")
Set Conn = Server.CreateObject("ADODB.Connection")
Set Rs = Server.CreateObject("ADODB.RecordSet")
Conn.Open "PhoneList"
sSQL = "SELECT * FROM [Everyone] WHERE (Name LIKE ':: & strName & ::')"
Set Rs = Conn.Execute(sSQL)