Insert into msAccess problems

Discussion in 'ASP General' started by chumley, Feb 25, 2010.

  1. chumley

    chumley Guest

    I'm using Access dbase for a simple insertion, when i post from my
    form page into my insertion script, i get error at the
    StrConnz.Execute (StrSql) command line of the query needs to be
    updateable type:
    Microsoft JET Database Engine error '80004005'
    Operation must use an updateable query.
    /providerform/fo-add.asp, line 25

    '''''''''''''''''
    <%@ LANGUAGE="VBSCRIPT"%>
    <%Response.Buffer = True%>
    <%
    dim dsn,StrConnz
    dsn="Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" &
    Server.MapPath("fo1.mdb")
    Set StrConnz = Server.CreateObject("ADODB.Connection")
    StrConnz.Open dsn

    dim strSql
    strSql = "insert into tblMain
    (LastName,FirstName,fund,Industry,Company) values ('"
    strSql = StrSql & replace(Request.Form("LastName"),"'","''") & "', '"
    strSql = StrSql & Request.Form("FirstName") & "', '"
    strSql = StrSql & Request.Form("fund") & "','"
    strSql = StrSql & Request.Form("Industry") & "', '"
    strSql = StrSql & Request.Form("Company") & "')"
    StrConnz.Execute (StrSql) %>

    not sure why as i am connecting properly to dbase

    ???
    chumley
     
    chumley, Feb 25, 2010
    #1
    1. Advertisements

  2. chumley

    Bob Barrows Guest

    http://www.aspfaq.com/show.asp?id=2062

    Further points to consider:
    Your use of dynamic sql is leaving you vulnerable to hackers using sql
    injection:
    http://mvp.unixwiz.net/techtips/sql-injection.html
    http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23

    See here for a better, more secure way to execute your queries by using
    parameter markers:
    http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36562fee7804e

    Personally, I prefer using stored procedures, or saved parameter queries
    as
    they are known in Access:

    Access:
    http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=

    http://groups.google.com/groups?hl=...=1&selm=
     
    Bob Barrows, Feb 25, 2010
    #2
    1. Advertisements

  3. chumley

    Dan Guest

    As well as Bob's recommendation of using parameterised queries, also check
    that the ASP application has write permission to the folder that the mdb
    file is located in (if not then the database is opened as read only. Is
    tblMain a table, or a query? If it's a query, it will be unupdateable if any
    of the tables involved don't have a primary key, or if you are using any
    joins other than INNER.
     
    Dan, Feb 25, 2010
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.