Insert into msAccess problems


C

chumley

I'm using Access dbase for a simple insertion, when i post from my
form page into my insertion script, i get error at the
StrConnz.Execute (StrSql) command line of the query needs to be
updateable type:
Microsoft JET Database Engine error '80004005'
Operation must use an updateable query.
/providerform/fo-add.asp, line 25

'''''''''''''''''
<%@ LANGUAGE="VBSCRIPT"%>
<%Response.Buffer = True%>
<%
dim dsn,StrConnz
dsn="Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" &
Server.MapPath("fo1.mdb")
Set StrConnz = Server.CreateObject("ADODB.Connection")
StrConnz.Open dsn

dim strSql
strSql = "insert into tblMain
(LastName,FirstName,fund,Industry,Company) values ('"
strSql = StrSql & replace(Request.Form("LastName"),"'","''") & "', '"
strSql = StrSql & Request.Form("FirstName") & "', '"
strSql = StrSql & Request.Form("fund") & "','"
strSql = StrSql & Request.Form("Industry") & "', '"
strSql = StrSql & Request.Form("Company") & "')"
StrConnz.Execute (StrSql) %>

not sure why as i am connecting properly to dbase

???
chumley
 
Ad

Advertisements

B

Bob Barrows

chumley said:
I'm using Access dbase for a simple insertion, when i post from my
form page into my insertion script, i get error at the
StrConnz.Execute (StrSql) command line of the query needs to be
updateable type:
Microsoft JET Database Engine error '80004005'
Operation must use an updateable query.
/providerform/fo-add.asp, line 25

'''''''''''''''''
<%@ LANGUAGE="VBSCRIPT"%>
<%Response.Buffer = True%>
<%
dim dsn,StrConnz
dsn="Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" &
Server.MapPath("fo1.mdb")
Set StrConnz = Server.CreateObject("ADODB.Connection")
StrConnz.Open dsn

dim strSql
strSql = "insert into tblMain
(LastName,FirstName,fund,Industry,Company) values ('"
strSql = StrSql & replace(Request.Form("LastName"),"'","''") & "', '"
strSql = StrSql & Request.Form("FirstName") & "', '"
strSql = StrSql & Request.Form("fund") & "','"
strSql = StrSql & Request.Form("Industry") & "', '"
strSql = StrSql & Request.Form("Company") & "')"
StrConnz.Execute (StrSql) %>
http://www.aspfaq.com/show.asp?id=2062

Further points to consider:
Your use of dynamic sql is leaving you vulnerable to hackers using sql
injection:
http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23

See here for a better, more secure way to execute your queries by using
parameter markers:
http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36562fee7804e

Personally, I prefer using stored procedures, or saved parameter queries
as
they are known in Access:

Access:
http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&[email protected]

http://groups.google.com/groups?hl=...=1&[email protected]
 
Ad

Advertisements

D

Dan

chumley said:
I'm using Access dbase for a simple insertion, when i post from my
form page into my insertion script, i get error at the
StrConnz.Execute (StrSql) command line of the query needs to be
updateable type:
Microsoft JET Database Engine error '80004005'
Operation must use an updateable query.
/providerform/fo-add.asp, line 25

'''''''''''''''''
<%@ LANGUAGE="VBSCRIPT"%>
<%Response.Buffer = True%>
<%
dim dsn,StrConnz
dsn="Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" &
Server.MapPath("fo1.mdb")
Set StrConnz = Server.CreateObject("ADODB.Connection")
StrConnz.Open dsn

dim strSql
strSql = "insert into tblMain
(LastName,FirstName,fund,Industry,Company) values ('"
strSql = StrSql & replace(Request.Form("LastName"),"'","''") & "', '"
strSql = StrSql & Request.Form("FirstName") & "', '"
strSql = StrSql & Request.Form("fund") & "','"
strSql = StrSql & Request.Form("Industry") & "', '"
strSql = StrSql & Request.Form("Company") & "')"
StrConnz.Execute (StrSql) %>

not sure why as i am connecting properly to dbase

???
chumley

As well as Bob's recommendation of using parameterised queries, also check
that the ASP application has write permission to the folder that the mdb
file is located in (if not then the database is opened as read only. Is
tblMain a table, or a query? If it's a query, it will be unupdateable if any
of the tables involved don't have a primary key, or if you are using any
joins other than INNER.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top