Insert Request.QueryString into SQL statement

[TribeMan]

Having problem with inserting a numeric value returned from a URL:

dim recordNo 
recordNo = Request.QueryString("record")

Here is the relevent part of the SQL statement:

"FROM listing, country, kind, condition "&_
"WHERE listing.listing_ID = recordNo "&_
"AND country.country_ID = listing.country_ID "&_

Probably some simple syntax error in the middle line of the SQL statement. Anyone help out?

 

[MarkSweetland]

Generally a bad idea to use SQL in this manner. Look up SQL injection.

But if you must, then

" FROM listing, country, kind, condition " &_
" WHERE listing.listing_ID =[red]" & recordNo [/red] &_
" AND country.country_ID = listing.country_ID " &_

Mark

"You guys pair up in groups of three, then line up in a circle."
- Bill Peterson, a Florida State football coach

 

[TribeMan]

Hmmn.. I now have the code working with slightly different syntax:

"WHERE listing.listing_ID =[COLOR=red]" & recordNo & "[/color] "&_
"AND country.country_ID = listing.country_ID "&_

And thanks, I'll look up SQL injection.