Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Insert Request.QueryString into SQL statement

Status
Not open for further replies.

TribeMan

Programmer
Nov 16, 2009
22
IL
Having problem with inserting a numeric value returned from a URL:

Code:
dim recordNo 
recordNo = Request.QueryString("record")

Here is the relevent part of the SQL statement:

Code:
"FROM listing, country, kind, condition "&_
"WHERE listing.listing_ID = recordNo "&_
"AND country.country_ID = listing.country_ID "&_

Probably some simple syntax error in the middle line of the SQL statement. Anyone help out?
 

Generally a bad idea to use SQL in this manner. Look up SQL injection.

But if you must, then
Code:
" FROM listing, country, kind, condition " &_
" WHERE listing.listing_ID =[red]" & recordNo [/red] &_
" AND country.country_ID = listing.country_ID " &_


Mark

"You guys pair up in groups of three, then line up in a circle."
- Bill Peterson, a Florida State football coach
 
Hmmn.. I now have the code working with slightly different syntax:
Code:
"WHERE listing.listing_ID =[COLOR=red]" & recordNo & "[/color] "&_
"AND country.country_ID = listing.country_ID "&_
And thanks, I'll look up SQL injection.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top