Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Request.QueryString problem 1

Status
Not open for further replies.
ziggs

ziggs

Technical User
Sep 21, 2000
195
0
0
US
I cannot get the Request.Query string to work on a particular database that I'm drawing from. I believe the problem is because the field in the database that I'm drawing from is two words. In this example, the two words for the field is Street Number. I tried a query string for the phone number since the name of the field is one word, phone. That worked, so I'm guessing my querystring doesn't like the two word format. Is there a fix I can set up.

BTW, I'm drawing off a MS Access doc for now. However, I will drawing off of the same databases in SQL Server later.

Here's my Select and querystring:

this does not work for

SQL1 = "SELECT * From tbl_Business"
SQL1 = SQL1 & " Where Street Number = '" & (Request.QueryString ("dig")) & "'"
set rs = my_conn.Execute(SQL1)

Here's the error message:

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'Street Number = '''.

/TestServer/business.asp, line 39


This does work:

SQL1 = "SELECT * From tbl_Business"
SQL1 = SQL1 & " Where phone= '" & (Request.QueryString ("phone")) & "'"
set rs = my_conn.Execute(SQL1)
 
Sort by date Sort by votes
Hi Ziggs,
Try
SQL1 = SQL1 & " Where (Street Number = '" & (Request.QueryString ("dig")) & "')"

Add () inside your Where statement. My only other thought is if Street Number is stored as an integer then you might want to add int(Request.QueryString ("dig")), because I think Form values always get passed as strings.

HTH,
Earme
 
Upvote 0 Downvote
did not work. New error message is:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression '(Street Name = '1491')'.

/TestServer/business.asp, line 39

It is an integer value. Good point. However, I still have the same problem when I use Street Name which is my next step. Street Name is a text field and same error message with the () suggestion.

Now, do I use integer as
SQL1 = SQL1 & " Where (Street Number = '" & int(Request.QueryString ("dig")) & "')"


 
Upvote 0 Downvote
Hmmm, maybe try to get rid of the ' ' around the number.
So it becomes
SQL1 = SQL1 & " Where (Street Number = " & (Request.QueryString ("dig")) & ")"

I'd still try the int too, and the way you presented it is correct.

HTH,
Earme
 
Upvote 0 Downvote
To make this easier, I'm using the field Street Name instead of Street Number to avoid the integer possibility. Anyway, no luck with:

SQL = SQL1 & " Where (Street Name = "& (Request.QueryString ("street")) & ")"

Same error message with
'(Street Name = main)'.

I hope I can figure this out, I can't change the database name on the production server. That would be the easiest fix. When I created it in Access, I did not have a problem.
 
Upvote 0 Downvote
Try:
SQL1 = "SELECT * From tbl_Business"
SQL1 = SQL1 & " Where Street Number = " & cint(Request.QueryString ("dig"))
 
Upvote 0 Downvote
Honestly, though, couldn't you just adjust the name in your database... It's not good practice to put spaces in there, anyway. It only causes headaches.

**notes all the headaches it's causing**

;-)

 
Upvote 0 Downvote
link9, I'd love to change the database, but do not have control of the production DB. The system admin will not change it for me since he'd have to change a whole bunch of other non asp issues :)

NiteCrawlr

No luck with that either :(

 
Upvote 0 Downvote
ok, maybe it's getting hung up on the space in "Street Name"?
Maybe try to put `` around that (` is the on just to the left of the 1 on your keyboard).

SQL = SQL1 & " Where (`Street Name` = "& (Request.QueryString ("street")) & ")"
 
Upvote 0 Downvote
No luck there :(

too few parameters. Expected 1
 
Upvote 0 Downvote
I think there are too many quotes in your code and you forgot to place []'s around the column name.

Code: 
SQL = SQL1 & " Where (
`
Code: 
Street Name
`[/code] = "& (Request.QueryString ("street")) & ")"
[/code]

When you remove the quotes around 'street name' AND remove the space in your column name (or use [street name] to include the space in the column name) then you SQL should work.

The correct one would be

Code: 
SQL1 = SQL1 & " Where ([Street Name] = '" &
Replace(Request.QueryString ("street"), "'", "''") & "')"

Yours,

Rob.
 
Upvote 0 Downvote
Thanks RobV and all, the replace feature did the trick. Last problem and then I'll be done with this thread. I still have to draw off a field called "street number" which is a number field in MS access. Thus, the following does not work:

SQL1 = "SELECT * From tbl_Business "
SQL1 = SQL1 & " Where ([Street Number] = '" & Replace(Request.QueryString ("dig"), "'", "''") & "')"

I tried the cint feature as someone suggested earlier but I'm probably inserting it in the wrong place. I've tried several different ways without success. Thanks
 
Upvote 0 Downvote
Mm. I didn't notice that Street number would be a numeric value. In that case you can leave out quite a lot. The notation for SQL statements is a bit different for matching strings or values:

strings:
Code: 
SELECT * FROM Table WHERE ColumnName = '<string content>'
values:
Code: 
SELECT * FROM Table WHERE ColumnName = <value>

This means that the surrounding quotes in your SQL-statement should be removed:

Code: 
SQL1 = &quot;SELECT * From tbl_Business &quot;
SQL1 = SQL1 & &quot; Where ([Street Number] = &quot; & Clng(Request.QueryString(&quot;dig&quot;)) & &quot;)&quot;

The CLng() is not required, but that makes your code more robust (it will raise an error if the querystring was not a numeric value and thus will beat a simple hacker).

The Replace statement is only required for matching string values. Mind that you have to enclose a string constant in SQL with single quotes. To make sure that the SQL is correct with strings containing the quote-escape themselves, you have to escape the quotes in the value, so that:

Code: 
SQL1 = &quot;SELECT * FROM tbl_Business WHERE ([street name] = 'Abbey's Road')
(which is illegal) becomes
Code: 
SQL1 = &quot;SELECT * FROM tbl_Business WHERE ([street name] = 'Abbey''s Road')
Which is as it should be

Note that double-single-quotes are treated as a single quote inside the string. Yours,

Rob.
 
Upvote 0 Downvote
Try this:
SQL1 = "SELECT * From tbl_Business"
SQL1 = SQL1 & " Where tbl_Business.[Street Number] = " & "'" & Request.QueryString("dig") & "'"

Hope this helps.
 
Upvote 0 Downvote
If that doesn't work try:

Myqrystr=request.querystring("dig")
SQL1 = "SELECT * From tbl_Business"
SQL1 = SQL1 & " Where tbl_Business.[Street Number] = " & "'" & Myqrystr & "'"

 
Upvote 0 Downvote
Just a note that the post you're replying to was from March of 2001. :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

leifoet
  • Locked
  • Question
Problem: sql-Select with request.form
2
Replies
22
Views
192
leifoet
leifoet
leifoet
  • Locked
  • Question
How to log in without a popup problem?
Replies
3
Views
54
ggriffit
ggriffit
ZeeHashmi
  • Locked
  • Question
ASP : Email Body UTF-8 Problem
Replies
3
Views
112
ZeeHashmi
ZeeHashmi
leifoet
  • Locked
  • Question
Problem with updating database reords.
2
Replies
31
Views
226
leifoet
leifoet
leifoet
  • Locked
  • Question
Convert Word text with images to html (problems)
Replies
1
Views
60
leifoet
leifoet

Part and Inventory Search

Sponsor

Back
Top