Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Updating a database 1

Status
Not open for further replies.
Bodhi147

Bodhi147

MIS
Jan 24, 2003
17
US
Intern who needs a little help,

All I want to do is have the user enter their name then click on the submit button and it will update a database. I am stuck.

Help would be greatly appreciated
Thanks

<html>

<head>
<title>New Page 1</title>
</head>

<body>
<%
Dim Name, data_source, con, sql_insert, database_type
Name=Request.Form(&quot;Name&quot;)

data_source = &quot;Provider=Microsoft.Jet.OLEDB.4.0;&quot; & _
&quot;Data Source=a:Completed.mdb;&quot; & _
&quot;Persist Security Info=False&quot;
sql_insert = &quot;insert into Users (Name)&quot;

Set con = Server.CreateObject(&quot;ADODB.Connection&quot;)
con.Open data_source
con.Execute sql_insert

con.Close
set con = Nothing

Response.Write &quot;You entered: &quot; & Name
%>
</body>
</html>
 
Sort by date Sort by votes
try
sql_insert = &quot;insert into Users VALUES(Name)&quot;

also a bit of advice. never name a field Name or a variable. this is a very widly used built in method to extract data from objects, making it a possible restrcted word for use in such naming practices.
_______________________________________________
{ str = &quot;sleep is good for you. sleep gives you the energy you need to function&quot;;
ptr = /sleep/gi;Nstr = str.replace(ptr,&quot;coffee&quot;);alert(Nstr); }
_______________________________________________
for the best results to your questions: FAQ333-2924
has you're questio
 
Upvote 0 Downvote
Two additonal corrections, unless Name is the only field in your table you will need to specify it after your table name like so:
&quot;INSERT INTO Users(Name) Values...&quot;

Which brings me to the second correction, the Values portion should have the actual variable with the name in it concatenated in, like so:
&quot;INSERT INTO Users(Name) VALUES('&quot; & Name & &quot;')&quot;

The single quotes around the value we are inserting tells the database that this is a string.

One more addition, if you have someone with the name O'Brian than your going to receive an error because the db will see the single quote and think you are done with the string. Then it will see the rest of the string and give you a syntax error. The other problem is that not replacing single quotes can leave you vulnerable for a SQL injection attack, so it would be best if you were to replace the single quotes with the escape character for single quotes (which happnes to be two single quotes in a row.):
&quot;INSERT INTO Users(Name) VALUES('&quot; & Replace(Name,&quot;'&quot;,&quot;''&quot; & &quot;')&quot;

Hope that helps,
-Tarwn ________________________________________________________________________________
Want to get great answers to your Tek-Tips questions? Have a look at faq333-2924
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

penguinspeaks
  • Locked
  • Question
Parse a database field that is comma delimited and input the results into another table
Replies
0
Views
363
penguinspeaks
penguinspeaks
leifoet
  • Locked
  • Question
Wrong code in a href ?
Replies
1
Views
371
leifoet
leifoet
leifoet
  • Locked
  • Question
How to check if a datatable is empty ?
Replies
0
Views
387
leifoet
leifoet
bslintx2021
  • Locked
  • Question
How to configure IIS 10 server to allow Classic ASP to connect to MSSQL server database on a domain
Replies
1
Views
845
penguinspeaks
penguinspeaks
penguinspeaks
  • Locked
  • Question
Start loop from a specified point
Replies
0
Views
343
penguinspeaks
penguinspeaks

Part and Inventory Search

Sponsor

Back
Top