Using ASP and INSERT INTO -
I am trying to create a simple page that enters data into a database and my code is below.
<%@ LANGUAGE="VBSCRIPT" %>
<% Option Explicit %>
<!--#include FILE=dbcano.inc-->
<%
dim username,password,f_name,l_name,objConn,objs,query
username = Request.Form("user")
password = Request.Form("pass")
f_name = Request.Form("fname")
l_name = Request.Form("lname")
if((f_name <> null) or (f_name <> "")) then
response.redirect("patti_account.asp")
else
Set objConn = ConnectDB()
query = "INSERT INTO user (username,password,f_name,l_name) VALUES ('"& username &"','"& password &"','"& f_name &"','"& l_name &"')"
Set objs = objConn.Execute(query)
Response.Redirect ("thankyou.asp")
end if
%>
I am getting this error when starting my page:
Microsoft OLE DB Provider for SQL Server Error "80040e14"
Incorrect syntax near the keyword 'User'.
create_account.asp, line 18
I have checked everything, my field names exist and my table name is correct as well.
Any suggestions?
0
source to share
3 answers
Try changing it to:
query = "INSERT INTO [user] (username,password,f_name,l_name) VALUES ('"& username &"','"& password &"','"& f_name &"','"& l_name &"')"
(remove the table name as it is a reserved word)
Also, do not forget to validate your keyboard input as this code is susceptible to SQL injection attacks.
+1
source to share