Welcome to WebmasterWorld Guest from 54.163.115.193

Forum Moderators: ocean10000

Insert New Record

   
4:27 pm on Feb 25, 2005 (gmt 0)

10+ Year Member



Hi All
This answer will probably be a doddle for you clever lot.
I have created a table on ms sql server and i am trying to follow the w3schools below.

[w3schools.com...]

So Far so good, but i cant seem to create new records?
There are 3 fields 1 being id that is an "int" and i have set it as table indentity column in the manage indexes.
Have i done all right, what have i done wrontg.

4:43 pm on Feb 25, 2005 (gmt 0)

10+ Year Member



Leave the identity column out of the insert statement. It'll get set automatically.
4:51 pm on Feb 25, 2005 (gmt 0)

10+ Year Member



Hi
This is what i have done
sql="INSERT INTO Users (Fname,Lname"
sql=sql & "Fname,Lname)"
sql=sql & " VALUES "
sql=sql & "('" & Request.Form("Fname") & "',"
sql=sql & "'" & Request.Form("Lname") & "',"
on error resume next
objconn.Execute sql,recaffected
if err<>0 then
Response.Write("No update permissions!")
else
Response.Write("<h3>" & recaffected & " record added</h3>")
end if
objconn.close
%>

Which in the info on the form, why doesnt it go into my db?

5:22 pm on Feb 25, 2005 (gmt 0)

10+ Year Member



The sql string you're building has all sorts of syntax errors - column names duplicated, commas in the wrong place, missing closing paren, etc.

Print out the string you've built and see if you can execute the query directly in SQL Query Analyzer or Access or whatever you're using.

Or, better yet, figure out what the SQL query needs to look like using Query Analyzer or Access, then change the code so that it builds that string for you.

5:34 pm on Feb 25, 2005 (gmt 0)

10+ Year Member



i have copied the query exactly as the web site has shown, so how can it be wrong?
9:40 pm on Feb 25, 2005 (gmt 0)

10+ Year Member



sql="INSERT INTO Users (Fname,Lname) "
sql=sql & " VALUES "
sql=sql & "('" & Request.Form("Fname") & "',"
sql=sql & "'" & Request.Form("Lname") & "')"
2:24 pm on Feb 27, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Just a suggestion...

This technique

sql=sql & "('" & Request.Form("Fname") & "',"

could potentially get you into trouble.

I'd suggest isolating the request items in variables, checking them for illegal characters and then processing them into your sql command accordingly.

9:29 pm on Feb 28, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



If you are using SQL server, you can avoid that technique of creating SQL altogether and just use stored procedures.

They are much simpler to write & debug, execute faster and more secure.

Create dbo.User_SAVE
@Fname varchar(25),
@Lname varchar(25)
AS
INSERT INTO Users (Fname,LName)
VALUES(@Fname,@LName)
GO

Then in the ASP:

objConn.Execute ("exec dbo.User_SAVE " & Request.Form("Fname") & " " & Request.Form("Lname") )

 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month