try if Emp_id varchar type
sql="SELECT * FROM Employee WHERE Emp_Id LIKE '%" & strId & "'"
or if Emp_Id long value
sql="SELECT * FROM Employee WHERE Emp_Id LIKE %" & strId

hey i tried both ur suggestions but erm..the button doesn respond.
I did a response.write request.form
and it doesnt return anything

try this
If Request.Form("Submit") = "Go" Then

Here's what I would change:
*remove the name attribute from the input type=submit tag.
*retrieve just the value of the text1. The code I put in will make sure you have a string to check regardless of whether anything was posted or not.
*check to see if the string is not empty. THis will guard you from retrieving everything in your table as well as check to see if something has been typed in.

...
<form name="form1" method="post" action="SelectEmployee.asp"> 
Employee ID: <INPUT id=text1 name=text1 size="10"> 
[b]<input type="submit" value="Go">[/b]
<select name="Employee_Id"> 
<% 
strId = [b]Trim(Request.Form("text1")&"")[/b]
If [b](strId <> "")[/b] Then 
...

-=casey=-

Probably the most effective way to check for posted data is to check to see if there is anything even in the Form's collection.

Instead of:
If Request.Form("Submit") = "go" Then

Do:
If Request.Form.Count > 0 Then

Also, this line:
if rs.fields("Emp_Id")= strId then
seems to be comparing a numerical value with a string value. If the field in your database is indeed numerical, change the line to:
if CStr(rs.fields("Emp_Id"))= strId then

Thanks for all the replies.

As a side note consider validating the strId variable on the server side for SQL injection stuff before appending it to your query. Because your doing pass thru sql someone could pass in extra queries to hurt your performance.

So say a user enters this into text1:
' select * from sysusers --

Your query would be adjusted to this:
SELECT * FROM Employee WHERE Emp_Id LIKE '%&' select * from sysusers -- ' strId&'

Or worse what if they pass in an endless loop?

see if this works for you. I was able to access the form submit button value:

<%
For each x in Request.Form
Response.Write x & ": " & Request.Form(x) & "<br>"
Next

Response.Write "<br><br>"

Response.Write "Form Button Value -->" & REquest.Form("go")
%>
<form name="test" method="post">
<input type="text" name="a"><input type="submit" name="go" value="go">
</form>

I'm sorry, but what do you think any database driver would do with this?

SELECT * FROM Employee WHERE Emp_Id LIKE '%&' select * from sysusers -- ' strId&'

Throw an error...

Security concern is healthy, paranoia isn't.

The issue I was pointing out was performance not security although some would argue this as both. That code throws an error only because of syntax. Too, there is no harm/paranoia in suggesting a best practices approach to prevent a user from executing code w/o your knowledge.

sql="SELECT * FROM Employee WHERE Emp_Id LIKE '%&strId&' "

should be

sql="SELECT * FROM Employee WHERE Emp_Id LIKE '% " & strId & " '"

My take is that a user could execute queries w/o your knowledge and therefore impact your performance. I'm not saying that the results of the second query would be displayed. It's obvious that they won't.

This code illustrates that the 2nd query executes when passing in ' select * from sysusers --

strId = Request.Form("text1")
sql="SELECT * FROM Employee WHERE Emp_Id LIKE '% " & strId & " '"

Set oCNN = Server.CreateObject("adodb.connection")
oCNN.Open Application("DB_CONN_STRING")

Set oRST = Server.CreateObject("adodb.recordset")
With oRST
.Open sql, oCNN, adOpenForwardOnly, adLockReadOnly

If Not .EOF Then
aItems = .GetRows()
Else
aItems = Null
End If
End With

Set rs2 = oRST.NextRecordset
aItems2 = rs2.GetRows()

For i = lbound(aItems2,2) To ubound(aItems2,2)
Response.Write (aItems2(0,i)) & "<br>"
Next

I was away during the holidays..
Thanks for all the replies.

Easy_Coder: you have a point, but I think the solution is not the correct one. If you'd do it right, you change the line to:

sql="SELECT * FROM Employee WHERE Emp_Id LIKE '%" & Replace(strId, "'", "''") & "'"

This way you won't get an error when someone enters a quote, which is good practice anyway, and it also prevents anything undesired being executed.