SQL insert that is not working - Webmaster General forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

SQL insert that is not working

Blelisa

3:04 pm on Jun 15, 2005 (gmt 0)

10+ Year Member

Hello all,
I have a asp form that insert visitors info into my sql database. I can get into the database okay but it is not inserting the info.
When I click on submit I get an error saying there is an error in my syntax on line 20.
Below is my code and I am not sure what is wrong with l ine 20. Can anyone help? Thanks!
<%
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.ConnectionString = "DRIVER={MySQL ODBC 3.51 Driver};SERVER=mysql.omnis.com;DATABASE=syner008;USER=syner008;PASSWORD=power2;OPTION=3;"
objConn.Open

sql="INSERT INTO [visitors] ([cmpname], [address], [city], [state], [zip], [number], [contact], [email], [pwrd], [username])"
sql=sql & "VALUES"
sql=sql & "('" & Request.Form("cmpname") & "',"
sql=sql & "'" & Request.Form("address") & "',"
sql=sql & "'" & Request.Form("city") & "',"
sql=sql & "'" & Request.Form("state") & "',"
sql=sql & "'" & Request.Form("zip") & "',"
sql=sql & "'" & Request.Form("number") & "',"
sql=sql & "'" & Request.Form("contact") & "',"
sql=sql & "'" & Request.Form("email") & "',"
sql=sql & "'" & Request.Form("pwrd") & "',"
sql=sql & "'" & Request.Form("username") & "')"

objConn.Execute(sql)

rocknbil

4:54 pm on Jun 15, 2005 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Since no one else has replied, I'll take a stab but my VBscript is rusty.

Has this select EVER worked? By what I can see - I doubt it.

If not, what's with the brackets?

sql="INSERT INTO [visitors] ([cmpname], [address], [city], [state], [zip], [number], [contact], [email], [pwrd], [username])"

a normal select statement should just be the field names:
sql="INSERT INTO visitors (cmpname, address, city, state, zip, number, contact, email, pwrd, username) values (...);"

digitalv

5:11 pm on Jun 15, 2005 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

There could be a couple of reasons - for starters, do any of the fields you're inserting contain an apostrophe? This would cause the field to terminate early leaving extra characters out where they aren't supposed to be and throw back a syntax error. Do me a favor, run the page but throw in a response.write SQL before your execute statement and then paste that output here from your browser so I can see exactly what's being inserted.

Another thing you should do immediately - CHANGE YOUR PASSWORD - you just gave a hacker everything they need to know to get into your database by posting your connection string and you should change your SQL password right away. In the future, don't post the connection string as you did since its not necessary for troubleshooting syntax errors, only connection errors.

Blelisa

5:45 pm on Jun 15, 2005 (gmt 0)

10+ Year Member

Thank you, thank you, it was the brackets. removed them and now is inserting info. I have run into another problem however:
The error I am getting is CreateObject has failed

Code is:
Dim Mail
Set Mail=Server.CreateObject("CDONTS.NewMail")
Mail.to="#*$!xxxxxxxxxx@xxxx.xxx"
Mail.From="lxxxxxxxxxxxxxx@xx.xxx"
Mail.Subject="Visitor Registration"
Mail.MailFormat= 0
Mail.BodyFormat=0
Mail.Body="<h2>Hey Sean, someone just registered with your site. Check it out!</h2>"
Mail.Send
Set Mail=nothing

if err<>0 then
Response.Write(Err.Description)
else
response.redirect("login.asp")
end if
connection.close

rocknbil

11:32 pm on Jun 15, 2005 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Ask your isp/host if CDONTS is installed and functioning. If the DLL isn't there it won't work. This is completely unrelated to your sql question and you may get further help from the ASP forum.