' are missing:
' don't use SELECT *
' write out the column names
' defeat SQL Injection with Replace() or similar function
sqlstmt = "SELECT * from [tbluser] WHERE [User] = '" & _
Replace(strUser, "'", "''") & "'"
David L. Penton, Microsoft MVP
JCPenney Application Specialist / Lead
"Mathematics is music for the mind, and Music is Mathematics for the
Soul. - J.S. Bach"
[EMAIL PROTECTED]
Do you have the VBScript Docs or SQL BOL installed? If not, why not?
VBScript Docs: http://www.davidpenton.com/vbscript
SQL BOL: http://www.davidpenton.com/sqlbol
-----Original Message-----
From: Jon Barnhardt [mailto:jon_barnhardt@;educ8.org]
I'm doing a SIMPLE query against an access database and for some reason it
doesn't like me.
here is the statement:
sqlstmt = "SELECT * from tbluser WHERE User =" & strUser
Here is the error:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in
query expression 'User =Chris K'.
what gives?? I just can't see it today...
Thanks again for the help
Jon
---
You are currently subscribed to activeserverpages as: [email protected]
To unsubscribe send a blank email to [EMAIL PROTECTED]
