Re: ASP Query

Joe Rinehart Tue, 04 Jan 2005 13:27:52 -0800

Yes:

1.  The ( around VALUES needs a closing )
2.  It allows SQL Injection
3.  Why is it in ASP?


-Joe


On Tue, 04 Jan 2005 16:16:50 -0400, Asim Manzur <[EMAIL PROTECTED]> wrote:
> is this something wrong with this query?
> 
> SQLstr = "INSERT INTO projectSupportDoc (fileName, projectID) VALUES ('" & n 
> & "','" & Request.QueryString("pid") &"'"
> 
> the complete code is
> 
> SQLstr = "INSERT INTO projectSupportDoc (fileName, projectID) VALUES ('" & n 
> & "','" & Request.QueryString("pid") &"'"
> Set dbrs = Server.CreateObject("ADODB.RecordSet")
> dbrs.Open SQLstr, dbConn, , , adCmdText
> dbrs.Close
> Set dbrs = Nothing
> 
> please someone help.
> 
> 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Find out how CFTicket can increase your company's customer support 
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:189297
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Re: ASP Query

Reply via email to