Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / New Users / August 2005

Tip: Looking for answers? Try searching our database.

syntax error in update statement in vb.net

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
amitbadgi@gmail.com - 12 Aug 2005 06:57 GMT
HI i am getting the foll error while conv an asp application to
asp.net
Exception Details: System.Runtime.InteropServices.COMException: Syntax
error in UPDATE statement.

Source Error:

Line 112:    MM_editCmd.ActiveConnection = MM_editConnection
Line 113:    MM_editCmd.CommandText = MM_editQuery
Line 114:    MM_editCmd.Execute
Line 115:    MM_editCmd.ActiveConnection.Close
Line 116:

Source File: C:\Documents and Settings\amit\WebSite1\edit_location.aspx
  Line: 114

Stack Trace:

[COMException (0x80040e14): Syntax error in UPDATE statement.]

Microsoft.VisualBasic.CompilerServices.LateBinding.InternalLateCall(Object
o, Type objType, String name, Object[] args, String[] paramnames,
Boolean[] CopyBack, Boolean IgnoreReturn) +776

Microsoft.VisualBasic.CompilerServices.NewLateBinding.LateCall(Object
Instance, Type Type, String MemberName, Object[] Arguments, String[]
ArgumentNames, Type[] TypeArguments, Boolean[] CopyBack, Boolean
IgnoreReturn) +193987
  ASP.edit_location_aspx.__Render__control1(HtmlTextWriter __w,
Control parameterContainer) in C:\Documents and
Settings\amit\WebSite1\edit_location.aspx:114
  System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer,
ICollection children) +98
  System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
  System.Web.UI.Page.Render(HtmlTextWriter writer) +27
  System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,
ControlAdapter adapter) +53
  System.Web.UI.Control.RenderControl(HtmlTextWriter writer,
ControlAdapter adapter) +280
  System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +24

The code whre the statement was declared is as follows,

<%
' *** Update Record: construct a sql update statement and execute it

If (Trim(Request("MM_update")) <> "" And Trim(Request("MM_recordId"))
<> "") Then

 ' create the sql update statement
 MM_editQuery = "update " & MM_editTable & " set "
 For MM_i = LBound(MM_fields) To UBound(MM_fields) Step 2
   MM_formVal = MM_fields(MM_i+1)
   MM_typeArray = Split(MM_columns(MM_i+1),",")
   MM_delim = MM_typeArray(0)
   If (MM_delim = "none") Then MM_delim = ""
   MM_altVal = MM_typeArray(1)
   If (MM_altVal = "none") Then MM_altVal = ""
   MM_emptyVal = MM_typeArray(2)
   If (MM_emptyVal = "none") Then MM_emptyVal = ""
   If (MM_formVal = "") Then
     MM_formVal = MM_emptyVal
   Else
     If (MM_altVal <> "") Then
       MM_formVal = MM_altVal
     ElseIf (MM_delim = "'") Then  ' escape quotes
       MM_formVal = "'" & Replace(MM_formVal,"'","''") & "'"
     Else
       MM_formVal = MM_delim + MM_formVal + MM_delim
     End If
   End If
   If (MM_i <> LBound(MM_fields)) Then
     MM_editQuery = MM_editQuery & ","
   End If
   MM_editQuery = MM_editQuery & MM_columns(MM_i) & " = " & MM_formVal
 Next
 MM_editQuery = MM_editQuery & " where " & MM_editColumn & " = " &
MM_recordId

 If (Not MM_abortEdit) Then
   ' execute the update
   MM_editCmd = Server.CreateObject("ADODB.Command")
   MM_editCmd.ActiveConnection = MM_editConnection
   MM_editCmd.CommandText = MM_editQuery
   MM_editCmd.Execute
   MM_editCmd.ActiveConnection.Close

   If (MM_editRedirectUrl <> "") Then
     Response.Redirect(MM_editRedirectUrl)
   End If
 End If

End If
%>
Reply to this Message
Nick Malik [Microsoft] - 12 Aug 2005 07:28 GMT
note that you are very susceptible to a type of malicious attack called SQL
Injection with the code below.  You need to use parameters instead of
building your SQL statement this way.

The error is caused because the SQL statement that you are submitting to the
database is not valid.  Look at it in the debugger and see if you can see
the error.   You didn't post the actual SQL statement, so it is hard for me
to help.

Signature

--- Nick Malik [Microsoft]
   MCSD, CFPS, Certified Scrummaster
   http://blogs.msdn.com/nickmalik

Disclaimer: Opinions expressed in this forum are my own, and not
representative of my employer.
  I do not answer questions on behalf of my employer.  I'm just a
programmer helping programmers.
--

> HI i am getting the foll error while conv an asp application to
> asp.net
[quoted text clipped - 90 lines]
> End If
> %>
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.