Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > syntax error in update statement in vb.net

Reply
Thread Tools

syntax error in update statement in vb.net

 
 
amitbadgi@gmail.com
Guest
Posts: n/a
 
      08-12-2005
HI i am getting the foll error while conv an asp application to
asp.net
Exception Details: System.Runtime.InteropServices.COMException: Syntax
error in UPDATE statement.

Source Error:

Line 112: MM_editCmd.ActiveConnection = MM_editConnection
Line 113: MM_editCmd.CommandText = MM_editQuery
Line 114: MM_editCmd.Execute
Line 115: MM_editCmd.ActiveConnection.Close
Line 116:


Source File: C:\Documents and Settings\amit\WebSite1\edit_location.aspx
Line: 114

Stack Trace:

[COMException (0x80040e14): Syntax error in UPDATE statement.]

Microsoft.VisualBasic.CompilerServices.LateBinding .InternalLateCall(Object
o, Type objType, String name, Object[] args, String[] paramnames,
Boolean[] CopyBack, Boolean IgnoreReturn) +776

Microsoft.VisualBasic.CompilerServices.NewLateBind ing.LateCall(Object
Instance, Type Type, String MemberName, Object[] Arguments, String[]
ArgumentNames, Type[] TypeArguments, Boolean[] CopyBack, Boolean
IgnoreReturn) +193987
ASP.edit_location_aspx.__Render__control1(HtmlText Writer __w,
Control parameterContainer) in C:\Documents and
Settings\amit\WebSite1\edit_location.aspx:114
System.Web.UI.Control.RenderChildrenInternal(HtmlT extWriter writer,
ICollection children) +98
System.Web.UI.Control.RenderChildren(HtmlTextWrite r writer) +20
System.Web.UI.Page.Render(HtmlTextWriter writer) +27
System.Web.UI.Control.RenderControlInternal(HtmlTe xtWriter writer,
ControlAdapter adapter) +53
System.Web.UI.Control.RenderControl(HtmlTextWriter writer,
ControlAdapter adapter) +280
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +24

The code whre the statement was declared is as follows,

<%
' *** Update Record: construct a sql update statement and execute it

If (Trim(Request("MM_update")) <> "" And Trim(Request("MM_recordId"))
<> "") Then

' create the sql update statement
MM_editQuery = "update " & MM_editTable & " set "
For MM_i = LBound(MM_fields) To UBound(MM_fields) Step 2
MM_formVal = MM_fields(MM_i+1)
MM_typeArray = Split(MM_columns(MM_i+1),",")
MM_delim = MM_typeArray(0)
If (MM_delim = "none") Then MM_delim = ""
MM_altVal = MM_typeArray(1)
If (MM_altVal = "none") Then MM_altVal = ""
MM_emptyVal = MM_typeArray(2)
If (MM_emptyVal = "none") Then MM_emptyVal = ""
If (MM_formVal = "") Then
MM_formVal = MM_emptyVal
Else
If (MM_altVal <> "") Then
MM_formVal = MM_altVal
ElseIf (MM_delim = "'") Then ' escape quotes
MM_formVal = "'" & Replace(MM_formVal,"'","''") & "'"
Else
MM_formVal = MM_delim + MM_formVal + MM_delim
End If
End If
If (MM_i <> LBound(MM_fields)) Then
MM_editQuery = MM_editQuery & ","
End If
MM_editQuery = MM_editQuery & MM_columns(MM_i) & " = " & MM_formVal
Next
MM_editQuery = MM_editQuery & " where " & MM_editColumn & " = " &
MM_recordId

If (Not MM_abortEdit) Then
' execute the update
MM_editCmd = Server.CreateObject("ADODB.Command")
MM_editCmd.ActiveConnection = MM_editConnection
MM_editCmd.CommandText = MM_editQuery
MM_editCmd.Execute
MM_editCmd.ActiveConnection.Close

If (MM_editRedirectUrl <> "") Then
Response.Redirect(MM_editRedirectUrl)
End If
End If

End If
%>

 
Reply With Quote
 
 
 
 
Nick Malik [Microsoft]
Guest
Posts: n/a
 
      08-12-2005
note that you are very susceptible to a type of malicious attack called SQL
Injection with the code below. You need to use parameters instead of
building your SQL statement this way.

The error is caused because the SQL statement that you are submitting to the
database is not valid. Look at it in the debugger and see if you can see
the error. You didn't post the actual SQL statement, so it is hard for me
to help.

--
--- Nick Malik [Microsoft]
MCSD, CFPS, Certified Scrummaster
http://blogs.msdn.com/nickmalik

Disclaimer: Opinions expressed in this forum are my own, and not
representative of my employer.
I do not answer questions on behalf of my employer. I'm just a
programmer helping programmers.
--
<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> HI i am getting the foll error while conv an asp application to
> asp.net
> Exception Details: System.Runtime.InteropServices.COMException: Syntax
> error in UPDATE statement.
>
> Source Error:
>
> Line 112: MM_editCmd.ActiveConnection = MM_editConnection
> Line 113: MM_editCmd.CommandText = MM_editQuery
> Line 114: MM_editCmd.Execute
> Line 115: MM_editCmd.ActiveConnection.Close
> Line 116:
>
>
> Source File: C:\Documents and Settings\amit\WebSite1\edit_location.aspx
> Line: 114
>
> Stack Trace:
>
> [COMException (0x80040e14): Syntax error in UPDATE statement.]
>
> Microsoft.VisualBasic.CompilerServices.LateBinding .InternalLateCall(Object
> o, Type objType, String name, Object[] args, String[] paramnames,
> Boolean[] CopyBack, Boolean IgnoreReturn) +776
>
> Microsoft.VisualBasic.CompilerServices.NewLateBind ing.LateCall(Object
> Instance, Type Type, String MemberName, Object[] Arguments, String[]
> ArgumentNames, Type[] TypeArguments, Boolean[] CopyBack, Boolean
> IgnoreReturn) +193987
> ASP.edit_location_aspx.__Render__control1(HtmlText Writer __w,
> Control parameterContainer) in C:\Documents and
> Settings\amit\WebSite1\edit_location.aspx:114
> System.Web.UI.Control.RenderChildrenInternal(HtmlT extWriter writer,
> ICollection children) +98
> System.Web.UI.Control.RenderChildren(HtmlTextWrite r writer) +20
> System.Web.UI.Page.Render(HtmlTextWriter writer) +27
> System.Web.UI.Control.RenderControlInternal(HtmlTe xtWriter writer,
> ControlAdapter adapter) +53
> System.Web.UI.Control.RenderControl(HtmlTextWriter writer,
> ControlAdapter adapter) +280
> System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +24
>
> The code whre the statement was declared is as follows,
>
> <%
> ' *** Update Record: construct a sql update statement and execute it
>
> If (Trim(Request("MM_update")) <> "" And Trim(Request("MM_recordId"))
> <> "") Then
>
> ' create the sql update statement
> MM_editQuery = "update " & MM_editTable & " set "
> For MM_i = LBound(MM_fields) To UBound(MM_fields) Step 2
> MM_formVal = MM_fields(MM_i+1)
> MM_typeArray = Split(MM_columns(MM_i+1),",")
> MM_delim = MM_typeArray(0)
> If (MM_delim = "none") Then MM_delim = ""
> MM_altVal = MM_typeArray(1)
> If (MM_altVal = "none") Then MM_altVal = ""
> MM_emptyVal = MM_typeArray(2)
> If (MM_emptyVal = "none") Then MM_emptyVal = ""
> If (MM_formVal = "") Then
> MM_formVal = MM_emptyVal
> Else
> If (MM_altVal <> "") Then
> MM_formVal = MM_altVal
> ElseIf (MM_delim = "'") Then ' escape quotes
> MM_formVal = "'" & Replace(MM_formVal,"'","''") & "'"
> Else
> MM_formVal = MM_delim + MM_formVal + MM_delim
> End If
> End If
> If (MM_i <> LBound(MM_fields)) Then
> MM_editQuery = MM_editQuery & ","
> End If
> MM_editQuery = MM_editQuery & MM_columns(MM_i) & " = " & MM_formVal
> Next
> MM_editQuery = MM_editQuery & " where " & MM_editColumn & " = " &
> MM_recordId
>
> If (Not MM_abortEdit) Then
> ' execute the update
> MM_editCmd = Server.CreateObject("ADODB.Command")
> MM_editCmd.ActiveConnection = MM_editConnection
> MM_editCmd.CommandText = MM_editQuery
> MM_editCmd.Execute
> MM_editCmd.ActiveConnection.Close
>
> If (MM_editRedirectUrl <> "") Then
> Response.Redirect(MM_editRedirectUrl)
> End If
> End If
>
> End If
> %>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Syntax Error in SQL Update Statement Maximus ASP General 3 02-26-2007 07:55 PM
System.Data.OleDb.OleDbException: Syntax error in UPDATE statement. Mark Sandfox ASP .Net 1 05-07-2004 12:35 AM
adapter update problem Syntax error in INSERT INTO statement. compuglobalhypermeganetz0r ASP .Net 0 12-08-2003 05:03 AM
Syntax error in update statement - novice question sean ASP .Net 2 12-02-2003 01:48 PM
Syntax error in UPDATE statement- asp/jscript Robert Mark Bram ASP General 2 10-21-2003 12:36 PM



Advertisments