SQL Crash

El_mariachi · 12-05-2007 10:02pm #1

Dim adoCon               'Holds the Database Connection Object
Dim rsReadThr     	 'Holds the recordset for the new record to be added
Dim strSQL               'Holds the SQL query to query the database
Dim PostId				'Holds the post id number

PostId = (Request.QueryString("id"))

Set adoCon = Server.CreateObject("ADODB.Connection")
adoCon.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("/db/cghy78uiwm.mdb")
Set rsReadThr = Server.CreateObject("ADODB.Recordset")

strSQL = "SELECT * FROM TblPost where ThreadId = '"& PostId &"' ;" 

rsReadThr.CursorType = 2
rsReadThr.LockType = 3
rsReadThr.Open strSQL, adoCon

Response.write(RsReadThr("PostMember"))

This keeps crashing have no idea why,

if i change the where

ThreadId = '"& PostId &"' ;"

to

where ThreadId = 15 ;"

then it works!

i get this error Microsoft OLE DB Provider for ODBC Drivers error '80040e07'

[Microsoft][ODBC Microsoft Access Driver] Data type mismatch in criteria expression.

Please help before i go mad

/forum/thread.asp, line 59

looked it up but was no help!

Seth Brundle · 12-05-2007 11:20pm

The single quotes make it a string and not a number - remove them to form
ThreadId = "& PostId &" ;"

Oh and read up on SQL Injection!!!

El_mariachi · 13-05-2007 2:42pm

kbannon wrote:

The single quotes make it a string and not a number - remove them to form
ThreadId = "& PostId &" ;"

Oh and read up on SQL Injection!!!

you now whats really funny, i was lying in bed thniking about that this morning and i said, bet its the single quotes..... but thank you for helping me!

Seth Brundle · 13-05-2007 9:24pm

Read my last sentence and make sure you follow its advice!!!
I'd worry about that more than your original problem!

SQL Crash

Comments