Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression ''If you need a website with minimal features and just a simple HTML page, then this is a great choice for you. A standard simple HTML website will cost you just $12 per month, and that includes a domain name of your choice, web hosting, and weekly content ma'.
/cp3/editcontent.asp, line 35
This is line 35 in which it says that the above error occurs:
rs.Open "UPDATE [Content] SET [Title]='" & Request.Form("Title") & "', [Order]='" & Request.Form("Order") & "', [Type]='" & Request.Form("Type") & "', [Content]='" & Request.Form("Content") & "', [Image]='" & Request.Form("Image") & "', [Link]='" & Request.Form("Link") & "', [LinkTarget]='" & Request.Form("LinkTarget") & "' WHERE ID=" & Request.QueryString("id")
This is an odd one, because it only does it when I put this certain piece of text into the textbox and submit it to this page:
However, if you don't need a custom css design or content management, then you can remove $2 from the monthly price.
I don't understand... It's just odd... Is there anything that I need to fix, or is there just something wrong with that sentence?
Thanks in advance
Just by the way, i'm using Classic ASP and an MS Access database.because you must replace single quotes in the string with 2 single qoutes. its an escape character and a string delimiter. If you go
Replace(Request.Form("txtArea"),"'","''")
that would fix the issue.Thanks a lot, would probably never have thought of that...
that also prohits SQL injection, however doesn't stop SQL Script injection. To stop that you must remove HTML from the data.
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression ''If you need a website with minimal features and just a simple HTML page, then this is a great choice for you. A standard simple HTML website will cost you just $12 per month, and that includes a domain name of your choice, web hosting, and weekly content ma'.
/cp3/editcontent.asp, line 35
This is line 35 in which it says that the above error occurs:
rs.Open "UPDATE [Content] SET [Title]='" & Request.Form("Title") & "', [Order]='" & Request.Form("Order") & "', [Type]='" & Request.Form("Type") & "', [Content]='" & Request.Form("Content") & "', [Image]='" & Request.Form("Image") & "', [Link]='" & Request.Form("Link") & "', [LinkTarget]='" & Request.Form("LinkTarget") & "' WHERE ID=" & Request.QueryString("id")
This is an odd one, because it only does it when I put this certain piece of text into the textbox and submit it to this page:
However, if you don't need a custom css design or content management, then you can remove $2 from the monthly price.
I don't understand... It's just odd... Is there anything that I need to fix, or is there just something wrong with that sentence?
Thanks in advance
Just by the way, i'm using Classic ASP and an MS Access database.because you must replace single quotes in the string with 2 single qoutes. its an escape character and a string delimiter. If you go
Replace(Request.Form("txtArea"),"'","''")
that would fix the issue.Thanks a lot, would probably never have thought of that...
that also prohits SQL injection, however doesn't stop SQL Script injection. To stop that you must remove HTML from the data.