ASP.NET aspx language in dreamweaver

neillly88right · 19-03-2006 8:17am #1

:cool: I have tried inserting a simple first and last name into a access table via two textboxes using this code below:

<%@ Page Language="VB"%>
<%@ Import Namespace="System.Data"%>
<%@ Import Namespace="System.Data.OleDb"%>

<script runat="server">

sub Button1_Click (Sender as Object, e as EventArgs)
dim myConnection as new OleDbConnection ("Provider = " & "Microsoft.Jet.OLEDB.4.0;" & "Data Source = " & Server.MapPath("\aspnet\NeilStansfield\aspdatabase.mdb"))
Dim cmd As New OleDbCommand("INSERT INTO regtest (firstname, password) VALUES('" & regtestname.Text & "','" & regtestpass.Text & "')")

myConnection.Open()
cmd.Connection = myConnection
cmd.ExecuteNonQuery()
myConnection.Close()

end sub
</SCRIPT>

I keep getting the error returned for line 14(cmd.ExecuteNonQuery()) saying there is a syntax error in my insert statement but i cannot see how i think ihave miised a command or myCommand line

if anyone can help it would be appreciated i am at university and my final year project needs to be in by Mayday ty.

mewso · 19-03-2006 2:32pm

Change your code to use parameters to avoid sql injection.

Dim cmd As New OleDbCommand("INSERT INTO regtest (firstname, password) VALUES(?,?)")
cmd.Parameters.Add("FirstName", regtestname.Text)
cmd.Parameters.Add("Password", regtestpass.Text)
cmd.Connection = myConnection
myConnection.Open()
cmd.ExecuteNonQuery()
myConnection.Close()

I'm fairly sure you need to use ? for parameters in oledb but do a search for ms access parameter querys if you need more info.

Evil Phil · 19-03-2006 6:47pm

You may also want to put your connection string in the web.config file.

ASP.NET aspx language in dreamweaver

Comments