Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 177
  • Last Modified:

Issue using SQL string to do UPDATE

When I run the attached code I get the following error:

Microsoft OLE DB Provider for SQL Server error '80040e14'

Incorrect syntax near '('.

When I output newSQL I get:
UPDATE xxXXX set (userName,FirstName,LastName,password,emailAddress) Values('PhilG','Phil','Gxxxxxxon','12345','philg@abc.com') WHERE AdminID = '5'
dim uname, fname, lname, password, emailAdd
	  uname = Request.Form("uname")
	  fname = Request.Form("fname")
	  lname = Request.Form("lname")
	  email = Request.Form("emailAdd")
	  password = Request.Form("password")

	Dim newSQL
	  newSQL = "UPDATE xxXXX set (userName,FirstName,LastName,password,emailAddress) Values('" & uname & "','"  & fname &  "','"  & lname &  "','"  & password & "','"  & email &  "') WHERE AdminID = '" & getUserID & "'"
	Set objRSupdate = Server.CreateObject("ADODB.Recordset")
	  objRSupdate.Open newSQL, objConn
	Response.Write("User has been added Updated.")

Open in new window

1 Solution
Guy Hengel [angelIII / a3]Billing EngineerCommented:
the UPDATE syntax is differently:

UPDATE yourtable
   SET field1 = value1, field2 = value2 . ..etc
 WHERE ...

not that you REALLY should use adodb.command with parameters to avoid sql injection.

injection: http://www.palecrow.com/content/GCIH/Matt_Borland_GCIH.html
pGustafsonAuthor Commented:
Thank you for your quick response

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now