Syntax error un update

I have the code below which should update a table, but it has a syntax error I can't find, any help is appreciated.


MM_saveCmd.CommandText ="UPDATE FormsBlb SET Firmid =" & Session("FirmId") & ", Caseid =" & Session("QFcaseid") & ", Userid =" & Session("QFUserId") & ", Activityid =" & Session("QFActivityid") & ", Blobdata = '" & strXML & "') WHERE Blobid = '" & Session("QFBlobid") & "'"
LVL 1
AleksAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Big MontyWeb Ninja at largeCommented:
my guess is one of the session variables isn't populating. if you do a response.write out to the screen, can you post that?

response.write "UPDATE FormsBlb SET Firmid =" & Session("FirmId") & ", Caseid =" & Session("QFcaseid") & ", Userid =" & Session("QFUserId") & ", Activityid =" & Session("QFActivityid") & ", Blobdata = '" & strXML & "') WHERE Blobid = '" & Session("QFBlobid") & "'"

also, you're opening yourself up to sql injection using this method, you may want to look into parameterized queries
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
Looks like you have an extra closing paren

Blobdata = '" & strXML & "')

should be

Blobdata = '" & strXML & "'

BM is correct about using parameterized queries.  At the very least I would do something like below. I only did t his for one field but you can get the idea.  Session variables can get lost easily so it is a good idea to always test that they are available.  Then finally test that it is a number.

 
intFirmID = 0 ' set to default
if  Session("FirmId") <> "" then ' make sure session is set
     if isnumeric(Session("FirmId")) then ' make sure session is a number
         intFirmID = Session("FirmId") ' re set intFirmID
   end if
end if


MM_saveCmd.CommandText ="UPDATE FormsBlb SET Firmid =" & intFirmID & ", Caseid =" & Session("QFcaseid") & ", Userid =" & Session("QFUserId") & ", Activityid =" & Session("QFActivityid") & ", Blobdata = '" & strXML & "') WHERE Blobid = '" & Session("QFBlobid") & "'"

Open in new window

0
AleksAuthor Commented:
:)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP

From novice to tech pro — start learning today.