Tuesday, March 27, 2012

Easy SQL syntax question

Dim varBookID as String
varBookID = request.params("BookID")

Dim varBookNo as String
varBookNo = request.params("BookNo")

***What is incorrect with the string concatenation below? I know the SQL syntax is incorrect, but i cannot locate the problem.***

DBCommand = New OleDbDataAdapter("SELECT * FROM Books WHERE BookID=" & "'" & varBookID & "'" AND BookNo= & "'" & varBookNo & "'"", DBConn)

You have a string with a part that ends after

"SELECT * FROM Books WHERE BookID=" & "'" & varBookID & "'"

Then comes

AND BookNo= & "'" & varBookNo & "'""

That should give you a compiler syntax error right there. Simplified:

"SELECT * FROM Books WHERE BookID='" & varBookID & "' AND BookNo='" & varBookNo & "'"

Among other things, it is because of stuff like this that you should use
Stored procedures and SqlParameters, which eliminate these kinds of tedious string concatenations.
You can find many examples on the net

|||It looks like you've got an extra quote mark at the end.
sql
Posted by besi at 10:22 PM
Labels: , , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)