Please help! I am trying to build an ASP application based on existing Access database. I have make-table query that I am trying to run. I found out that I cannot directly run it, so I copied the SQL code into ASP. The problem is this query is based on other queries that use parameters entered by user.
How do I write -- syntax ? my parameters? The HAVING clause is giving error.

To run select query with parameters is straight forward :
strQuery = "query1 '"&param1&"','"&param2&"'
RS.open strQuery, MyConn, 0,4

Thanks in advance.

No! No! No!
Never ever use concatenation for your sql statements. Using the code you showed, a malicious user can delete all data from your database or even drop your database. Rather use ADO parameters. Investigate: Command.Parrameters.Add method.

And your sql will look something like:
"select [columnlist] from [tablelist and joins] where [column] = ?"
The ? is for the parameter which ADO substitutes for you. This method ensures that no DML or DDL commands can piggy back you query.

I am new to ASP and SQL, I had no idea that this code can be dangerous. Here is the link to the article I found on the net:
http://www.xefteri.com/articles/apr302002/default.aspx

This actually helped me a lot, because I have 10-15 queries that are run before the one I actually call here, and the parameters are mainly required in the previous queries. How do I do this safely on sql?
Thank you