strLoginID = request("loginID")
Set rsPart = Server.CreateObject("ADODB.Recordset")
sql = "SELECT * FROM Login WHERE loginID = " & strLoginID
rsPart.Open sql, conn1, 2, 3
everything works fine when typing a number like 123 in the textbox, but if i type abc, i get the error
Microsoft OLE DB Provider for ODBC Drivers error '80040e10'
[Microsoft][ODBC Microsoft Access Driver] Too few parameters. Expected 1.
i am still getting an error. i think the problem is in my data types. the data type in the sql table is a number.
so to recap, if "123" (without quotes) is typed at login box, i convert to a string to for the sql string. but if "abc" is typed in, i get an error (even with the extra quotes such as in the message above, ' " & strLoginID "'", but with the extra quotes, number entries don't work then).
i think i will keep it as a number, the loginIDs are pre-assigned to be numbers and they (users) will not have an opportunity to change there ID (this is a one-time login...or actually as many times in a 2-week period login for a survey). however, i will want to handle the error of someone accidently typing letters so as not to get the server side error message. can that be done in MS sql or should i handle it in the asp?
lastly (for now)...are there "standards" for assigning datatypes? i remember reading that it is standard to use "text" for SS#. are there hidden (to me) benefits of using "text" rather than number for various datatypes. Where can i learn more of basic conventions for assigning datatypes.