var sidebar_align = 'right';
var content_container_margin = parseInt('290px');
var sidebar_width = parseInt('270px');
Unanswered: Microsoft OLE DB Provider for SQL Server (0x80040E14)
Morning all, how are you ?
I had the following error, and at one point seemed to have a vague idea about how to rectify it, but alas no joy. Any help would be very much welcome.
Microsoft OLE DB Provider for SQL Server (0x80040E14)
Unclosed quotation mark after the character string ',4'.
/admin/stores/index.asp, line 401. (code below)
I have a "Save" button in an ASP page, that when selected should update a table in a database and save the information added.
Here is the code / line that is being referenced:
sSQL = "EXEC storedprocedure_one " & iStoreID & ",'" & sOpensMonday & "'" &_
",'" & sClosesMonday & "'" &_
",'" & sOpensTuesday & "'" &_
",'" & sClosesTuesday & "'" &_
",'" & sOpensWednesday & "'" &_
",'" & sClosesWednesday & "'" &_
",'" & sOpensThursday & "'" &_
",'" & sClosesThursday & "'" &_
",'" & sOpensFriday & "'" &_
",'" & sClosesFriday & "'" &_
",'" & sOpensSaturday & "'" &_
",'" & sClosesSaturday & "'" &_
",'" & sOpensSunday & "'" &_
",'" & sClosesSunday & "'" &_
",'" & sTelNumber & "'" &_
",'" & sFaxNumber & "'" &_
",'" & sEmailAddress & "'" &_
",'" & sSocialProfileAddress & "'" &_
",'" & sPostalAddress & "'" &_
"," & iWinID & "'"&_
oDB.execute(sSQL) (line 401)
Originally the "storedprocedure_one" (see below) didn't have any reference to "iFloorID", and so, when the Procedures was running through what it had to update, it arrives to the end and has no idea of "iFloorID" it went crazy and errored? However "ifloorId" was added where needed, but still it does not save.
ALTER PROCEDURE [dbo].[spstoredprocedure_one]
SET NOCOUNT ON
IF EXISTS (SELECT fk_storeID FROM tblname_one WHERE fk_storeID = @iStoreID)
OpensMonday = @sOpensMonday
,ClosesMonday = @sClosesMonday
,OpensTuesday = @sOpensTuesday
,ClosesTuesday = @sClosesTuesday
,OpensWednesday = @sOpensWednesday
,ClosesWednesday = @sClosesWednesday
,OpensThursday = @sOpensThursday
,ClosesThursday = @sClosesThursday
,OpensFriday = @sOpensFriday
,ClosesFriday = @sClosesFriday
,OpensSaturday = @sOpensSaturday
,ClosesSaturday = @sClosesSaturday
,OpensSunday = @sOpensSunday
,ClosesSunday = @sClosesSunday
,TelNumber = @sTelNumber
,FaxNumber = @sFaxNumber
,EmailAddress = @sEmailAddress
,SocialProfileAddress = @sSocialProfileAddress
,PostalAddress = @sPostalAddress
,fk_windowID = @iWindowID
fk_StoreID = @iStoreID
INSERT INTO tblname_one (
I thought it was that, but im still getting errors. hope it all makes sense. If not please shout and I can provide further information if required.
Morning - I am splendid thank you.
The value of sSQL is the important thing here. Can you please print out the value?
Additional point - you are vulnerable to SQL Injection using this sort of methodology.
ur codings are working excelent.
end single quote after iWinID is the problem.
"," & iWinID & "'"&_
Hi all, thank you for your input,
I have since resolved the problem, it was simply a single quote where it should not have been. Please see below for answer, hope this helps people should they have similar problems in future. (highlighted in red). Also, iFloorID was required in the stored procedure, so half right Lol.
"," & iWinID & "' ' "&_
Thank you once again, take care.
Hi pootle flump, thanks for your reply.
im new to this world and dont know what SQL Injection is, but any info would be great to know.
Hi PMASchmed, thank you for the reply,
You were right.
See some basic examples about SQL injection here:
SQL Injection Attacks by Example
DB2 9.7, 10.5 on Windows