Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2000 Forums
 SQL Server Development (2000)
 whats wrong with this?

Author  Topic 

kevinxyx
Starting Member

11 Posts
Posted - 2011-08-12 : 11:12:25
Unterminated string constant
/payroll/Validation.asp, line 95, column 89
sql = "UPDATE ManHrs SET DaysWork = " & rs5("DaysWork") & ", Record = " & rs5("Record")"'

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2011-08-12 : 11:45:20
quote:

whats wrong with this?


Well most importantly, your code is vulnerable to SQL injection. You should not be concatenating your SQL queries. Instead use parameterized queries or better yet stored procedures.

To answer your question though, it looks like you don't have the right number of double quotes. For the ending one, you've got a double quote and a single quote. And it appears you need two double quotes instead.

Tara Kizer
Microsoft MVP for Windows Server System - SQL Server
http://weblogs.sqlteam.com/tarad/

Subscribe to my blog
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site