ASP SQL Update Query

TheMSsForum.com: The Microsoft Software Forum

I am trying to update a field in an Access DB using ASP, but I get the
following error.
Microsoft JET Database Engine error '80004005'

Operation must use an updateable query.



If I put the same code into a VBS file the update works file (See below)

*******************************************************************
DatabaseFile = """C:\web\changes.mdb"""
Set adoCon = CreateObject("ADODB.Connection")
adoCon.open("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & DatabaseFile)

strReason = "Work Damn you"
SQLQuery = "UPDATE Table SET Table.Reason='" & strReason & "' Where id=54"
adoCon.execute(SQLQuery)
********************************************************************

Does anyone know why the exact same code wont work in ASP?
Top

Re: ASP SQL Update Query by Bob

Bob
Sun Jul 17 18:44:49 CDT 2005

Bob Smith wrote:
> I am trying to update a field in an Access DB using ASP, but I get the
> following error.
> Microsoft JET Database Engine error '80004005'
>
> Operation must use an updateable query.
>
>
>
> If I put the same code into a VBS file the update works file (See
> below)
> *******************************************************************
> DatabaseFile = """C:\web\changes.mdb"""
> Set adoCon = CreateObject("ADODB.Connection")
> adoCon.open("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &
> DatabaseFile)
> strReason = "Work Damn you"
> SQLQuery = "UPDATE Table SET Table.Reason='" & strReason & "' Where
> id=54" adoCon.execute(SQLQuery)
> ********************************************************************
>
> Does anyone know why the exact same code wont work in ASP?

m.p.inetserver.asp.db would have been a more relevant place to post this
question, but ...

This article addresses your issue:
http://www.aspfaq.com/show.asp?id=2062

Are you planning to use dynamic sql in your application, or was it just for
the sake of this example? If so, you should read up on sql injection:
http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23

By using parameters instead of dynamic sql, you can completely avoid the
risks of sql injection, as well as improving the performance of your
application and making your code a little easier to write. My recommendation
is to use saved parameter queries. See these posts for examples:

http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=e6lLVvOcDHA.1204%40TK2MSFTNGP12.phx.gbl
http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/b3d322b882a604bd

If for some reason you'd rather not use saved queries, you can still use
parameters. See here for an example of using a Command object to pass values
to a parameterized sql statement:
http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36562fee7804e

HTH,
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"


Top