InstantForum.NET v2.9.0SQLServerCentralhttp://www.sqlservercentral.com/Forums/notifications@sqlservercentral.comTue, 18 Jun 2013 18:15:53 GMT20http://www.sqlservercentral.com/Forums/Topic570210-1291-1.aspxU need to give necessary spaces between quotation marks and SQL keywords so that the SQL server can interpret them.If you dont give them properly especially in ASP. it is very difficult to trace thembetter make use of Reponse.Write for the SQL statement to be executed before onlyFri, 26 Sep 2008 06:38:02 GMTSivaVardhanhttp://www.sqlservercentral.com/Forums/Topic570210-1291-1.aspxI found the right SQL Statement. sql = "Update web Set answer1='" & answer1 & "'" & " where identity=" & identity Thanks a lot for your replies. SQL seems to be very delicate.Wed, 17 Sep 2008 03:35:33 GMTpoloarunhttp://www.sqlservercentral.com/Forums/Topic570210-1291-1.aspxidentity is just a normal column, not the identifier, I know, it is probalbly not right to use this word as an normal column, since it it reserved as identifier. I don't know how to make the square brackets. What would the SQL Statement be ?Wed, 17 Sep 2008 03:10:04 GMTpoloarunhttp://www.sqlservercentral.com/Forums/Topic570210-1291-1.aspxIs this the output of your response.write?Update web Set answer11='gerste' where identity=''3597@10P136P12P125''I see double quotes in the identity part. Check the Identity part. Also if I am not mistaken Identity (Your Column Name) is a Keyword. Put a square bracket for IDENTITY.Tue, 16 Sep 2008 08:53:28 GMTRoy Ernesthttp://www.sqlservercentral.com/Forums/Topic570210-1291-1.aspxI am trying out: Actually sql = "Update web Set answer1='" & answer1 & "' where identity='" & identity & "'"Gives the error message with Response.Write (SQL) Response.End Update web Set answer11='gerste' where identity=''3597@10P136P12P125'' Wich is not yet working.Tue, 16 Sep 2008 08:26:14 GMTpoloarunhttp://www.sqlservercentral.com/Forums/Topic570210-1291-1.aspxLook at the quotes after "antwort1="You have "' and I believe it should be '" .Tue, 16 Sep 2008 08:11:48 GMTKyle Neier ,http://www.sqlservercentral.com/Forums/Topic570210-1291-1.aspxHave you viewed the SQL string that is built and verified that it is valid in SSMS? Just a Response.Write(SQL) so you can verify the string is bing built correctly would help. If your table and column names are correct then I can't see anything wrong with SQL Statement.Tue, 16 Sep 2008 08:05:28 GMT Jack Corbetthttp://www.sqlservercentral.com/Forums/Topic570210-1291-1.aspxIt is obvious, the SQL Satement is wrong, But I can't yet manage it the right way. sql = "Update web Set antwort1="' & antwort1 & "' where erkennung='" & erkennung & "'"It doesnt work too!Can anybody help my aboout the Update Statement ?Tue, 16 Sep 2008 07:49:32 GMTpoloarunhttp://www.sqlservercentral.com/Forums/Topic570210-1291-1.aspxIf this is actually the line of code:[code]sql = Update web Set answer1='" & answer1 & "' where identity ='" & identity & [/code]Then it isn't going to work as you do not have an opening double-quote on the string and you are ending the line with the concatenation character.Beyond that you are leaving yourself open to SQL Injection by using the methods you are using. At the very least you should be using a command object with parameters instead of a straight SQL string.Tue, 16 Sep 2008 07:40:51 GMT Jack Corbetthttp://www.sqlservercentral.com/Forums/Topic570210-1291-1.aspxI suspect that your browser is suppressing the real error message. You should look to see if Friendly HTTP Error messages is turned on. Pertinent to this forum, what you are doing appears to be ripe for SQL injection. One of the basics is to use stored procedures and pass in parameters instead of building the ad-hoc SQL. There are all sorts of best practices out there regarding ASP and SQL Server development. I strongly suggest that you visit a few of these websites before getting too far down this path.KyleTue, 16 Sep 2008 07:40:11 GMTKyle Neier ,http://www.sqlservercentral.com/Forums/Topic570210-1291-1.aspxI am creating some questions site by ASP, by filling in the answers in a table on SQL 2005 and passing to the next site. I'm giving the user a kind of tracking (identity), wich the user is passing over from on Question site to the other by Request.Form. On the first Site the user is filling the name, first name, time and the kind of identity sql= "INSERT INTO web(first name ,name,identy,time)VALUES('" & first name & "','" & name & "','" & identy & "','" & time & "')" this works fine! No I would like to continue with an Update Statement. sql = Update web Set answer1='" & answer1 & "' where identity ='" & identity & It gives me just an Internet Error Message: The page can't be shown...Tue, 16 Sep 2008 07:25:08 GMTpoloarun