may i know what is my problem, why i alway cant success add record?? <html> <body> <% Dim adoCon Dim rsAddComments Dim strSQL Set adoCon = Server.CreateObject("ADODB.Connection") adoCon.Open "DRIVER={MySQL ODBC 3.51 Driver};SERVER=localhost; DATABASE=mydatabase; UID=root;PASSWORD=1234; OPTION=3" Set rsAddComments = Server.CreateObject("ADODB.Recordset") strSQL="INSERT INTO mytable (domain_name, expiry_date, company_name, administrator, hosting_amt, dns_amt, hosting_desc, dns_desc, invoice_date, remarks, status, timestamp_update, timestamp_create)" strSQL=strSQL & " VALUES " strSQL=strSQL & "('" & Request.Form("domain_name") & "'," strSQL=strSQL & "'" & Request.Form("expiry_date") & "'," strSQL=strSQL & "'" & Request.Form("company_name") & "'," strSQL=strSQL & "'" & Request.Form("administrator") & "'," strSQL=strSQL & "'" & Request.Form("hosting_amt") & "'," strSQL=strSQL & "'" & Request.Form("dns_amt") & "')" strSQL=strSQL & "'" & Request.Form("hosting_desc") & "'," strSQL=strSQL & "'" & Request.Form("dns_desc") & "'," strSQL=strSQL & "'" & Request.Form("invoice_date") & "'," strSQL=strSQL & "'" & Request.Form("remarks") & "')" strSQL=strSQL & "'" & Request.Form("status") & "'," strSQL=strSQL & "'" & Request.Form("timestamp_update") & "'," strSQL=strSQL & "'" & Request.Form("timestamp_create") & "')" on error resume next adocon.Execute strSQL, recaffeted if err<>0 then Response.Write("Record Add Fail!") else Response.Write("<h3>" & recaffected & " record added</h3>") end if adocon.Close Set adocon = Nothing strSQL.Close Set strSQL = Nothing %> </body> </html> Code (markup):
I think your error handling is probably supressing the error message - might be worthwhile temporarily removing it. Try writing the sql string to the screen and then manually execute that query against your database. That should show what's wrong with it. regards FBJ
good advice john. eric try his suggestions and let us know what you see. Also, eric, it's extremely bad practice to pass form data directly to the database, fyi. this is an open door for hackers to gain access to your files through something called "sql injection". see http://forums.digitalpoint.com/showthread.php?t=101943 for a primer - it's got various methods of cleansing data, so pick your poison, but do cleanse your variables one way or another before they are passed to your sql query. read this article for more info on how sql injection is achieved and what you can do to prevent it. http://www.securiteam.com/securityreviews/5DP0N1P76E.html
Avoiding a SQL Injection is simple. You write a function that filters out (replaces) the following words from your SQL String: truncate delete from alter table ; exec There are other dangerous commands and you'll have to include them all here. The basic idea is that you'll call the function against your SQL string just before it's to be executed.