Incorrect syntax near the keyword 'WHERE'.

Any Ideas as to this error message. I am trying to learn using ms sql
server 7.0

Below is the code I am using for an update to a MS Sql Database.

<%@. Language=VBScript %>
<% Option Explicit %>

<html>
<head>
<title>Sample Script 2 - Part 3 </title>
<!-- copyright MDFernandez -->
<link rel="stylesheet" type="text/css" href="http://links.10026.com/?link=../part3sol/style.css">
</head>
<body bgcolor="#FFFFFF">
<!--#include virtual="/adovbs.inc"-->

<center>
<%

Dim oRS
Dim Conn

Dim Id
Dim Name
Dim StreetAddress
Dim City
Dim State
Dim Zip
Dim PhoneNumber
dim sql

Id = request.form("Id")
Name = request.form("Name")
StreetAddress = request.form("StreetAddress")
City = request.form("City")
State = request.form("State")
Zip = request.form("Zip")
PhoneNumber = request.form("PhoneNumber")

Set Conn = Server.CreateObject("ADODB.Connection")
Conn.open =("DRIVER=SQL Server;SERVER=(local);UID=;APP=AspRunner
Professional
Application;WSID=COMPAQAM;DATABASE=FriendsContactI nfo;Trusted_Connection=Yes")
'Conn.Open

sql="update FPFriends"
sql=sql & " set Name='" & Name & "',"
sql=sql & "StreetAddress='" & StreetAddress & "',"
sql=sql & "Ciy='" & City & "',"
sql=sql & "State='" & State & "',"
sql=sql & "Zip='" & Zip & "',"
sql=sql & "PhoneNumber='" & PhoneNumber & "',"
sql=sql & " WHERE Id=" & Id

set oRS=Conn.Execute (sql)
response.write "<font face='arial' size=4>"
response.write "<br><br>The record has been updated."
response.write "</b></font>"
' close the connection to the database
Conn.Close
%>
<!-- don't include in sample code display -->
<form>
<input type="button" value=" Close This Window "
onClick="window.location='aboutus.htm'"><br>
<button onClick="window.location='menu1_1.asp'">Update another
record</button>

</form>

</center>
</body>
</html>sql=sql & "PhoneNumber='" & PhoneNumber & "',"

It looks like the syntax error is due to the extraneous comma after the last
column.

I strongly suggest you google 'SQL injection'. Your current code will allow
a hacker can execute any arbitrary SQL statement. The best protection
against injection is to use parameterized SQL statements, stored procedures
and validate user input. Never build a SQL Statement string by
concatenating user input values. The example below uses a parameterized
UPDATE statement via OLEDB:

Const adParamInput = 1
Const adInteger = 3
Const adVarChar = 200

Set Conn = CreateObject("ADODB.Connection")
Set Command = CreateObject("ADODB.Command")

Conn.Open _
"Provider=SQLOLEDB;" & _
"Data Source=(local);" & _
"Integrated Security=SSPI;" & _
"Initial Catalog=FriendsContactInfo;" & _
"App=AspRunner Professional Application"

Command.ActiveConnection = Conn

Command.CommandText = _
" UPDATE dbo.FPFriends" & _
" SET" & _
" Name=?," & _
" StreetAddress=?," & _
" Ciy=?," & _
" State=?," & _
" Zip=?," & _
" PhoneNumber=?" & _
" WHERE Id=?"

Set parameter = Command.CreateParameter( _
"Name", _
adVarChar, _
adParamInput, _
30)
parameter.Value = Name
Command.Parameters.Append parameter

Set parameter = Command.CreateParameter( _
"StreetAddress", _
adVarChar, _
adParamInput, _
30)
parameter.Value = StreetAddress
Command.Parameters.Append parameter

Set parameter = Command.CreateParameter( _
"City", _
adVarChar, _
adParamInput, _
30)
parameter.Value = City
Command.Parameters.Append parameter

Set parameter = Command.CreateParameter( _
"State", _
adVarChar, _
adParamInput, _
2)
parameter.Value = State
Command.Parameters.Append parameter

Set parameter = Command.CreateParameter( _
"Zip", _
adVarChar, _
adParamInput, _
5)
parameter.Value = Zip
Command.Parameters.Append parameter

Set parameter = Command.CreateParameter( _
"PhoneNumber", _
adVarChar, _
adParamInput, _
15)
parameter.Value = PhoneNumber
Command.Parameters.Append parameter

Set parameter = Command.CreateParameter( _
"Id", _
adInteger, _
adParamInput)
parameter.Value = Id
Command.Parameters.Append parameter

Command.Execute

Conn.Close

--
Hope this helps.

Dan Guzman
SQL Server MVP

"DaveF" <jeacdf@.excite.comwrote in message
news:1173540573.073247.128620@.t69g2000cwt.googlegr oups.com...

Quote:

Originally Posted by

Any Ideas as to this error message. I am trying to learn using ms sql
server 7.0
>
Below is the code I am using for an update to a MS Sql Database.
>
<%@. Language=VBScript %>
<% Option Explicit %>
>
<html>
<head>
<title>Sample Script 2 - Part 3 </title>
<!-- copyright MDFernandez -->
<link rel="stylesheet" type="text/css" href="http://links.10026.com/?link=../part3sol/style.css">
</head>
<body bgcolor="#FFFFFF">
<!--#include virtual="/adovbs.inc"-->
>
<center>
<%
>
Dim oRS
Dim Conn
>
Dim Id
Dim Name
Dim StreetAddress
Dim City
Dim State
Dim Zip
Dim PhoneNumber
dim sql
>
Id = request.form("Id")
Name = request.form("Name")
StreetAddress = request.form("StreetAddress")
City = request.form("City")
State = request.form("State")
Zip = request.form("Zip")
PhoneNumber = request.form("PhoneNumber")
>
>
Set Conn = Server.CreateObject("ADODB.Connection")
Conn.open =("DRIVER=SQL Server;SERVER=(local);UID=;APP=AspRunner
Professional
Application;WSID=COMPAQAM;DATABASE=FriendsContactI nfo;Trusted_Connection=Yes")
'Conn.Open
>
>
sql="update FPFriends"
sql=sql & " set Name='" & Name & "',"
sql=sql & "StreetAddress='" & StreetAddress & "',"
sql=sql & "Ciy='" & City & "',"
sql=sql & "State='" & State & "',"
sql=sql & "Zip='" & Zip & "',"
sql=sql & "PhoneNumber='" & PhoneNumber & "',"
sql=sql & " WHERE Id=" & Id
>
>
>
set oRS=Conn.Execute (sql)
response.write "<font face='arial' size=4>"
response.write "<br><br>The record has been updated."
response.write "</b></font>"
' close the connection to the database
Conn.Close
%>
<!-- don't include in sample code display -->
<form>
<input type="button" value=" Close This Window "
onClick="window.location='aboutus.htm'"><br>
<button onClick="window.location='menu1_1.asp'">Update another
record</button>
>
</form>
>
</center>
</body>
</html>
>

Incorrect syntax near 'sp_cursorclose'

I get this error message when using JDBC and JSP to access a sqlserver 2000 database. Trying to insert a record. Insert works perfectly when run from query analyzer. Fails with above error message when inserting from web app.
Any ideas?
Amy Thropp wrote:

> I get this error message when using JDBC and JSP to access a sqlserver 2000 database. Trying to insert a record. Insert works perfectly when run from query analyzer. Fails with above error message when inserting from web app.
> Any ideas?
Show the actual jdbc code you're running and also the whole stacktrace of the
exception.
thanks
Joe
|||inserting lock with {INSERT INTO record_locks (type, record_id, session_id, user_id, timestamp) VALUES( 'epss', 1006, 'B77384E6BF824A351B8434967F99C7BF', 1, getdate())}
connection: jdbc:JSQLConnect://tsps5.bha.biancohopkins.com:1433/database=conversion_db/sa barfed on update {INSERT INTO record_locks (type, record_id, session_id, user_id, timestamp) VALUES( 'epss', 1006, 'B77384E6BF824A351B8434967F99C7BF', 1, getdate())}
, error: com.jnetdirect.jsql.u: sp_cursoropen/sp_cursorprepare: The statement parameter can only be a single select or a single stored procedure.
com.jnetdirect.jsql.u: sp_cursoropen/sp_cursorprepare: The statement parameter can only be a single select or a single stored procedure.
at com.jnetdirect.jsql.at.a(Unknown Source)
at com.jnetdirect.jsql.ae.f(Unknown Source)
at com.jnetdirect.jsql.ae.new(Unknown Source)
at com.jnetdirect.jsql.ae.for(Unknown Source)
at com.jnetdirect.jsql.l.execute(Unknown Source)
at com.jnetdirect.jsql.ae.else(Unknown Source)
at com.jnetdirect.jsql.ae.executeQuery(Unknown Source)
at TestLock.main(TestLock.java:28)
"Joe Weinstein" wrote:

>
> Amy Thropp wrote:
>
> Show the actual jdbc code you're running and also the whole stacktrace of the
> exception.
> thanks
> Joe
>
|||here's the code. The other posting had the stacktrace messages
public static void main( String[] args)
{
String query =
"INSERT INTO record_locks (type, record_id, session_id, " +
"user_id) " +
"VALUES( 'epss', 1006, 'B77384E6BF824A351B8434967F99C7BF', 1)";
try {
Class.forName( "com.jnetdirect.jsql.JSQLDriver");
Connection conn = DriverManager.getConnection( DB, USER, PASSWD);
Statement stmt =
conn.createStatement( ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
print( "inserting lock with {" + query + "}");
ResultSet rs = stmt.executeQuery( query);
print( "and got back from update");
} catch (Exception e) {
print( "connection: " + DB + "/" + USER + " barfed on update {" +
query + "}, error: " + e.toString());
e.printStackTrace();
}
return;
}
"Joe Weinstein" wrote:

>
> Amy Thropp wrote:
>
> Show the actual jdbc code you're running and also the whole stacktrace of the
> exception.
> thanks
> Joe
>
|||Ok.
The problem is that you're doing an insert (not a query), and then calling
executeQuery() instead of executeUpdate().
Try this:
String insert =
"INSERT INTO record_locks (type, record_id, session_id, " +
"user_id) " +
"VALUES( 'epss', 1006, 'B77384E6BF824A351B8434967F99C7BF', 1)";
Class.forName( "com.jnetdirect.jsql.JSQLDriver");
Connection conn = DriverManager.getConnection( DB, USER, PASSWD);
Statement stmt = conn.createStatement();
print( "inserting lock with {" + insert + "}");
stmt.executeUpdate(insert);
Joe Weinstein at BEA
Amy Thropp wrote:
[vbcol=seagreen]
> here's the code. The other posting had the stacktrace messages
> public static void main( String[] args)
> {
> String query =
> "INSERT INTO record_locks (type, record_id, session_id, " +
> "user_id) " +
> "VALUES( 'epss', 1006, 'B77384E6BF824A351B8434967F99C7BF', 1)";
> try {
> Class.forName( "com.jnetdirect.jsql.JSQLDriver");
> Connection conn = DriverManager.getConnection( DB, USER, PASSWD);
> Statement stmt =
> conn.createStatement( ResultSet.TYPE_SCROLL_INSENSITIVE,
> ResultSet.CONCUR_READ_ONLY);
> print( "inserting lock with {" + query + "}");
> ResultSet rs = stmt.executeQuery( query);
> print( "and got back from update");
> } catch (Exception e) {
> print( "connection: " + DB + "/" + USER + " barfed on update {" +
> query + "}, error: " + e.toString());
> e.printStackTrace();
> }
> return;
> }
>
> "Joe Weinstein" wrote:
>

Incorrect PageAudit

I've a database in SQLServer 2K Personal Edition. The database compatibility
level is set to 8. I was trying to create deployment package using Office 2K
Developer. I am using MSDE as my backend database manager.
Howerver when I try to attach my MDF in the MSDE, it gives me error as
follows:
"Invalid database page header. PageAudit Property is Incorrect"
Can anyone help me with this problem.
Thank you in advance
Dorji
hi Dorji,
Dorji wrote:
> I've a database in SQLServer 2K Personal Edition. The database
> compatibility level is set to 8. I was trying to create deployment
> package using Office 2K Developer. I am using MSDE as my backend
> database manager.
> Howerver when I try to attach my MDF in the MSDE, it gives me error as
> follows:
> "Invalid database page header. PageAudit Property is Incorrect"
Office 2000 provides MSDE 1.0 (based on SQL Server 7.0 code base)...
you can not restore/attach SQL Server 2000/MSDE 2000 databases on SQL Server
7.0/MSDE 1.0 intances..
you can perhaps download and use MSDE Rel A, updated at sp4 level from
http://www.microsoft.com/sql/msde/do...s/download.asp
Andrea Montanari (Microsoft MVP - SQL Server)
http://www.asql.biz/DbaMgr.shtmhttp://italy.mvps.org
DbaMgr2k ver 0.14.0 - DbaMgr ver 0.59.0
(my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
interface)
-- remove DMO to reply
|||Hello Adrea,
Thank you so much for your kind response. But I still couldn't manage to
attach my database. In fact I've tried several of my databases from the same
source, none seem to work. I can attach exisitng databases (model etc) but no
mine.
What could it be?
Dorji
"Andrea Montanari" wrote:

> hi Dorji,
> Dorji wrote:
> Office 2000 provides MSDE 1.0 (based on SQL Server 7.0 code base)...
> you can not restore/attach SQL Server 2000/MSDE 2000 databases on SQL Server
> 7.0/MSDE 1.0 intances..
> you can perhaps download and use MSDE Rel A, updated at sp4 level from
> http://www.microsoft.com/sql/msde/do...s/download.asp
> --
> Andrea Montanari (Microsoft MVP - SQL Server)
> http://www.asql.biz/DbaMgr.shtmhttp://italy.mvps.org
> DbaMgr2k ver 0.14.0 - DbaMgr ver 0.59.0
> (my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
> interface)
> -- remove DMO to reply
>
>
|||hi Dorji,
Dorji wrote:
> Hello Adrea,
> Thank you so much for your kind response. But I still couldn't
> manage to attach my database. In fact I've tried several of my
> databases from the same source, none seem to work. I can attach
> exisitng databases (model etc) but no mine.
>
are you trying to attach SQL Server 2000/MSDE 2000 databases on MSDE 1.0?
again, if this is the case, this is not a supported option...
Andrea Montanari (Microsoft MVP - SQL Server)
http://www.asql.biz/DbaMgr.shtmhttp://italy.mvps.org
DbaMgr2k ver 0.14.0 - DbaMgr ver 0.59.0
(my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
interface)
-- remove DMO to reply
|||Hi Andrea,
It works now. I did not know that MSDE installs in Windows security mode by
default. So I had to change it to SQL and the connection works fine.
However I've another thing to ask if you don't mind. I've multiple instance
of SQL Server and MSDE 2000. How can I connect to a particular Instance for
instance from MS Access ADP file?.
I must thank you for the DbaManager utility that you have posted on your
website. It is a great tool for MSDE users. It really helped me with my
project.
Dorji
"Andrea Montanari" wrote:

> hi Dorji,
> Dorji wrote:
> are you trying to attach SQL Server 2000/MSDE 2000 databases on MSDE 1.0?
> again, if this is the case, this is not a supported option...
> --
> Andrea Montanari (Microsoft MVP - SQL Server)
> http://www.asql.biz/DbaMgr.shtmhttp://italy.mvps.org
> DbaMgr2k ver 0.14.0 - DbaMgr ver 0.59.0
> (my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
> interface)
> -- remove DMO to reply
>
>
|||hi Dorji,
Dorji wrote:
> Hi Andrea,
> It works now. I did not know that MSDE installs in Windows security
> mode by default. So I had to change it to SQL and the connection
> works fine.
this should have little or nothing to do with the problem you reported...
changing the authentication supported mode to Mixed mode does not grant you
the option to attach invalid databases...
ok..

> However I've another thing to ask if you don't mind. I've multiple
> instance of SQL Server and MSDE 2000. How can I connect to a
> particular Instance for instance from MS Access ADP file?.
in the datalink dialog you have to select the server name...
the relative combo should be already populated with all available servers...
default instances will be in the form of "ComputerName", where named
instances will be listed as "ComputerName\InstanceName"...

> I must thank you for the DbaManager utility that you have posted on
> your website. It is a great tool for MSDE users. It really helped
> me with my project.
thank you for your interest in this prj of mine... and please feel free to
(privately) contact me for any question or concern about it, as long as for
suggestions and feedback
thank you
Andrea Montanari (Microsoft MVP - SQL Server)
http://www.asql.biz/DbaMgr.shtmhttp://italy.mvps.org
DbaMgr2k ver 0.14.0 - DbaMgr ver 0.59.0
(my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
interface)
-- remove DMO to reply

Inconsistent Linked Server Query Results

Hello,

I have a linked server named 'Charlie_File' to an Excel Workbook that I set up in SQLServer 2005 Management Studio. The workbook is on my local C drive. Sometimes, I get the results back that I expect when I run the following query;

SELECT*FROMOPENQUERY(Charlie_file,'SELECT * FROM [Feb$]')

Sometimes, on subsequent runs of the above query, I get the following message;

Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "MSDASQL" for linked server "Charlie_file" reported an error. The provider did not give any information about the error.
Msg 7303, Level 16, State 1, Line 1
Cannot initialize the data source object of OLE DB provider "MSDASQL" for linked server "Charlie_file".

There seems to be about a minute or so of a delay before the query will run correctly on subsequent attempts. Is there a connection issue here where a connection blocks subsequent attempts to select the data within a specific time span?

Thank you for your help!

cdun2

It turns out that the problem was with security settings on the linked server. I didn't have a mapping set up between the linked server and the SQL Server login for myself, so under 'For a login not defined in the list above, connections will;' I selected 'Be made using the login's current security context.'

cdun2

In SQLServer SI in ORACLE NO

Questo Statement in SQL Server funziona.
In Oracle PL/SQL se lo lancio funziona
Quando lo devo far funzionare da Vb.net mi si pianta e non va avanti . Sta
l a pensare.
Come mai ?

UPDATE proc_azienda
SET cod_fase_sign = (SELECT MAX(pfa.COD_FASE)
FROM PROC_FASE_RIGA pfa
WHERE (COD_GRUPPO = 'x09') AND
((TIP_DATI = 'I') OR (TIP_DATI = 'S')) AND
pfa.cod_processo = '02')
WHERE cod_gruppo = 'x09' AND
cod_processo = '02'

C' un'altro Statement:

UPDATE proc_azienda
SET cod_fase_sign = Fase
FROM (SELECT ep.cod_processo,
app.cod_azienda,
MAX(cast(ep.cod_fase as int)) as Fase
FROM esp_proc_prospetti ep,
APP_PROSP_AZ_8377 app,
(SELECT pa.cod_processo,
pa.cod_azienda,
pa.cod_fase_sign
FROM proc_azienda pa
WHERE pa.cod_gruppo = 'x09' and
pa.cod_processo = '05' and
pa.cod_fase_sign is null
GROUP BY pa.cod_processo,
pa.cod_azienda,
pa.cod_fase_sign) pnull
WHERE ep.cod_gruppo = 'x09' and
ep.cod_processo = app.cod_processo and
ep.cod_processo = pnull.cod_processo and
ep.cod_prospetto = app.cod_prospetto
GROUP BY ep.COD_PROCESSO,
app.COD_AZIENDA) FaseAzienda ,
proc_azienda pa
WHERE pa.cod_gruppo = 'x09' and
pa.cod_processo = FaseAzienda.cod_processo and
pa.cod_azienda = FaseAzienda.cod_azienda
Questa sintassi sembra regolare per SQL Server ma non per ORACLE.
Come deve essere ... ?

Grazie mille

S.Hi
Opinione di I can't capisco questo, essendo monolingue e non italiano!! Il
pesce de Babele non che utile neanche, ma ho pensato la prova di I'd!
La clausola del FROM nella dichiarazione del UPDATE non sostenuta nel
Oracle.
L'invio del DDL per il vostro TABLE della tabella structures(CREATE
TABLE...) ed i dati di esempio (come dichiarazione del INSERT) pu aiutare.
Ad una congettura desiderate qualcosa come:
UPDATE proc_azienda
SET cod_fase_sign = (SELECT MAX(pfa.COD_FASE)
FROM PROC_FASE_RIGA pfa
WHERE (pfa.COD_GRUPPO = proc_azienda.cod_gruppo) AND
(TIP_DATI = 'I' OR TIP_DATI = 'S') AND
pfa.cod_processo = proc_azienda.cod_processo)
WHERE cod_gruppo = 'x09' AND
cod_processo = '02'
Rimuova il
WHERE cod_gruppo = 'x09' AND cod_processo = '02'
al fiammifero su altri valori.
La vostra seconda dichiarazione lo ha perso completamente, ma quando ottiene
che complicato io trova solitamente che il metodo errato!
John

Hi

I can't say I understand this, being monolingual and not Italian!! Babel
Fish is not that helpful either, but I thought I'd try!

The FROM clause in the UPDATE statement is not supported in Oracle.

Posting the DDL for your table structures(CREATE TABLE...) and example data
(as INSERT statements) may help..

At a guess you want something like:

UPDATE proc_azienda
SET cod_fase_sign = (SELECT MAX(pfa.COD_FASE)
FROM PROC_FASE_RIGA pfa
WHERE (pfa.COD_GRUPPO = proc_azienda.cod_gruppo) AND
(TIP_DATI = 'I' OR TIP_DATI = 'S') AND
pfa.cod_processo = proc_azienda.cod_processo)
WHERE cod_gruppo = 'x09' AND
cod_processo = '02'
Remove WHERE cod_gruppo = 'x09' AND
cod_processo = '02' to match on other values.
Your second statement lost me totally, but when it gets that complicated it
I usually find that it is the wrong approach!
John
"Saimon" <saimon181072@.supereva.it> wrote in message
news:cgupi0$kss$1@.newsreader.mailgate.org...
> Questo Statement in SQL Server funziona.
> In Oracle PL/SQL se lo lancio funziona
> Quando lo devo far funzionare da Vb.net mi si pianta e non va avanti . Sta
> l a pensare.
> Come mai ?
> UPDATE proc_azienda
> SET cod_fase_sign = (SELECT MAX(pfa.COD_FASE)
> FROM PROC_FASE_RIGA pfa
> WHERE (COD_GRUPPO = 'x09') AND
> ((TIP_DATI = 'I') OR (TIP_DATI = 'S')) AND
> pfa.cod_processo = '02')
> WHERE cod_gruppo = 'x09' AND
> cod_processo = '02'
> C' un'altro Statement:
> UPDATE proc_azienda
> SET cod_fase_sign = Fase
> FROM (SELECT ep.cod_processo,
> app.cod_azienda,
> MAX(cast(ep.cod_fase as int)) as Fase
> FROM esp_proc_prospetti ep,
> APP_PROSP_AZ_8377 app,
> (SELECT pa.cod_processo,
> pa.cod_azienda,
> pa.cod_fase_sign
> FROM proc_azienda pa
> WHERE pa.cod_gruppo = 'x09' and
> pa.cod_processo = '05' and
> pa.cod_fase_sign is null
> GROUP BY pa.cod_processo,
> pa.cod_azienda,
> pa.cod_fase_sign) pnull
> WHERE ep.cod_gruppo = 'x09' and
> ep.cod_processo = app.cod_processo and
> ep.cod_processo = pnull.cod_processo and
> ep.cod_prospetto = app.cod_prospetto
> GROUP BY ep.COD_PROCESSO,
> app.COD_AZIENDA) FaseAzienda ,
> proc_azienda pa
> WHERE pa.cod_gruppo = 'x09' and
> pa.cod_processo = FaseAzienda.cod_processo and
> pa.cod_azienda = FaseAzienda.cod_azienda
> Questa sintassi sembra regolare per SQL Server ma non per ORACLE.
> Come deve essere ... ?
> Grazie mille
> S.