Below is my simple asp code that I am using to insert some data to the SQL Server database. It gives the below error. Could someone please have a look and let me know the error with this code?
<html>
<head>
<title>Address Book Insertion</title>
</head>
<body>
<%
set connection=Server.CreateObject("ADODB.Connection")
connection.Open "Provider=SQLOLEDB;Server=charithj-pc;Integrated Security=SSPI;Initial Catalog=AddressDB;"
cmd = "INSERT INTO AddressBook (FirstName, Surname, Address) VALUES ('"
cmd = cmd & Request("FirstName") & "','"
cmd = cmd & Request("Surname") & "','"
cmd = cmd & Request("Address") & "')"
Response.Write(cmd)
on error resume next
connection.Execute cmd
if err <> 0 then
Response.Write("Insertion failed")
else
Response.Write("Insertion successful")
end if
connection.close
%>
</body>
</html>
The website cannot display the page
HTTP 500
Most likely causes:
•The website is under maintenance.
•The website has a programming error.
go in your browser, i assume it's internet explorer and disable "show friendly http errors". this helps you to see the real error message.
btw. your code allows sql injection. use sql parameters or replace some characters like single quote etc.
The points made about turning off friendly HTTP errors, removing the on error resume and taking care of the SQL injection are all correct and you should do them before we go too far on guessing what is wrong, but one thing does stand out in your VB Script code (that is the language embedded in ASP Classing in the <% %>).
That is your use of Response.Write().
What this does is allow the code to return output to the browser. When you have the line:
Response.Write(cmd)
You are sending the string representation of your cmd object back to the browser. That could easily break the server side creation of the page.
Two more general pieces of advice to get you working better:
For all but the most trivial pages it is usually better to remove the code from the ASP page and put it into a stand alone libary that the ASP page then calls. This is certainly advisable to data access code.
While testing, your VB script code does not need to be run out of the ASP page, you can copy the script out into a text file. Rename that file .vbs and you should be able to run the VB script by double clicking on that. I've always found this much more convenient when working through a bug.
This is the error now I get. Microsoft
OLE DB Provider for SQL Server error
'80004005' Cannot open database
"AddressDB" requested by the login.
The login failed.
/AddressBook/Insert.asp, line 9 –
Either try to use sql authentication, see connection string is here: www.connectionstrings.com/
or change your security settings:
http://msdn.microsoft.com/en-us/library/2xzyzb0f.aspx
