I am passing two (2) parameters in the URL, and building the following SQL:
mQry = "SELECT DISTINCT name FROM link3 WHERE invoice_num =" & request.querystring("num") & "AND name LIKE" & request.querystring("nam")
I got an error message:
Microsoft OLE DB Provider for Oracle error '80040e14'
ORA-00933: SQL command not properly ended
What would be the right syntax for this?
You need to put quotes around the LIKE clause. Also, you could consider using percents for wildcard matching
mQry = "SELECT DISTINCT name FROM link3 WHERE invoice_num =" & request.querystring("num") & " AND name LIKE '%" & request.querystring("nam") & "%' "
Part of your problem may be the improper spacing around the quotes where you're inserting the values. This:
mQry = "SELECT DISTINCT name FROM link3 WHERE invoice_num =" & request.querystring("num") & "AND name LIKE" & request.querystring("nam")
Will most likely result in sending this to the database:
SELECT DISTINCT name
FROM link3
WHERE invoice_num =2AND name LIKEsomeothervalue
If you add proper spacing like this:
mQry = "SELECT DISTINCT name FROM link3 WHERE invoice_num = " & request.querystring("num") & " AND name LIKE " & request.querystring("nam")
It would give you a more properly formatted result like this:
SELECT DISTINCT name
FROM link3
WHERE invoice_num = 2 AND name LIKE someothervalue
Any time I get errors that indicate problems with SQL formatting/structure I tend to log the SQL that is sent before it goes to the database. This helps spot odd issues like that.
Also, sharpguru is probably right - the LIKE clause probably isn't formatted correctly either. You need to enclose text values in single-quotes, and the % is a wildcard matching 0 or more characters - making this more like what you are probably looking for:
mQry = "SELECT DISTINCT name FROM link3 WHERE invoice_num = " & request.querystring("num") & " AND name LIKE '%" & request.querystring("nam") & "%'"
Now, this does all assume that invoice_num is some sort of numeric value - which is implied in your question and code. However, if it is not (as suggested by your comment and other questions), you would need to put the value in single quotes - just like any other text field in almost all RDBMSs:
mQry = "SELECT DISTINCT name FROM link3 WHERE invoice_num = '" & request.querystring("num") & "' AND name LIKE '%" & request.querystring("nam") & "%'"
The above would also be used if the data type of the database column invoice_num was set to a non-numeric data type. Just because the data is somehting that could be called numeric, doesn't mean it's automatically treated as numeric. If the data type of the column is text, ntext, or any other non-numeric type, then you will need to surround the value in quotes just like any other text value.
And, while not related to the question, I'm hoping this is an over-simplified example and you're not directly inserting QueryString values into the SQL statement. If you haven't been told yet, that's opening you up to a wide variety of security problems - look up some information on SQL Injection.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 一夜七次 的文章《ASP Classic SQL Query error message, right syntax 》','https://www.manongdao.com/article-277900.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}