View Single Post
  #8 (permalink)  
Old March 7th, 2007, 07:48 PM
click click is offline
Authorized User
 
Join Date: Mar 2007
Location: , , .
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
Default

What he means is do a response.write of ONLY the sql syntax, and then read it, it should have your values etc in there, with not syntax errors.

I think you should really think close about what your doing though. Your leaving it open to a SQL injection attack. Thats where someone puts malicious code into a text box, and on submit, it runs against your database and can update/delete/destroy things your not aware.

That being said I ran your query and got this.
UPDATE Ques_Table SET userAns= 'hello' Where QuesNo ='world'
and the query will work as long as everything else is how it should be, which means either your connection isnt happenign properly, or your columns are not spelled correctly or the 'types' are not varchar, and the compare is failing based on type.


Reply With Quote