0

I've been using this for quite a while, and I recently changed hostings. when I used the script, it says

ERROR [42000] [MySQL][ODBC 3.51 Driver][mysqld-5.1.68-community] You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.Odbc.OdbcException: ERROR [42000] [MySQL][ODBC 3.51 Driver][mysqld-5.1.68-community]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Source Error:

Line 16: connectme.Open() Line 17: Dim ODBCdataadapter As OdbcDataAdapter = New OdbcDataAdapter(sqlquery, connectme) Line 18: ODBCdataadapter.Fill(ODBCdataset, "table") Line 19:
connectme.Close()

What went wrong?

Comment code

Dim connectionstring As String = ConfigurationManager.ConnectionStrings("DBstring").ConnectionString 
Dim connectme As OdbcConnection = New OdbcConnection(connectionstring) 
Dim ODBCdataset As DataSet = New DataSet() 
Dim sqlquery As String = "SELECT * FROM table WHERE fno = " & Request.QueryString("id") 
connectme.Open() 
Dim ODBCdataadapter As OdbcDataAdapter = New OdbcDataAdapter(sqlquery, connectme)  
ODBCdataadapter.Fill(ODBCdataset, "tkhstock") connectme.Close()
Humayun Shabbir
  • 2,961
  • 4
  • 20
  • 33
AndrewTsang
  • 306
  • 3
  • 19
  • _What went wrong?_ - Like it says: you have a syntax error in your SQL, but since you haven't posted that there's nothing more we can say. –  Jul 29 '14 at 04:21
  • Please add the `sqlquery` string variable. – e4rthdog Jul 29 '14 at 04:21
  • Also if you know, tell us the previous version of MySQL and the current one. – e4rthdog Jul 29 '14 at 04:25
  • Dim connectionstring As String = ConfigurationManager.ConnectionStrings("DBstring").ConnectionString Dim connectme As OdbcConnection = New OdbcConnection(connectionstring) Dim ODBCdataset As DataSet = New DataSet() Dim sqlquery As String = "SELECT * FROM table WHERE fno = " & Request.QueryString("id") connectme.Open() Dim ODBCdataadapter As OdbcDataAdapter = New OdbcDataAdapter(sqlquery, connectme) ODBCdataadapter.Fill(ODBCdataset, "tkhstock") connectme.Close() – AndrewTsang Jul 29 '14 at 04:26
  • Check that the Querystring is actually has a value `SELECT * FROM table WHERE fno = ` will result in a syntax error – Jon P Jul 29 '14 at 04:50

1 Answers1

1

Assuming that your fno is varchar you should be using as below

 Dim sqlquery As String = "SELECT * FROM table WHERE fno = '" & 
                           Request.QueryString("id") & "'"

Parametrize Command Example

  1. How do I create a parameterized SQL query? Why Should I?
  2. http://aspsnippets.com/Articles/Using-Parameterized-queries-to-prevent-SQL-Injection-Attacks-in-SQL-Server.aspx
Community
  • 1
  • 1
शेखर
  • 17,412
  • 13
  • 61
  • 117
  • Thanks for the reply. for security purposes, is it possible to change the request.querystring to session id? I tried Dim id1 as string= Session("id") then Select from table where fno = = '" & id1 & "'" – AndrewTsang Jul 29 '14 at 04:57
  • Why do you want to use session. You can check for the correct format on page load and accessibility. You can use parametrize query rather than direct using query string value in your query. – शेखर Jul 29 '14 at 05:00
  • How do I do that? I'm still new to this so I don't have much ideas. – AndrewTsang Jul 29 '14 at 05:02