-3

When inserting data into a database, the following error occurs

"Excepted end of statement" 

 sqlstr = "INSERT INTO tblContact (Email,FirstName,LastName,Comments) VALUES ('" & Email & "', '" & First Name & "','" & Last Name & "','" & Comments & "')"
 objConn.Execute sqlstr
p.campbell
  • 98,673
  • 67
  • 256
  • 322
Rameez
  • 125
  • 2
  • 4
  • 14

2 Answers2

2

Try using single-word identifiers for your first-name and last-name variables: 

sqlstr = "INSERT INTO tblContact (Email,FirstName,LastName,Comments) " & _
         " VALUES ('" & Email & "', '" & FirstName & "','" & LastName & "','" & Comments & "')"
 objConn.Execute sqlstr

Assuming you've got variables with those names in your VBScript, that'll solve your current problem with Expected end of statement.

Your second problem is your code's vulnerability to SQL injection.

To help fix that problem, see:

Community
  • 1
  • 1
p.campbell
  • 98,673
  • 67
  • 256
  • 322
  • I still got error, is any problem in insert query please tell me sqlstr = "INSERT INTO [tblContact] ([Email],[FirstName],[LastName],[Comments]) VALUES ('" & Email & "', '" & First Name & "','" & Last Name & "','" & Comments & "')" – Rameez Aug 19 '11 at 06:45
  • 1
    @Rameez : Unfortunately, you missed the point entirely. You CANNOT use spaces in your variable names when initializing `sqlstr`. You CANNOT use `First Name`. Modify your code to be `FirstName`. Secondly, edit your question to show the ENTIRE code, especially where you're initializing `Email`, `FirstName`, `Comments` (where are these values coming from)? – p.campbell Aug 19 '11 at 13:38
1

You might have single quote in one of the values, resulting in invalid SQL. You have to escape single quotes, though better rewrite your code to use parameters instead.

sqlstr = "INSERT INTO tblContact (Email, FirstName, LastName, Comments) " & _
     " VALUES ('" & Replace(Email, "'", "''") & "', '" & Replace(FirstName, "'", "''") & "', '" & Replace(LastName, "'", "''") & "', '" & Replace(Comments, "'", "''") & "')"
objConn.Execute sqlstr
Shadow The GPT Wizard
  • 66,030
  • 26
  • 140
  • 208