Microsoft OLE DB Provider for SQL Server Error "80040e14" Invalid syntax near '='

Question

Microsoft OLE DB Provider for SQL Server Error "80040e14" Invalid syntax near '='

I get this error when I try to get data from a database using the following code snippet.

Can anyone help?

set rs = Server.CreateObject("ADODB.recordset") sql = " SELECT * from COMPANY WHERE COMPANY_ID = " & Request.Form("CompanyId") rs.Open sql, cnn

+5

sql-server syntax-error

Jeraldine gabrielle Nov 05 '14 at 6:21

source share

1 answer

ps2goat · Accepted Answer · 2014-11-05T06:47:34+0000

First of all, it is bad practice to make ad-hoc requests without using parameters. SQL Injection Attack Information: http://en.wikipedia.org/wiki/SQL_injection

To answer the question, you need to have single quotes around your varchar or char value that you are looking for.

 set rs = Server.CreateObject("ADODB.recordset") sql = " SELECT * from COMPANY WHERE COMPANY_ID = '" & Request.Form("CompanyId") & "'" rs.Open sql, cnn

Microsoft OLE DB Provider for SQL Server Error "80040e14" Invalid syntax near '='

More articles: