Current location: Hot Scripts Forums » Programming Languages » ASP » Syntax error (missing operator) in query expression 'MESSAGES.CAT_ID ='.

Syntax error (missing operator) in query expression 'MESSAGES.CAT_ID ='.

LinkBack

Thread Tools

Display Modes

#3 (permalink)

10-20-09, 02:31 PM

Dwagar

Newbie Coder

Join Date: Sep 2008

Location: Ohio

Posts: 31

Thanks: 0

Thanked 0 Times in 0 Posts

Syntax Error

Your code can be attacked using a SQL Injection.

I would change this code

rsForums.Source = " SELECT * FROM (SELECT *, (SELECT COUNT (*) FROM REPLIES WHERE REPLIES.MSG_ID = MESSAGES.MSG_ID) AS REP_COUNT FROM MESSAGES, CATEGORIES WHERE CATEGORIES.CAT_ID = MESSAGES.CAT_ID) WHERE MESSAGES.CAT_ID = '" & fixword(intCat_Id) & "' ORDER BY MSG_LAST_POST DESC"

Then add a function

function fixword(stext)
fixword = replace(stext,"'","''")
end function

Maybeyour querystring is passing a ' and that can cause an error too.

__________________
SepCity Portal Solutions

Bookmarks

« MSXML2.ServerXMLHTTP -- can't call self | - »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is Off HTML code is Off Trackbacks are On Pingbacks are On Refbacks are On Forum Rules

Forum Jump

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Syntax error (missing operator) in query expression 'Site_Info.Location_ID='.	minime	ASP	5	03-11-09 03:51 AM
Syntax Error	Nikas	Database	4	05-15-08 11:48 AM
Declared Functions	skipper23	PHP	4	12-17-03 11:06 AM
index page not showing up	skipper23	PHP	3	12-15-03 02:10 PM
Syntax error (missing operator) in query expression	crobinson	ASP	4	11-23-03 09:49 PM

Syntax error (missing operator) in query expression 'MESSAGES.CAT_ID ='.

Internet Services

Website Development

Tech Hardware