Formatting Your SQL Statement Correctly

Formatting Your SQL Statement Correctly


I am trying to set up a recordset from the results of a form. On the ASP page, I have set a variable to the entry from the form but I want to enter this value in the search query, whatever it may be.

<% style= Request.Form("IPStyle") price = Request.Form("IPPrice")%><% IF price = "Cheap" THEN    Set RSFrames = Server.CreateObject("ADODB.Recordset")   strSql = "SELECT * FROM Frames WHERE Type = style  AND Cost < 10"    RSFrames.Open  strSQL, cn

This code works except I can only make the 'Type = style' search for the word "style" or I generate an error.


In your code, "style" is a variable that contains the value of whatever was present in the form control: "IPStyle". Within your SQL statement, you want this value to be placed, and not the name of the variable.

Therefore, change your SQL statement from:

strSql = "SELECT * FROM Frames WHERE Type = style  AND Cost < 10" 


strSql = "SELECT * FROM Frames WHERE Type = " & style & " AND Cost < 10" 

If the field named 'Type' is a character field (string), then you need to enclose the value of the "style" variable within quotes. So, change your SQL statement to:

strSql = "SELECT * FROM Frames WHERE Type = '" & style & "' AND Cost < 10" 

If there is a potential for the value of the "style" variable itself to have a single quote within it (for example, "Ladies' Jackets"), then you need to be extra careful. So change your code to take care of that issue first, by replacing all occurrences of the single quotes to two single quotes:

style = Replace(style, "'", "''")   strSql = "SELECT * FROM Frames WHERE Type = '" & style & "' AND Cost < 10" 

By the way, you should avoid using names like "style", and "price" for your variables. "Style" is a reserved word in HTML, and CSS (whether using JavaScript or VBScript). You will have trouble and will spend hours trying to figure out why your code is not working. Always use non-English-dictionary words for variable names. For example, simply change it to "strStyle".

Share the Post:
Heading photo, Metadata.

What is Metadata?

What is metadata? Well, It’s an odd concept to wrap your head around. Metadata is essentially the secondary layer of data that tracks details about the “regular” data. The regular

XDR solutions

The Benefits of Using XDR Solutions

Cybercriminals constantly adapt their strategies, developing newer, more powerful, and intelligent ways to attack your network. Since security professionals must innovate as well, more conventional endpoint detection solutions have evolved

AI is revolutionizing fraud detection

How AI is Revolutionizing Fraud Detection

Artificial intelligence – commonly known as AI – means a form of technology with multiple uses. As a result, it has become extremely valuable to a number of businesses across

AI innovation

Companies Leading AI Innovation in 2023

Artificial intelligence (AI) has been transforming industries and revolutionizing business operations. AI’s potential to enhance efficiency and productivity has become crucial to many businesses. As we move into 2023, several