Reputation: 1018
Parameterised query asp classic missing operand error
I am trying to get a paramterised query to work in asp classic. Any help appreciated Here is the error
Microsoft OLE DB Provider for Visual FoxPro error '80040e14' Missing operand. /portal/jobportal/getaddress1.asp, line 141
function paramQuery()
code = ucase(request.querystring("code"))
stype = request.querystring("type")
cAddressType = request.querystring("caddresstype")
Set rs = Server.CreateObject("ADODB.recordset")
Set cmd = server.CreateObject("ADODB.Command")
If IsObject(Session("portal_conn")) Then
Set conn = Session("portal_conn")
Else
Set conn = Server.CreateObject("ADODB.Connection")
cConnString = "Provider=vfpoledb;Data Source="+session("portaldata")+"portal.dbc"
conn.open cConnString,"",""
Set Session("portal_conn") = conn
end if
cmd.ActiveConnection = conn
cmd.Prepared = true
cmd.CommandType = 1
cmd.CommandText = "SELECT * from uaddress where userid = "+cstr(session("userid"))+" and upper(name) like ? + % "+" and type = '"+ trim(cAddresstype)+"' order by add1"
set param1 = cmd.CreateParameter("@name",200,2,40)
cmd.Parameters.append param1
cmd.Parameters("@name") = code
cmd.Execute() <-- missing operand error
rs.Open cmd
end function
Upvotes: 1
Views: 1691
Answers (3)
Reputation: 330
It seems like VFP does not support named parameters , just add your params in the order that apears in the query by using (?) instead of the named param and it will work.
instead of :
cmd.Parameters("@name") = code
Use :
cmd.Parameters("?") = code
Upvotes: 0
Reputation: 66389
When using parameter for SQL like clause you need to pass the % as part of the parameter value.
Also to protect against SQL Injection attacks you really better use parameters for the other values as well:
cmd.CommandText = "SELECT * FROM uaddress WHERE userid=? AND UPPER(name) LIKE ? AND type=? ORDER BY add1"
set param1 = cmd.CreateParameter("@id", 200, 2, 40)
cmd.Parameters.append param1
cmd.Parameters("@id") = cstr(session("userid"))
set param2 = cmd.CreateParameter("@name", 200, 2, 40)
cmd.Parameters.append param2
cmd.Parameters("@name") = "%" & code & "%"
set param3 = cmd.CreateParameter("@type", 200, 2, 40)
cmd.Parameters.append param3
cmd.Parameters("@type") = trim(cAddresstype)
cmd.Execute()
Upvotes: 2
Reputation: 8459
You need quotes around the % character:
... +" and upper(name) like ? + '%' "+ ...
Upvotes: 0
Related Questions
- Parameterized query in Classic Asp
- Using SQL Parameters in ASP CLASSIC, object improperly defined error
- Parameterizing sql in asp
- Using SQL parameters returns "Arguments are of the wrong type"
- ASP Classic Named Parameter in Paramaterized Query: Must declare the scalar variable
- classic asp parameter query to MYSQL
- ASP Classic with SQL - No value given for one or more parameters
- Classic ASP/MySQL - Parameter Issue
- Passing value through parametised query
- Parameterized SQL Query error