Here is the SQL statement: SQL = INSERT INTO MYIMAGES(image_blob, filename, description, filesize, accountnum,

Question

0

Asked: June 18, 20262026-06-18T11:11:02+00:00 2026-06-18T11:11:02+00:00

Here is the SQL statement: SQL = INSERT INTO MYIMAGES(image_blob, filename, description, filesize, accountnum,

0

Here is the SQL statement:

SQL = "INSERT INTO MYIMAGES(image_blob, filename, description, filesize, accountnum, rmanum, billol, copiedfilename) VALUES(?, '"
SQL = SQL & File.Filename & "', '"
SQL = SQL & Replace(Upload.Form("DESCR"), "'", "''") & "', '"
SQL = SQL & File.Size & "', '"
SQL = SQL & Replace(Upload.Form("accountnum"), "'", "''") & "', '"
SQL = SQL & Replace(Upload.Form("rmanum"), "'", "''") & "', '"
SQL = SQL & Replace(Upload.Form("billol"), "'", "''") & "', "
SQL = SQL & Replace(Upload.Form("accountnum"), "'", "''") & "-" & Replace(Upload.Form("rmanum"), "'", "''") & ")"

accountnum = 3456345 rmanum = 345234

The value in the database that gets entered is 3111111 what I want it to be is 3456345-345234

The data type of the column is varchar(255) – what am I doing wrong??

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-18T11:11:03+00:00

If you use sql parameters you can avoid REPLACE and also any sql injections

Ex:

Change sql statement to

INSERT INTO MYIMAGES(image_blob, filename, description, filesize, 
   accountnum, rmanum, billol, copiedfilename) 
VALUES(@p1, @p2, @p3,@p4,@p5, @p6, @p7,@p8)

Then do

cmd.Parameters.AddWithValue("@p2",File.Filename)
cmd.Parameters.AddWithValue("@p3",Upload.Form("DESCR"))

….

//this will insert correct data
cmd.Parameters.AddWithValue("@p8",Upload.Form("accountnum") & "-" & 
                                  Upload.Form("rmanum"))

Updated based on OP comment:
For ASP try this

dim cmd, rs, param1, param2, param3, param4, param5,param6, param7, param8
set cmd = server.CreateObject("adodb.command")
strCmd = "INSERT INTO MYIMAGES(image_blob, filename, description, 
            filesize, accountnum, rmanum, billol, copiedfilename)
            VALUES(?,?,?,?,?,?,?,?)"
Set cmd.ActiveConnection = objConn
cmd.CommandText = strCmd
cmd.CommandType = adCmdText
Set param1 = cmd.CreateParameter ("image_blob", adWChar, adParamInput, 50)
param1.value = image_blob
cmd.Parameters.Append param1
....
Set param8 = cmd.CreateParameter ("copiedfilename", adWChar, adParamInput, 50)
param8.value = Upload.Form("accountnum") & "-" & Upload.Form("rmanum")
cmd.Parameters.Append param8
Set rs = cmd.Execute()

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Here is the SQL statement: SQL = INSERT INTO MYIMAGES(image_blob, filename, description, filesize, accountnum,

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply