Click here to Skip to main content
12,896,175 members (51,686 online)

Need Help with Form Data to SQL Injection

BlackReef asked:

Open original thread

I have never done any code like this before (I am a web designer).

We have a 'dealer request' form on out website, where 'dealers' can put in there Name, Contact Info, Dealer Account #, etc.

Currently - when this form is filled out and submitted, all that happens is that I get an email with that information, and then I manually input it into the SQL database.

I followed a tutorial online, but each time I hit the 'submit', I just get a 500 Internal Server error. Here is the current form_ac.asp (I removed the login credentials obviously):

' Declaring variables
Dim first, last, account, email, state, comments, data_source, con, sql_insert
' A Function to check if some field entered by user is empty
Function ChkString(string)
	ChkString = Replace( Trim(string) , "'", "''")
End Function
' Receiving values from Form
first = ChkString(Request.Form("first"))
last = ChkString(Request.Form("last"))
dealer = ChkString(Request.Form("dealer"))
account = ChkString(Request.Form("account"))
email = ChkString(Request.Form("email"))
state = ChkString(Request.Form("state"))
phone_area = ChkString(Request.Form("phone_area"))
data_source = Server=SERVERNAME; Database=DB NAME;User Id=USERID;Password=PASSWORD; 
sql_insert = "insert into users (first, last, dealer, account, email, state, phone_area) values ('" & _
                first & "','" last & "','" & dealer & "', '" & account & "', '" & email & "', '" & state & "', '" & phone_area & "')"

' Creating Connection Object and opening the database
Set con = Server.CreateObject("ADODB.Connection")
con.Open data_source
con.Execute sql_insert
' Done. Close the connection
Set con = Nothing

Any advice, suggestions or guidance would be greatly appreciated.


When answering a question please:
  1. Read the question carefully.
  2. Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
  3. If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Let's work to help developers, not make them feel stupid.
Please note that all posts will be submitted under the The Code Project Open License (CPOL).

Advertise | Privacy | Mobile
Web02 | 2.8.170424.1 | Last Updated 26 Mar 2009
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100