Microsoft OLE DB Provider for SQL Server error '80040e14' Incorrect syntax near '='

Question

I get this error when i try to retrieve the data from database using the following piece of code.

Can someone help?

set rs = Server.CreateObject("ADODB.recordset")
sql = " SELECT * from COMPANY WHERE COMPANY_ID = " & Request.Form("CompanyId")
rs.Open sql, cnn

Answer 1

First of all, this is bad practice to do ad-hoc queries without using parameters. SQL Injection attack info: http://en.wikipedia.org/wiki/SQL_injection

To answer the question, though, you need to have single quotes around your varchar or char value that you are searching for.

set rs = Server.CreateObject("ADODB.recordset")
sql = " SELECT * from COMPANY WHERE COMPANY_ID = '" & Request.Form("CompanyId") & "'"
rs.Open sql, cnn