Correction to SQL Statement Problem

[meldrape]

Greetings,

The following SQL statement works directly in SQL Enterprise Manager when I type in the values of the grad ID and/or the certificate number, but when it's in ASP using the variable, it returns all records whether I want them or not. The response object is from a text box in which the users type a certificate number or a graduate ID then submit.

dim strCert
strCert = trim(Request("cert&quot)

Set oRs = Server.CreateObject("ADODB.Recordset&quot
Set oRs = objConn.Execute("SELECT * from vw_ProfileNew WHERE (GradID = '" & strCert & "') OR (CertNum = '" & strCert & "')&quot

Any help or suggestions would be greatly appreciated. I'm not familiar with stored procedures, but if that's a better option, I'm open.

Thanks.

 

[tlbroadbent]

Are GradID and CertNum numeric or character data types. The names would indicate numeric. If so, remove the single quotes in the query string.

Set oRs = objConn.Execute("SELECT * from vw_ProfileNew WHERE (GradID = " & strCert & &quot OR (CertNum = " & strCert & &quot&quot
Terry Broadbent
Please review faq183-874.

"The greatest obstacle to discovery is not ignorance -- it is the illusion of knowledge." - Daniel J Boorstin