Results 1 to 2 of 2

Thread: 80040e10|No_value_given_for_one_or_more_required_parameters

  1. #1

    Thread Starter
    New Member
    Join Date
    Jul 2022
    Location
    Raleigh NC
    Posts
    1

    80040e10|No_value_given_for_one_or_more_required_parameters

    Greetings,

    I volunteer for a local animal rescue group and have been tasked to maintain the group's website since the webmaster moved on. I have little experience with code, so I am looking for a little assistance. Kinda learning on the fly, so to speak.

    I am attempting to gather data from a web page and send to an access database and have hit a snag.... the web page is at https://triangleshelties.com/content...ntake_form.asp and each section has a different table in the access database. When the code moves from inserting data into the database from the first section (Owner information) to the second section (Information about your dog) I get the title error. I have checked the spelling for each field in the code and database, and so forth and cannot find an error, so I am assuming my method of moving from one table to another is the problem. Can anyone lend some assistance or suggestions?

    I can include the database file if will assist.
    Attached Files Attached Files

  2. #2
    Member
    Join Date
    Jul 2017
    Posts
    43

    Re: 80040e10|No_value_given_for_one_or_more_required_parameters

    1) You're missing the quotes on line 565:

    strSQL = strSQL & ""&surrender_dog_sleep&" "

    Should be:


    strSQL = strSQL & "'"&surrender_dog_sleep&"'"



    2) Remove the link to your website from your post. You're wide open to SQL injection - someone could extract all the info in your database or delete it all. You can fix that with parameters:

    I've done the first query as an example (untested). Replace lines 507-530 with this:

    dim cmd : set cmd = server.createobject("adodb.command")
    set cmd.ActiveConnection = objConn

    strSQL = ""
    strSQL = strSQL & "INSERT INTO tbl_owners ("
    strSQL = strSQL & "surrender_firstname, "
    strSQL = strSQL & "surrender_lastname, "
    strSQL = strSQL & "surrender_hphone, "
    strSQL = strSQL & "surrender_cphone, "
    strSQL = strSQL & "surrender_location, "
    strSQL = strSQL & "surrender_email, "
    strSQL = strSQL & "surrender_children, "
    strSQL = strSQL & "surrender_pets "
    'strSQL = strSQL & "surrender_form_date "
    strSQL = strSQL & ") VALUES (?,?,?,?,?,?,?,?)"

    cmd.CommandText = strSQL
    cmd.Execute(, Array(surrender_firstname,surrender_lastname,surrender_hphone,surrender_cphone,surrender_location,su rrender_email,surrender_children,surrender_pets))


    If that works, do the same for the other queries. Using a tool like Sqlmap, it would take 5 minutes for someone to wreck your database.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width