Below is my simple asp code that I am using to insert some data to the SQL Server database. It gives the below error. Could someone please have a look and let me know the error with this code?
<html>
<head>
<title>Address Book Insertion</title>
</head>
<body>
<%
set connection=Server.CreateObject("ADODB.Connection")
connection.Open "Provider=SQLOLEDB;Server=charithj-pc;Integrated Security=SSPI;Initial Catalog=AddressDB;"
cmd = "INSERT INTO AddressBook (FirstName, Surname, Address) VALUES ('"
cmd = cmd & Request("FirstName") & "','"
cmd = cmd & Request("Surname") & "','"
cmd = cmd & Request("Address") & "')"
Response.Write(cmd)
on error resume next
connection.Execute cmd
if err <> 0 then
Response.Write("Insertion failed")
else
Response.Write("Insertion successful")
end if
connection.close
%>
</body>
</html>
The website cannot display the page
HTTP 500
Most likely causes:
•The website is under maintenance.
•The website has a programming error.
go in your browser, i assume it's internet explorer and disable "show friendly http errors". this helps you to see the real error message.
btw. your code allows sql injection. use sql parameters or replace some characters like single quote etc.