you code is wide open for a SQL injection!!!
read about parametrized queries.
in your first SQL you have apostrophes (') which is bad if cid is a number
Question
I am using a variable to interpolate in ASP, for this i have an vairable:
cid=Request.Form("customerID")
and then,
rs.open "SELECT * FROM customers WHERE customerID='" & cid & "'",conn
the above statement does not work.
while this works:
rs.open "SELECT * FROM customers WHERE customerID=1",conn
can someone please help me???
Solution
you code is wide open for a SQL injection!!!
read about parametrized queries.
in your first SQL you have apostrophes (') which is bad if cid is a number