ASP: error when trying to insert record

I receive the following error when trying to INSERT INTO; am using Access db.

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'[Microsoft][ODBC Microsoft Access Driver] Data type mismatch in criteria expression.

The code is as follows:

<%
Dim dbConn
set dbConn = server.CreateObject("adodb.connection")
dbConn.open("connect")
dbConn.Execute("INSERT INTO tbl_country (region, countryName, population, country_currency, description, imageURL, imageALT) VALUES ('" & Request.Form("region") & "', '" & Request.Form("countryName") & "', '" & Request.Form("population") & "', '" & Request.Form("country_currency") & "', '" & Request.Form("description") & "', '" & Request.Form("imageURL") & "', '" & Request.Form("imageALT") & "'),")
Response.Redirect("admin_master.asp")
%>

I would greatly appreciate any help you can give me.

Judging by the error message, you are likely trying to insert the wrong datatype into one of the columns..population maybe? I'd have to see the table definition to know for sure..|||

Please verify the Numeric data typed column's values on your query (Request.Form values). If the user given blank input then your query generate the blank string ('') & it will try to insert in the respective column which will throw error.

It always good idea to use the Stored Procedure or Parameterized query. Your code is violating the security standards it will allow the sql injection. Beware of SQL Injection.. Never use Dynamic Queries on your UI

|||+1 against dynamic sql and for paramtrized queries. If you are not sure which statement is executed against the database, put the whole build string into a string variable and output it to the Response stream, you will be easily able to find the error then. In most cases of dynamic SQL and the situations I have seen such implementation like you posted, the problem was based upon a wrong order of the parameters / columns.

Jens K. Suessmeyer.

http://www.sqlserver2005.de
--