Can someone please tell me what is wrong with this statement?

Question

I am using this to insert a few things into my table and it keeps giving me this error:

Microsoft VBScript compilation error \'800a03ee\'
Expected \')\'
/thanks.asp,          


        

Answer 1

The missing ampersands and quotes may be the least of your problems.

It does not look like you are cleaning the strings in any way. The strings could contain single quotes that are not escaped. You are open to SQL injection because you are not using parameters.