KB Issue
Syntax error or access violation when running a SQL script in ASP Classic. When there is no Parameter provided.
Issue Details
You may receive the following message if you are providing a WHERE statement, without having the CreateParameter for the Variable to be used in your statement.
Microsoft OLE DB Provider for SQL Server error '80004005'
Syntax error or access violation
/View.asp, line 129
Recreate Issue
[Classic ASP - Malformed SQL Command]
CFFCS | CarrzSynEdit: | ASP/VBScript
Set sql = Server.CreateObject("ADODB.Command")
sql.ActiveConnection=Conn
sql.Prepared = true
sql.commandtext="SELECT col1, col2 from table where col3=?"
set rs1 = sql.execute

In the above statement, we are asking for a value to be called when the statement is run. However, we have no Parameter to get our value from, so this will cause the "Access violation" error.
Resolve Issue
[Classic ASP - Select Statement]
CFFCS | CarrzSynEdit: | ASP/VBScript
MyValue = request.querystring("Value")
Set sql = Server.CreateObject("ADODB.Command")
sql.ActiveConnection=Conn
sql.Prepared = true
sql.commandtext="SELECT col1, col2 from table where col3=?"
sql.Parameters.Append sql.CreateParameter("@col3", adInteger, adParamInput, , MyValue)
set rs1 = sql.execute

    In the above example, we have added two extra parts to our code.
  1. MyValue
    This request will extract the query from the URL and use it against our statement.
  2. sql.CreateParameter
    Here, we can grab the MyValue from #1 above and use it in our select statement.