SQL INSERT INTO Statement
Structured Query Language, also known as SQL, is the standard language used with most modern database applications. SQL provides us with a mechanism to select, insert, update and modify records in a database. In this summary, we are going to focus on the SQL INSERT INTO statement. For more in-depth information about SQL, please visit the SQL section of this site. There are dozens of tutorials to help you better understand the SQL language.
Syntax
In the previous example, the INSERT INTO statement inserts three values into three fields. If you insert the values out of order, you will need to use the first example. However, if you do not specify the field names in the statement, the values are inserted in the order that they are presented as in the second example. So the next step is to take a look at how we incorporate the SQL INSERT INTO statement into our ASP/ADO code.
Using the Connection Object
The previous example simply creates the Connection object which opens the database and inserts the records into specific fields of the table according to the SQL INSERT INTO statement.
Add New Form
A common approach to inserting information into your database is to use a form on a web page. The user fills out the form and submits it. You send the form information to an ASP page that reads in the form values and inserts data into the database. Keep in mind that you should validate your user’s input on the source page before inserting information into your database. Here is an example of an ASP page used to collect the information within a form. A user simply needs to visit the request form page, fill out the information, and click on the Add New button. The user will be redirected to the employeeInsert.asp page where the form information will be collected and a new record will be inserted into the database. Here is are some examples of the ASP/ADO code for the employeeInsert.asp page.
Using Parameters
When inserting data into a database, it is always a good practice to use parameters so that the information provided by the user input is treated as literal. This is so that you can prevent a SQL Injection attack by a user that manipulates the Form data and includes unwanted SQL code.