<%@ Language=VBScript %>
<html>
<head>
<title>Furniture4all.com</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="links.css" type="text/css">
</head>
<body bgcolor="#800080" text="#FFFFFF" leftmargin="0" topmargin="0">
<%
function traceLine(str)
traceLine = replace(str, chr(13), "<br>")
end function

dim con, rs, id, pass, sNo
set con= server.CreateObject("ADODB.Connection")
set rs = server.CreateObject("ADODB.Recordset")
set rs1 = server.CreateObject("ADODB.Recordset")

name=session("userName")
pass=session("password")

con.Open "Provider=Microsoft.jet.OLEDB.4.0; data Source = " & server.MapPath("../FurnitureData.mdb")
rs.Open "SELECT * FROM adminUser WHERE adminName='"&name&"' AND adminPassword='"&pass&"'", con
if rs.EOF then
Response.Write "Unauthorised to access, Username or Password is incorrect"
Response.End
end if
rs.Close

id = Request.QueryString("id")

rs.Open "SELECT * FROM Feedback WHERE id="&id&"",con
Response.Write "<table width='100%'>"
if not rs.EOF then
uID= rs("FirstName")
rs1.Open "SELECT * FROM Feedback WHERE uId='"&FirstName&"'", con
str = str & "<table width=60% align=center border=1>"
str = str & "<tr bgcolor=darkblue><td colspan=2><FONT color=white style='BACKGROUND-COLOR: #00008b'><STRONG>User Information</STRONG></FONT>"
str = str & "<tr><td>FirstName<td>&nbsp;" & rs("firstname")
str = str & "<tr><td>Last Name<td>&nbsp;" & rs("LastName")
str = str & "<tr><td>Sex<td>&nbsp;" & rs("sex")
str = str & "<tr><td>Age<td>&nbsp;" & rs("age")
str = str & "<tr><td>Address<td>&nbsp;" & rs("HouseNo")
str = str & "<tr><td>&nbsp;<td>&nbsp;" & rs("Locality")
str = str & "<tr><td>City<td>&nbsp;" & rs("city")
str = str & "<tr><td>State<td>&nbsp;" & rs("state")
str = str & "<tr><td>Country<td>&nbsp;" & rs("country")
str = str & "<tr><td>Zip<td>&nbsp;" & rs("zip")
str = str & "<tr><td>Phone<td>&nbsp;" & rs("Phone")
str = str & "<tr><td>Email<td>&nbsp;" & rs("email")
str = str & "<tr><td>Query<td>&nbsp;" & traceline(rs("comment"))
Response.Write str
%><form action="replyQuery.asp" method=post id=form1 name=form1>
<tr>
<td>Answer
<td>
<input type=hidden value=<%=id%> name=id>
<textarea name=ans rows=10 cols=50><%=rs("answer")%></textArea>
<tr>
<td>&nbsp;
<td>
<input type=submit value="Submit" id=submit1 name=submit1></form>
<%
rs1.Close
end if
rs.Close
%>
<tr>
<td>&nbsp;
<td>&nbsp;
<tr>
<td>&nbsp;
<td>&nbsp;
</table>

<div align="left"></body>
</html>

what exactly is wrong here?

Looks like the second SQL statement is missing a quote at the end.

Actually the problem is this line: rs.Open "SELECT * FROM Feedback WHERE id="&id&"",con

You can't use a variable called id since it is a reserved word in ASP. It is good practice to mark your variables to something similar like this:

If you are using a character var start it with c_variablename, bit then b_varname, integer use i_varname. That way you won't run into reserved variable names while programming.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.