ASP Database Update

<%

'Declare Variables
Dim dcnDB	'As ADODB.Connection
Dim rsDB	'As ADODB.Recordset
Dim sqlQuery	'As String
Dim sqlUpdate	'As String
Dim filePath	'As String

'Find path of database file
filePath = Server.MapPath("advisor.mdb")

'Open Database Connection
Set dcnDB = Server.CreateObject("ADODB.Connection")
'dcnDB.Open "DBName" - This is for an ODBC Datasource (if set up) or
'                      use the below code for opening a Access 2000 DB
dcnDB.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source="&filePath
dcnDB.Open

'Check for action
If Request.Form("action") = "Update" Then
	
	'Create SQL UPDATE statement from form fields
	sqlUpdate = "UPDATE Students " _
		& "Set FirstName = '" & Request.Form("FirstName") & "'," _
		& "LastName = '" & Request.Form("LastName") & "' " _
		& "WHERE StudentID = '" & Request.Form("StudentID") & "'"
		
	'Execute the query
	dcnDB.Execute(sqlUpdate)
	
	'Notify action taken
	Response.Write "Record Updated<br><br>"
	
End If

'Check for StudentID in URL Path
If Request("StudentID") <> "" Then
	
	'Create SQL String
	sqlQuery = "SELECT * FROM Students WHERE StudentID = '" & Request("StudentID") & "'"
	
	'Query the database and create a recordset
	Set rsDB = Server.CreateObject("ADODB.Recordset")
	Set rsDB = dcnDB.Execute(sqlQuery)
	
End If
%>

<!-- this is the HTML part (creating a table to output records) -->

<table width="400" cellpadding=0 cellspacing=0 border=0>
<tr>
	<td valign="top" colspan=3>
	<!-- navigation row -->
	<a href="insert_students.asp">Add Student</a> | 
	<a href="query_students.asp">View Records</a>
	<br><br>
	Please fill in all fields before submitting:
	<br><br>
	</td>
</tr>
<form action="update_students.asp" method="post">
<tr>
	<td valign="top">Student ID</td>
	<td valign="top">
	<%=rsDB("StudentID")%>
	<!-- pass StudentID in hidden field to form -->
	<input type="hidden" name="StudentID" value="<%=rsDB("StudentID")%>">
	</td>
</tr>
<tr>
	<td valign="top">First Name</td>
	<td valign="top"><input type="text" name="FirstName" value="<%=rsDB("FirstName")%>"></td>
</tr>
<tr>
	<td valign="top">Last Name</td>
	<td valign="top"><input type="text" name="LastName" value="<%=rsDB("LastName")%>"></td>
</tr>
<tr>
	<td valign="top" colspan=2 align="center">
	<br>
	<input type="submit" value="Update">
	<input type="hidden" name="action" value="Update">
	</td>
</tr>
</form>
</table>

<%

'Close Connection and clean up
dcnDB.Close

%>


Next