On this line: sql=sql & "phint='" & Request.Form("phint") & "',
Remove the trailing ,. One other thing I would like to point out, if you change the uname in the form, it's going to mess your data up.
For example, let's say on the first page, you have the following list of unames:
And I click on "Todd" because I want to change his name to something else. So on the update page I now see this.
Todd - editable field "uname"
- editable field "pword" (it's blank b/c it's the first time)
- editable field "phint" (same as pword).
Now, what happens when I change Todd's name to Barry? Your update statement is going to look like this:
sql="UPDATE users1 SET "
sql=sql & "uname='Barry',"
sql=sql & "pword='MyPassword',"
sql=sql & "phint='What is my password?',"
sql=sql & " WHERE uname='Barry'"
This is not going to change Todd's name to Barry b/c you have no way of identifying Todd's record in the database. This is where an identity column comes in handy. I would suggest adding another field to your database, set it as the primary key and make it an identity (autonumber in Access). Then you can use it to identity the record you want to update and don't have to worry about someone chaning your primary key value and not know which record to update. Also, read the sticky thread on single quotes (http://www.codingforums.com/showthread.php?t=9843)
, this will prevent errors if someone uses single quotes in your input box and also will prevent sql injection attacks.