I know most people just post problems here but I thought I would address something nobody asked. I notice that most people are accessing their databases and recordsets in ASP in an overly complicated way. The way I do it uses fewer lines of code, and have worked well for me in 14 years on high volume websites. To retrieve values from your database, open your connection object and then:

Set Conn = Server.CreateObject("ADODB.Connection")
Conn.Open ("CONNECTION STRING")
Set RS=Conn.Execute("SELECT name FROM addresses")
while not RS.EOF
response.write "<br>"& RS("name")
RS.MoveNext
Wend
Conn.Close
Set Conn=Nothing

My point is that you don't have to set up a recordset object and paging etc for simple iterations. But to avoid SQL insertion attacks, if you are passing any dynamic variables into your query, definititely use parameters as follows:

NAMEVARIABLE="Chuck"
Set Conn = Server.CreateObject("ADODB.Connection")
Conn.Open (Application("dbconnect"))
Set objCmd = Server.CreateObject("ADODB.Command")
objCmd.ActiveConnection = Conn
objCmd.CommandType = 1
objCmd.CommandText = "UPDATE addresses SET name=? where id=34"
objCmd.Parameters.Append objCmd.CreateParameter("name", 200, 1, len(NAMEVARIABLE), NAMEVARIABLE)
Set RS = objCmd.Execute
Conn.Close
Set Conn=Nothing

If I'm passing numerical values into the query, I don't bother with parameterized queries just use CLng(NAMEVARIABLE) or cDbl() because there is no way to do a sql insertion then.

Hope this saves someone some headaches and coding time.