sql injection - operand type clash

[mel <meling () scan-associates net>]

Hi,

Instead of the usual 80040e07 regarding syntax error, I get the following:

Microsoft OLE DB Provider for ODBC Drivers (0x80040E07)
Microsoft][ODBC SQL Server Driver][SQL Server]Operand type clash: ntext is 
incompatible with int

I have tried 

union select username,1,1,.... (20+ columns) from table
union select 1,username,1,1....
union select 1,1,username,1... 

but they still give me the same errors. Is there any way to create the
query so that it will return the correct information?

I've also tried  

union select convert(sql_variant,username),1,1,... 

but it produced the same result as well. 

My second problem is that I cannot execute this:

http://target/da.asp?userid=user' or 1=1; select * from information_schema.tables--

I get

Error Type:
ADODB.Recordset (0x800A0CB3)
Current Recordset does not support bookmarks. This may be a limitation of the 
provider or of the selected cursortype.

Does this mean that the query has been passed to the SQL server, but it does
not know how to return the results? What can I do to execute the queries 
successfully? 

> From other error messages that I got, the query is something like this:

SELECT username FROM table_name WHERE userid like %input% ORDER BY 
username ASC.

Any help is greatly appreciated.

--mel

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/