简单的SQL语句和request.querystring [英] Simple SQL statement and request.querystring
问题描述
您好,我有一个简单的问题,我无法理解!
我的ASP记录集中目前有以下行:
Recordset1.Source =" SELECT * FROM MainTable ORDER BY Price ASC"
我在记录集的开头有以下代码:
dim selectedcar
selectedcar = Request.QueryString(" make")
我想要的是SQL中的WHERE命令声明将
过滤上一页传递的值。例如:
Recordset1.Source =" SELECT * FROM MainTable WHERE
Make =''< - chosencar - >''订购按价格ASC
有什么方法可以做我想做的事吗?我是
SQL的新手,所以非常感谢所有帮助。保持简单如
也可以帮助我!
感谢您的时间和帮助!
Gareth
好吧,除了我可能指出的各种不好的事情(比如从不使用SELECT
*生产代码),你有没有尝试过:
selectedcar =替换(Request.QueryString(" make"),"''","''''")
Recordset1.Source =" SELECT * FROM MainTable WHERE" &安培; _
" [make] =''" &安培;选择车辆''按价格ASC订购
另外,考虑参数化查询,存储过程等。以这种方式构建
ad hoc sql非常危险并且效率低下。我希望我不会因为看起来通常由Bob Barrows提供的链接而懒得b $ b,但他不是。
:-)
< gj ******** @ volcanomail.com>在留言中写道
news:11 ********************** @ u72g2000cwu.googlegr oups.com ...你好,我有一个简单的问题,我无法理解!
我目前在我的ASP记录集中有以下行:
Recordset1.Source =" SELECT * FROM MainTable ORDER BY Price ASC"
我在记录集的开头有以下代码:
dim selectedcar
chosencar = Request。 QueryString(" make")
我想要的是SQL语句中的WHERE命令,它将过滤上一页传递的值。例如:
Recordset1.Source =" SELECT * FROM MainTable WHERE
Make =''< - chosencar - >''ORDER BY Price ASC"
有什么方法可以做我想做的事吗?我是SQL的新手,所以非常感谢所有的帮助。保持简单可能对我有帮助!
感谢您的时间和帮助!
Gareth
gj********@volcanomail.com 写道:你好,我有一个简单的问题,我无法理解!
我目前在我的ASP记录集中有以下行:
Recordset1.Source = SELECT * FROM MainTable ORDER BY Price ASC
你真的需要所有字段和所有行吗?
我在记录集的开头有以下代码:
dim selectedcar
chosencar = Request.QueryString(" make")
我想要的是SQL语句中的WHERE命令将过滤传递的值来自上一页。例如:
Recordset1.Source =" SELECT * FROM MainTable WHERE
Make =''< - chosencar - >''ORDER BY Price ASC"
有什么方法可以做我想做的事吗?我是SQL的新手,所以非常感谢所有的帮助。保持简单可能也会对我有所帮助!
我会先摆脱*并明确命名字段
you希望查询返回。然后:
dim sql,arParms,make,cmd
make = Request.QueryString(" make")
' '验证make - 确保它包含它应包含的内容
''如果它有效,那么:
sql =" ; SELECT<字段列表>来自MainTable &安培; _
" WHERE Make =?订购价格ASC
''参见?这被称为参数标记。您可以根据需要获得
''。现在让我们使用一个命令对象
''将值传递给该参数:
arParms = array(make)''数组是需要
set cmd = createobject(" adodb.commmand")
with cmd
.commandtype = 1''adCmdText
.commandtext = sql
set .activeconnection = objconn
set Recordset1 = .Execute(,arParms)
以
如果不是Recordset1.eof那么......
你可以在这里找到ADO文档:
http://msdn.microsoft.com/library/en...ireference.asp
-
Microsoft MVP - ASP / ASP.NET
请回复新闻组。我的From
标题中列出的电子邮件帐户是我的垃圾邮件陷阱,因此我不经常检查它。通过发布到新闻组,您将获得更快的回复。
谢谢Aaron,
我尝试了你的建议,但它说语法不正确。任何
关于如何做的其他建议?我是一个完全新手的SQL所以
参数化查询和存储过程是我没有听说过的东西
of!
再次感谢对于你的回复,
问候,Gareth
Aaron Bertrand [SQL Server MVP]写道:好吧,除了各种不好的事情,我可能会指出out(如从不使用SELECT
*在生产代码中),您是否尝试过:
selectedcar = Replace(Request.QueryString(" make")),"''"," ;'''''")
Recordset1.Source =" SELECT * FROM MainTable WHERE" &安培; _
[make] =''" &安培;选择车辆''按价格ASC排序
另外,考虑参数化查询,存储过程等。以这种方式构建特殊sql是非常危险和低效的。我希望我不会懒得查看Bob Barrows通常提供的链接,但他不是。
:-)
< GJ ******** @ volcanomail.com>在消息中写道
新闻:11 ********************** @ u72g2000cwu.googlegr oups.com ...您好,我有一个简单的问题,我无法理解!
我的ASP记录集中目前有以下行:
Recordset1.Source =" SELECT *来自MainTable ORDER BY Price ASC"
我在记录集的开头有以下代码:
dim selectedcar
chosencar = Request.QueryString(" make")
我想要的是SQL语句中的WHERE命令,它将过滤上一页传递的值。例如:
Recordset1.Source =" SELECT * FROM MainTable WHERE
Make =''< - chosencar - >''ORDER BY Price ASC"
有什么方法可以做我想做的事吗?我是SQL的新手,所以非常感谢所有的帮助。保持简单
可能也会对我有所帮助!
感谢您的时间和帮助!
Gareth
Hello, I have a simple problem that I just cannot get my head around!
I currently have the following line in my ASP recordset:
Recordset1.Source = "SELECT * FROM MainTable ORDER BY Price ASC"
I have the following code at the start of the recordset:
dim chosencar
chosencar=Request.QueryString("make")
What i want to have is a WHERE command in the SQL statement which will
filter the passed value from the previous page. For example:
Recordset1.Source = "SELECT * FROM MainTable WHERE
Make=''<--chosencar-->'' ORDER BY Price ASC"
Is there any way of doing what i want it to do please? I am a newbie at
SQL so all help is greatly appreciated. Keeping it as simple as
possible will also help me!
Thanks for your time and help!
Gareth
Well, aside from various bad things I might point out (like NEVER USE SELECT
* IN PRODUCTION CODE), have you tried:
chosencar = Replace(Request.QueryString("make"), "''", "''''")
Recordset1.Source = "SELECT * FROM MainTable WHERE " & _
" [make] = ''" & chosencar & "'' ORDER BY Price ASC"
Also, consider parameterized queries, stored procedures, etc. Constructing
ad hoc sql in this way is very dangerous and inefficient. I wish I wasn''t
too lazy to look up the links usually provided by Bob Barrows, but he''s not.
:-)
<gj********@volcanomail.com> wrote in message
news:11**********************@u72g2000cwu.googlegr oups.com...Hello, I have a simple problem that I just cannot get my head around!
I currently have the following line in my ASP recordset:
Recordset1.Source = "SELECT * FROM MainTable ORDER BY Price ASC"
I have the following code at the start of the recordset:
dim chosencar
chosencar=Request.QueryString("make")
What i want to have is a WHERE command in the SQL statement which will
filter the passed value from the previous page. For example:
Recordset1.Source = "SELECT * FROM MainTable WHERE
Make=''<--chosencar-->'' ORDER BY Price ASC"
Is there any way of doing what i want it to do please? I am a newbie at
SQL so all help is greatly appreciated. Keeping it as simple as
possible will also help me!
Thanks for your time and help!
Gareth
gj********@volcanomail.com wrote:Hello, I have a simple problem that I just cannot get my head around!
I currently have the following line in my ASP recordset:
Recordset1.Source = "SELECT * FROM MainTable ORDER BY Price ASC"
Do you really need ALL the fields and ALL the rows?
I have the following code at the start of the recordset:
dim chosencar
chosencar=Request.QueryString("make")
What i want to have is a WHERE command in the SQL statement which will
filter the passed value from the previous page. For example:
Recordset1.Source = "SELECT * FROM MainTable WHERE
Make=''<--chosencar-->'' ORDER BY Price ASC"
Is there any way of doing what i want it to do please? I am a newbie
at SQL so all help is greatly appreciated. Keeping it as simple as
possible will also help me!
I would start by getting rid of the * and explicitly naming the fields
you wish the query to return. Then:
dim sql, arParms, make, cmd
make=Request.QueryString("make")
''validate make - make sure it contains what it''s supposed to contain
''if it''s valid, then:
sql="SELECT <list of fields> FROM MainTable " & _
"WHERE Make=? ORDER BY Price ASC"
''see the "?" That''s called a parameter marker. You can
''have as many as you need. Now let''s use a command object
''to pass a value to that parameter:
arParms=array(make) ''an array is required
set cmd=createobject("adodb.commmand")
with cmd
.commandtype=1 ''adCmdText
.commandtext=sql
set .activeconnection=objconn
set Recordset1 = .Execute(,arParms)
End With
if not Recordset1.eof then ...
You can find the ADO documentation here:
http://msdn.microsoft.com/library/en...ireference.asp
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don''t check it very often. You will get a
quicker response by posting to the newsgroup.
Thanks Aaron,
I tried what you suggested but it says the syntax is incorrect. Any
other suggestions on how to do it? I a complete novice to SQL so
parameterized queries and stored procedures are things i have not heard
of!
Thanks again for your reply,
Regards, Gareth
Aaron Bertrand [SQL Server MVP] wrote:Well, aside from various bad things I might point out (like NEVER USE SELECT
* IN PRODUCTION CODE), have you tried:
chosencar = Replace(Request.QueryString("make"), "''", "''''")
Recordset1.Source = "SELECT * FROM MainTable WHERE " & _
" [make] = ''" & chosencar & "'' ORDER BY Price ASC"
Also, consider parameterized queries, stored procedures, etc. Constructing
ad hoc sql in this way is very dangerous and inefficient. I wish I wasn''t
too lazy to look up the links usually provided by Bob Barrows, but he''s not.
:-)
<gj********@volcanomail.com> wrote in message
news:11**********************@u72g2000cwu.googlegr oups.com...Hello, I have a simple problem that I just cannot get my head around!
I currently have the following line in my ASP recordset:
Recordset1.Source = "SELECT * FROM MainTable ORDER BY Price ASC"
I have the following code at the start of the recordset:
dim chosencar
chosencar=Request.QueryString("make")
What i want to have is a WHERE command in the SQL statement which will
filter the passed value from the previous page. For example:
Recordset1.Source = "SELECT * FROM MainTable WHERE
Make=''<--chosencar-->'' ORDER BY Price ASC"
Is there any way of doing what i want it to do please? I am a newbie at
SQL so all help is greatly appreciated. Keeping it as simple as
possible will also help me!
Thanks for your time and help!
Gareth
这篇关于简单的SQL语句和request.querystring的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
