ADODB.Recordset错误'800a0bb9'参数的错误类型,超出可接受的范围,或与另一个冲突 [英] ADODB.Recordset error '800a0bb9' Arguments are of the wrong type, are out of acceptable range, or are in conflict with one another

查看:341
本文介绍了ADODB.Recordset错误'800a0bb9'参数的错误类型,超出可接受的范围,或与另一个冲突的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个使用ASP经典旧的网站,我最近一直在要求删除SQL注入攻击的威胁。我试图使用参数化查询,但它是我的头上都有点。

I've got an old website that is using ASP Classic and I have recently been asked remove the SQL injection attack threat. I'm trying to use parameterized queries, but it's all a little above my head.

这是我的code:

<% whatSector = request.querystring("whatSector")%>

    <%  adoCon.Open cString
        dim rs_client
        if whatSector="" then
    strSQL="SELECT * FROM clients ORDER BY alphabet"
    else

    Set objCommand = Server.CreateObject("ADODB.COMMAND")

    strCmd1 = "SELECT * FROM clients Where industrySector=? ORDER BY alphabet"

    Set objCommand.ActiveConnection = adoCon
        objCommand.CommandText = strCmd1
        objCommand.CommandType = adCmdText

    Set param1 = objCommand.CreateParameter ("whatSector",adVarChar, adParamInput, 50)
    param1.value = whatSector
    objCommand.Parameters.Append(param1)
    Set rs_client = objCommand.Execute()

    end if 
    set rs_client = server.CreateObject("ADODB.Recordset")
    rs_client.open strSQL,adoCon

%>

这似乎为我工作另一页上(除非出于某种原因,我不得不删除我使用寻呼的RecordCount事),但我发现这个网页上出现以下错误:

This seemed to work for me on another page (except for some reason I had to remove a recordCount thing I was using for paging), but I'm getting the following error on this page:

ADODB.Recordset错误'800a0bb9

ADODB.Recordset error '800a0bb9'

参数的错误类型,超出可接受的范围,或有冲突彼此。

Arguments are of the wrong type, are out of acceptable range, or are in conflict with one another.

/clients/clientspotlight_list.asp 50行

/clients/clientspotlight_list.asp, line 50

50号线 - 在上述code段的结束rs_client.open

Line 50 - is the rs_client.open at the end of the above code snippet.

我用

    <!-- METADATA TYPE="TypeLib" NAME="Microsoft ADO Type Library" UUID="{00000205-0000-0010-8000-00AA006D2EA4}" -->

有关ADOVBS.INC。

for adovbs.inc.

推荐答案

看起来你的参数名称是畸形的。试着改变你的任务的 strCmd1

Looks like your parameter names are malformed. Try changing your assignment of strCmd1 to:

strCmd1 = "SELECT * FROM clients Where industrySector=@whatSector ORDER BY alphabet"

然后改变的分配参数1 

Set param1 = objCommand.CreateParameter ("@whatSector",adVarChar, adParamInput, 50)

这篇关于ADODB.Recordset错误'800a0bb9'参数的错误类型,超出可接受的范围,或与另一个冲突的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
ASP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆