SQL语句中的变量 [英] variable in SQL statement
问题描述
我需要将以下变量添加到SQL语句中,并且不确定
如何操作。
strGCID需要插入以下内容声明:
SQL =" SELECT tblContacts。* FROM tblContacts INNER JOIN tblGC ON
tblContacts.GCID = tblGC.gcID WHERE((tblContacts.GCID )= strGCID))
i我不确定正确的语法。
I need to add the following variable into an SQL statement and not sure
how to do it.
strGCID needs to be inserted into the following statement:
SQL = "SELECT tblContacts.* FROM tblContacts INNER JOIN tblGC ON
tblContacts.GCID = tblGC.gcID WHERE (((tblContacts.GCID)=strGCID))"
i am just not sure of the proper syntax.
推荐答案
Matt写道:
Matt wrote:
我需要将以下变量添加到SQL语句中而不是
确定如何操作。<需要在下面的语句中插入
strGCID:
SQL =" SELECT tblContacts。* FROM tblContacts INNER JOIN tblGC ON
I need to add the following variable into an SQL statement and not
sure how to do it.
strGCID needs to be inserted into the following statement:
SQL = "SELECT tblContacts.* FROM tblContacts INNER JOIN tblGC ON
http://www.aspfaq.com/show .asp?id = 2096
tblContacts.GCID = tblGC.gcID WHERE(((tblContacts.GCID)= strGCID))
我只是不确定正确的语法。
tblContacts.GCID = tblGC.gcID WHERE (((tblContacts.GCID)=strGCID))"
i am just not sure of the proper syntax.
这是安全的方式:
SQL =" SELECT c。* FROM tblContacts c INNER JOIN tblGC g ON
c.GCID = g.gcID在哪里c.GCID =?"
dim arParms
arParms = array(strGCID)
dim cmd,rs
set cmd = createobject(" adodb.command")
cmd.commandtext = sql
cmd.commandtype = 1''adCmdText
set cmd.activeconnection = objConn
set rs = cmd.execute(,arParms)
-
Microsoft MVP - ASP / ASP.NET
请回复新闻组。这个电子邮件帐户是我的垃圾邮件陷阱所以我
不经常检查它。如果您必须离线回复,请删除
无垃圾邮件
Here is the secure way:
SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON
c.GCID = g.gcID WHERE c.GCID=?"
dim arParms
arParms=array(strGCID)
dim cmd,rs
set cmd=createobject("adodb.command")
cmd.commandtext=sql
cmd.commandtype=1 ''adCmdText
set cmd.activeconnection=objConn
set rs = cmd.execute(,arParms)
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don''t check it very often. If you must reply off-line, then remove the
"NO SPAM"
是否有更简单的方法将变量放入SQL Select
声明?
谢谢
Bob Barrows [MVP]写道:
Is there an easier way just to put the variable in the SQL Select
statement?
Thanks
Bob Barrows [MVP] wrote:
Matt写道:
Matt wrote:
我需要将以下变量添加到SQL语句中而不是
确定如何操作。<需要在下面的语句中插入
strGCID:
SQL =" SELECT tblContacts。* FROM tblContacts INNER JOIN tblGC ON
I need to add the following variable into an SQL statement and not
sure how to do it.
strGCID needs to be inserted into the following statement:
SQL = "SELECT tblContacts.* FROM tblContacts INNER JOIN tblGC ON
http://www.aspfaq .com / show.asp?id = 2096
tblContacts.GCID = tblGC.gcID WHERE(((tblContacts.GCID)= strGCID))" ;
i我不确定正确的语法。
tblContacts.GCID = tblGC.gcID WHERE (((tblContacts.GCID)=strGCID))"
i am just not sure of the proper syntax.
这是安全的方式:
SQL =" SELECT c。* FROM tblContacts c INNER JOIN tblGC g ON
c.GCID = g.gcID在哪里c.GCID =?"
dim arParms
arParms = array(strGCID )
dim cmd,rs
set cmd = createobject(" adodb.command")
cmd.commandtext = sql
cmd.commandtype = 1''adCmdText
set cmd.activeconnection = objConn
set rs = cmd.execute(,arParms)
-
Microsoft MVP - ASP / ASP.NET
请回复新闻组。这个电子邮件帐户是我的垃圾邮件陷阱所以我
不经常检查它。如果您必须离线回复,请删除
NO SPAM。
Here is the secure way:
SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON
c.GCID = g.gcID WHERE c.GCID=?"
dim arParms
arParms=array(strGCID)
dim cmd,rs
set cmd=createobject("adodb.command")
cmd.commandtext=sql
cmd.commandtype=1 ''adCmdText
set cmd.activeconnection=objConn
set rs = cmd.execute(,arParms)
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don''t check it very often. If you must reply off-line, then remove the
"NO SPAM"
如果你想要
写一行,你可以轻松地将它包装到你自己的可重用函数中。
你会看到另一个众所周知的选项是构造一个
包含数据的字符串。除了安全问题,它还有自己的问题
(因为数据写在SQL语句中,很容易使用国家或
服务器相关格式的那些可能会在某些时候咬你的数据)。
-
Patrice
" Matt" < mw ****** @caldrywall.comaécritdansle message de news:
11 ********************* @ i3g2000cwc.googlegroups.co m ...
You can easily wrap this into your own reusable function if you want to
write a single line.
The other well known option you''ll see is to construct a string that
includes the data. Additionaly to security issues it has its own problems
(as data are written inside the SQL statement, it''s easy to use a country or
server dependant format for those data that could bite you at some point).
--
Patrice
"Matt" <mw******@caldrywall.coma écrit dans le message de news:
11*********************@i3g2000cwc.googlegroups.co m...
是否有更简单的方法将变量放入SQL Select
语句?
谢谢
Bob Barrows [MVP]写道:
Is there an easier way just to put the variable in the SQL Select
statement?
Thanks
Bob Barrows [MVP] wrote:
> Matt写道:
>Matt wrote:
我需要将以下变量添加到SQL语句中而不是
确定如何操作。
strGCID需要插入到以下语句中:
SQL =" SELECT tblContacts。* FROM tblContacts INNER JOIN tblGC ON
I need to add the following variable into an SQL statement and not
sure how to do it.
strGCID needs to be inserted into the following statement:
SQL = "SELECT tblContacts.* FROM tblContacts INNER JOIN tblGC ON
http://www.aspfaq.com/show.asp?id=2096
tblContacts.GCID = tblGC.gcID WHERE (((tblContacts.GCID)= strGCID))
我只是不确定正确的语法。
tblContacts.GCID = tblGC.gcID WHERE (((tblContacts.GCID)=strGCID))"
i am just not sure of the proper syntax.
这是安全的方式:
SQL =" SELECT c。* FROM tblContacts c INNER JOIN tblGC g ON
c.GCID = g.gcID在哪里c.GCID =?"
dim arParms
arParms = array(strGCID)
dim cmd,rs
set cmd = createobject(" adodb.command")
cmd.commandtext = sql
cmd.commandtype = 1''adCmdText
set cmd.activeconnection = objConn
set rs = cmd.execute(,arParms)
-
Microsoft MVP - ASP / ASP.NET
请回复新闻组。这个电子邮件帐户是我的垃圾邮件陷阱所以我不经常检查它。如果您必须离线回复,请删除
NO SPAM。
Here is the secure way:
SQL = "SELECT c.* FROM tblContacts c INNER JOIN tblGC g ON
c.GCID = g.gcID WHERE c.GCID=?"
dim arParms
arParms=array(strGCID)
dim cmd,rs
set cmd=createobject("adodb.command")
cmd.commandtext=sql
cmd.commandtype=1 ''adCmdText
set cmd.activeconnection=objConn
set rs = cmd.execute(,arParms)
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don''t check it very often. If you must reply off-line, then remove the
"NO SPAM"
这篇关于SQL语句中的变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
