ASP经典SQL多个参数 [英] ASP Classic SQL Multiple parameters
问题描述
此Oracle SQL的ASP Classic SQL查询等效项是什么:
What is the ASP Classic SQL query equivalent for this Oracle SQL:
SELECT column1 FROM table WHERE column2 = '&num' AND column2 LIKE '&nam%';
推荐答案
真的了解经典的ASP,ADODB等内容!
read about classic asp, adodb and so on, really!
这是一个未经测试的示例:
here's a untested example:
sql = "SELECT column1 FROM table WHERE column2 = ? AND column3 LIKE ? + '%'"
set cmd = server.createobject("ADODB.Command")
cmd.activeconnection = yourConnection
cmd.commandText = SQL
cmd.Parameters.Append( cmd.CreateParameter("column2", adVarchar, , 512, valOfColumn2) )
cmd.Parameters.Append( cmd.CreateParameter("column3", adVarchar, , 512, valOfColumn3) )
set rs = cmd.execute
请注意,对于每个数据库系统,SQL字符串中字符串内容的语法可能有所不同.我不知道Oracle中的语法...这是指SQL字符串的"LIKE?+'%'"部分.
Note that the syntax for string concetenation in the SQL string could differ per database System. i don't know the Syntax in Oracle... by that i mean the "LIKE ? + '%'" Portion of the SQL string.
此外,我不知道您的表的定义,因此我假设column2和column3是长度为512的varchar字段.
Furthermore i do not know the definition of your table so i assumed column2 and column3 are varchar fields with a length of 512.
最后此处是MSDN的链接,以供您进一步了解ADODB.Command等.
Finally here is a link to MSDN for your further reading about ADODB.Command and so on.
并且此处是有关SQL注入的链接-请阅读!!
And here is a link about SQL-Injection - READ IT!.
这篇关于ASP经典SQL多个参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!