ASP经典VBscript的参数化的SQL查询？ [英] ASP Classic VBscript Parameterized SQL Query?

问题描述

第一篇文章，但感谢你的一切我已经从这个网站迄今为止得到的帮助。

First post but thank you for all the help I've gotten from this site so far.

我试图参数化的SQL查询：

I'm trying to parameterize an SQL query:

query_url = Request.QueryString("ID")

Set rs = Server.CreateObject("ADODB.Recordset")

Set cmd = server.createobject("ADODB.Command")

cmd.ActiveConnection = Internet_String
cmd.CommandType = adCmdText
cmd.CommandText = "SELECT NAME FROM OWNER.TABLE WHERE ID = " + "?" + ""

Set param = cmd.CreateParameter(, , ,200 , Replace(query_url, "'", "''"))

cmd.Parameters.Append param

Set rs = cmd.Execute()

所以，如果我使用（没有参数）：

So if I use (no parameters):

SELECT NAME FROM OWNER.TABLE WHERE ID = " + Replace(query_url, "'", "''") + ""

它工作得很好，所以我知道我的数据库连接，并query_url都在工作。有什么问题我的SQL语句的参数化查询？我已经试过很多不同的方式。

It works fine, so I know my DB connection and query_url are working. Is something wrong with my SQL statement in the parameterized query? I've tried it so many different ways.

当我运行我在Dreamweaver参数化查询的页面不会加载任何时间，只是旋转无限，我假设它不是从数据库得到一个响应返回。

When I run my parameterized query in Dreamweaver the page will not load anytime, just spins infinitely, I'm assuming it's not getting a response back from the DB.

谢谢！

修改

好吧，感谢您的帮助，到目前为止，我越来越近。现在的页面加载，但等领域仍是空白，什么继承人我走到这一步：

Alright thanks for the help so far, I'm getting closer. The page loads now but the fields are still blank, heres what I've got so far:

Set rs = Server.CreateObject("ADODB.Recordset")

Set cmd = server.createobject("ADODB.Command")

cmd.ActiveConnection = internet_string    
cmd.CommandType = adCmdText

cmd.CommandText = "SELECT NAME FROM OWNER.TABLE WHERE ID = @param"

Set param = cmd.CreateParameter("@param", , ,200 , query_url)

cmd.Parameters.Append param

response.Write(param)

Set rs = cmd.Execute()

下面是我如何引用数据：

Here's how I'm referencing the data:

<strong>Name: <%=(rs.Fields.Item("NAME").Value)%></strong>

任何想法？

推荐答案

使用一个名为占位符;

Use a named placeholder;

cmd.CommandText = "SELECT NAME FROM OWNER.TABLE WHERE ID = @ID"

然后提供其值

Set param = cmd.CreateParameter("@ID", , ,200, Replace(query_url, "'", "''"))

FYI你不需要在参数化查询逃跑

FYI you do not need to escape ' in an parameterized query

这篇关于ASP经典VBscript的参数化的SQL查询？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！