ASP经典VBscript的参数化的SQL查询? [英] ASP Classic VBscript Parameterized SQL Query?
问题描述
第一篇文章,但感谢你的一切我已经从这个网站迄今为止得到的帮助。
First post but thank you for all the help I've gotten from this site so far.
我试图参数化的SQL查询:
I'm trying to parameterize an SQL query:
query_url = Request.QueryString("ID")
Set rs = Server.CreateObject("ADODB.Recordset")
Set cmd = server.createobject("ADODB.Command")
cmd.ActiveConnection = Internet_String
cmd.CommandType = adCmdText
cmd.CommandText = "SELECT NAME FROM OWNER.TABLE WHERE ID = " + "?" + ""
Set param = cmd.CreateParameter(, , ,200 , Replace(query_url, "'", "''"))
cmd.Parameters.Append param
Set rs = cmd.Execute()
所以,如果我使用(没有参数):
So if I use (no parameters):
SELECT NAME FROM OWNER.TABLE WHERE ID = " + Replace(query_url, "'", "''") + ""
它工作得很好,所以我知道我的数据库连接,并query_url都在工作。有什么问题我的SQL语句的参数化查询?我已经试过很多不同的方式。
It works fine, so I know my DB connection and query_url are working. Is something wrong with my SQL statement in the parameterized query? I've tried it so many different ways.
当我运行我在Dreamweaver参数化查询的页面不会加载任何时间,只是旋转无限,我假设它不是从数据库得到一个响应返回。
When I run my parameterized query in Dreamweaver the page will not load anytime, just spins infinitely, I'm assuming it's not getting a response back from the DB.
谢谢!
修改
好吧,感谢您的帮助,到目前为止,我越来越近。现在的页面加载,但等领域仍是空白,什么继承人我走到这一步:
Alright thanks for the help so far, I'm getting closer. The page loads now but the fields are still blank, heres what I've got so far:
Set rs = Server.CreateObject("ADODB.Recordset")
Set cmd = server.createobject("ADODB.Command")
cmd.ActiveConnection = internet_string
cmd.CommandType = adCmdText
cmd.CommandText = "SELECT NAME FROM OWNER.TABLE WHERE ID = @param"
Set param = cmd.CreateParameter("@param", , ,200 , query_url)
cmd.Parameters.Append param
response.Write(param)
Set rs = cmd.Execute()
下面是我如何引用数据:
Here's how I'm referencing the data:
<strong>Name: <%=(rs.Fields.Item("NAME").Value)%></strong>
任何想法?
推荐答案
使用一个名为占位符;
Use a named placeholder;
cmd.CommandText = "SELECT NAME FROM OWNER.TABLE WHERE ID = @ID"
然后提供其值
Set param = cmd.CreateParameter("@ID", , ,200, Replace(query_url, "'", "''"))
FYI你不需要在参数化查询逃跑
FYI you do not need to escape ' in an parameterized query
这篇关于ASP经典VBscript的参数化的SQL查询?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!