ADODB.Recordset错误'800a0bb9'参数的错误类型,超出可接受的范围,或与另一个冲突 [英] ADODB.Recordset error '800a0bb9' Arguments are of the wrong type, are out of acceptable range, or are in conflict with one another
问题描述
我有一个使用ASP经典旧的网站,我最近一直在要求删除SQL注入攻击的威胁。我试图使用参数化查询,但它是我的头上都有点。
I've got an old website that is using ASP Classic and I have recently been asked remove the SQL injection attack threat. I'm trying to use parameterized queries, but it's all a little above my head.
这是我的code:
<% whatSector = request.querystring("whatSector")%>
<% adoCon.Open cString
dim rs_client
if whatSector="" then
strSQL="SELECT * FROM clients ORDER BY alphabet"
else
Set objCommand = Server.CreateObject("ADODB.COMMAND")
strCmd1 = "SELECT * FROM clients Where industrySector=? ORDER BY alphabet"
Set objCommand.ActiveConnection = adoCon
objCommand.CommandText = strCmd1
objCommand.CommandType = adCmdText
Set param1 = objCommand.CreateParameter ("whatSector",adVarChar, adParamInput, 50)
param1.value = whatSector
objCommand.Parameters.Append(param1)
Set rs_client = objCommand.Execute()
end if
set rs_client = server.CreateObject("ADODB.Recordset")
rs_client.open strSQL,adoCon
%>
这似乎为我工作另一页上(除非出于某种原因,我不得不删除我使用寻呼的RecordCount事),但我发现这个网页上出现以下错误:
This seemed to work for me on another page (except for some reason I had to remove a recordCount thing I was using for paging), but I'm getting the following error on this page:
ADODB.Recordset错误'800a0bb9
ADODB.Recordset error '800a0bb9'
参数的错误类型,超出可接受的范围,或有冲突彼此。
Arguments are of the wrong type, are out of acceptable range, or are in conflict with one another.
/clients/clientspotlight_list.asp 50行
/clients/clientspotlight_list.asp, line 50
50号线 - 在上述code段的结束rs_client.open
Line 50 - is the rs_client.open at the end of the above code snippet.
我用
<!-- METADATA TYPE="TypeLib" NAME="Microsoft ADO Type Library" UUID="{00000205-0000-0010-8000-00AA006D2EA4}" -->
有关ADOVBS.INC。
for adovbs.inc.
推荐答案
看起来你的参数名称是畸形的。试着改变你的任务的 strCmd1 以
Looks like your parameter names are malformed. Try changing your assignment of strCmd1 to:
strCmd1 = "SELECT * FROM clients Where industrySector=@whatSector ORDER BY alphabet"
然后改变的分配参数1 以
Set param1 = objCommand.CreateParameter ("@whatSector",adVarChar, adParamInput, 50)
这篇关于ADODB.Recordset错误'800a0bb9'参数的错误类型,超出可接受的范围,或与另一个冲突的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!