asp参数化添加记录
I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:
我已经为EE上的很多人提供了编码源,并且几乎每分钟都喜欢它。 有时可能会有点乏味,但这始终是一个挑战,我一直说的一件事是:
Power is the Exchange of Knowledge;
力量是知识的交流;
Knowledge is the Power that you have to help others in need of your help.
知识是您必须帮助需要帮助的人的力量。
The Exchange of Information!
信息交流!
The information below is for people that want to learn how to use Parameterized Queries in their Classic ASP scripts. I was forced to learn this back in the beginning of 2009 and have taken off with it. There is nothing really tough about it, just read the liner notes and then try it out for yourself.
以下信息适用于希望学习如何在其经典ASP脚本中使用参数化查询的人 。 在2009年初,我被迫学习了这一点,并获得了成功。 真的没有什么难的,只需阅读班轮说明,然后自己尝试即可。
In this tutorial below, I am giving you several different scenarios and the code for them. It works all out at the end.
在下面的本教程中,我为您提供了几种不同的方案及其代码。 最后全部解决。
什么是参数化查询? (What are Parameterized queries?)
Parameterized queries are queries that have one or more embedded parameters in the SQL statement. This method of embedding parameters into a SQL statement is less prone to errors than the method of dynamically building up a SQL string.
参数化查询是在SQL语句中具有一个或多个嵌入式参数的查询。 与动态构建SQL字符串的方法相比,这种将参数嵌入SQL语句的方法更不容易出错。
-- source: Taken from enterprisedb.com
-来源:摘自enterprisedb.com
教程开始 (Tutorial Begins)
Now, on with the code/lesson...
现在,继续进行代码/课程...
Note: If you have any questions please feel free to ask away. For this lesson, you will need to have the ADOVBS.inc file, which can be downloaded from here:
Download ADOVBS.INC
注意 :如果您有任何疑问,请随时提出。 在本课程中,您将需要具有ADOVBS.inc文件,可从此处下载该文件:
下载ADOVBS.INC
0.入门 (0. Getting Started)
Make sure that the above line is at the very top of your page, and only one @ is allowed per page
确保上面的行位于页面的顶部,并且每页只允许一个@
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
Make sure that you are using the charset=utf-8, if not then you will lose some of your protection!
确保您使用的是charset = utf-8,否则将失去部分保护!
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
This our CSS to be used at the bottom of the page
这是我们CSS,将在页面底部使用
<style type="text/css">
.MyTD{
border:1px #000000 double;
text-align:left;
vertical-align:top;
padding:3px;
color:#999999;
background-color:#333333;
}
</style>
Example of a FORM, none functional at this point
表单示例,目前无任何功能
<form>
<input type="hidden" name="MyID" value="<%=getID%>" />
<input type="text" name="loginEmail" value="" />
</form>
Example of a QueryString, none functional at this point, to be used on the Multiple and below
QueryString的示例,目前不起作用,将在Multiple和更低版本上使用
page.asp?ID=1&Email=me@site.com
First, we need to make sure that no one can attack our codes, so we are going to use my custom ProtectSQL script.
首先,我们需要确保没有人可以攻击我们的代码,因此我们将使用我的自定义ProtectSQL脚本。
This will be used to PROTECT your code/database from being attacked by idiots with nothing better to do.
这将用于保护您的代码/数据库免受白痴的攻击,而无所事事。
<%
Function ProtectSQL(SQLString)
SQLString = Replace(SQLString, "'", "'") ' replace single Quotes with Double Quotes
SQLString = Replace(SQLString, ">", ">") ' replace > with >
SQLString = Replace(SQLString, "<", "<") ' replace < with <
SQLString = Replace(SQLString, "(","(") ' replace ( with (
SQLString = Replace(SQLString, ")",")") ' replace ) with )
SQLString = Replace(SQLString, "&", "&")
SQLString = Replace(SQLString, "%", "%")
' replace vblf with <br /> (This is mainly used for Memo fields).
SQLString = Replace(SQLString, vblf,"<br />")
SQLString = Trim(SQLString)
ProtectSQL = SQLString
End Function
%>
When you call the codes back out, just do the ProtectSQL function in reverse, basically create a new Function and do a reverse on it. This will be used to display the data to the page (To your visitor)
回调代码时,只需反向执行ProtectSQL函数,基本上创建一个新的Function并对其进行反向。 这将用于向页面显示数据(向您的访客)
<%
Function ReverseSQL(SQLString)
SQLRevString = Replace(SQLRevString, "'", "'")
SQLRevString = Replace(SQLRevString, ">", ">")
SQLRevString = Replace(SQLRevString, "<", "<")
SQLRevString = Replace(SQLRevString, "(","(")
SQLRevString = Replace(SQLRevString, ")",")")
SQLRevString = Replace(SQLRevString, "&", "&")
SQLRevString = Replace(SQLRevString, "%", "%")
SQLRevString = Replace(SQLRevString,"<br />", vblf)
SQLRevString = Trim(SQLRevString)
ReverseSQL = SQLRevString
End Function
%>
These are our Variables for our Parameters. For ALL Examples, as you can see, we have wrapped the ProtectSQL() around each one, so that we can capture ALL the bad things that someone might want to throw at us.
这些是我们参数的变量。 如您所见,对于所有示例,我们都将ProtectSQL()包裹在每个示例周围,以便我们可以捕获某人可能想要扔给我们的所有坏消息。
<%
loginEmail = ProtectSQL(request.Form("loginEmail"))
loginPass = ProtectSQL(request.Form("Password"))
myID = ProtectSQL(request.Form("myID"))
%>
1.将参数与文本VarChar一起使用,字段长度为25 (1. Using Parameters with text VarChar, with a field length of 25)
<%
Set chEmail = Server.CreateObject("ADODB.Command")
chEmail.ActiveConnection=objConn
chEmail.Prepared = true
chEmail.commandtext="SELECT cusEmail, password, mydate FROM ordercavecustomer WHERE cusEmail =?"
chEmail.Parameters.Append chEmail.CreateParameter("@cusEmail", adVarChar, adParamInput, 25, loginEmail)
set rschEmail = chEmail.execute
%>
2.将参数与整数(INT)一起使用 (2. Using Parameters with the Integer (INT))
As you can tell, we are not adding in a number, this is because the INT does not require a length, it can be any length up to 1 billion.
如您所知,我们没有添加数字,这是因为INT不需要长度,它可以是不超过10亿的任何长度。
<%
Set chEmail = Server.CreateObject("ADODB.Command")
chEmail.ActiveConnection=objConn
chEmail.Prepared = true
chEmail.commandtext="SELECT cusEmail, password, myID FROM ordercavecustomer WHERE myID =?"
chEmail.Parameters.Append chEmail.CreateParameter("@myID", adInteger, adParamInput, , getmyID)
set rschEmail = chEmail.execute
%>
3.我们将获得多个查询 (3. We Are Going to Get Multiple Queries)
Let's get these from our QueryString. As you can see, we have the Parameters in order of the way they are listed in our Statement, if not, then it will give you an error.
让我们从QueryString中获取它们。 如您所见,我们按照在声明中列出参数的顺序来排列参数,如果没有,则会给您一个错误。
<%
getID = ProtectSQL(request.QueryString("ID"))
getEmail = ProtectSQL(request.QueryString("Email"))
Set chEmail = Server.CreateObject("ADODB.Command")
chEmail.ActiveConnection=objConn
chEmail.Prepared = true
chEmail.commandtext="SELECT cusEmail, password, myID FROM ordercavecustomer WHERE myID =? and cusEmail=?"
chEmail.Parameters.Append chEmail.CreateParameter("@myID", adInteger, adParamInput, , getmyID)
chEmail.Parameters.Append chEmail.CreateParameter("@cusEmail", adVarChar, adParamInput, 25, loginEmail)
set rschEmail = chEmail.execute
%>
4. INSERT语句 (4. INSERT Statement)
Once again, we have to have everything in order, to make sure that it gets inserted correctly and without error.
再一次,我们必须按顺序排列所有内容,以确保正确插入并且没有错误。
<%
Set chEmail = Server.CreateObject("ADODB.Command")
chEmail.ActiveConnection=objConn
chEmail.commandtext="INSERT into ordercavecustomer(cusEmail, password, myID)values(?,?,?)"
chEmail.Parameters.Append chEmail.CreateParameter("@cusEmail", adVarChar, adParamInput, 25, loginEmail)
chEmail.Parameters.Append chEmail.CreateParameter("@password", adVarChar, adParamInput, 25, loginPass)
chEmail.Parameters.Append chEmail.CreateParameter("@myID", adInteger, adParamInput, , getmyID)
set rschEmail = chEmail.execute
%>
5. UPDATE语句 (5. UPDATE Statement)
Same as before, in order as they are written. The WHERE goes last, and as you can see, it is also last in the parameters list.
与以前一样,按编写顺序进行。 WHERE位于最后,如您所见,它在参数列表中也位于最后。
<%
Set chEmail = Server.CreateObject("ADODB.Command")
chEmail.ActiveConnection=objConn
chEmail.commandtext="update ordercavecustomer set cusEmail=?, password=? where myID=?"
chEmail.Parameters.Append chEmail.CreateParameter("@cusEmail", adVarChar, adParamInput, 25, loginEmail)
chEmail.Parameters.Append chEmail.CreateParameter("@password", adVarChar, adParamInput, 25, loginPass)
chEmail.Parameters.Append chEmail.CreateParameter("@myID", adInteger, adParamInput, , getmyID)
set rschEmail = chEmail.execute
%>
6.删除声明 (6. DELETE Statement)
This example will DELETE the item with the ID of whatever it is in the QueryString (or) FORM
此示例将删除ID为QueryString(或FORM)中内容的项目
<%
Set chEmail = Server.CreateObject("ADODB.Command")
chEmail.ActiveConnection=objConn
chEmail.commandtext="delete from ordercavecustomer where myID=?"
chEmail.Parameters.Append chEmail.CreateParameter("@myID", adInteger, adParamInput, , getmyID)
set rschEmail = chEmail.execute
%>
7.使用适当的ReverseSQL向访问者显示信息。 (7. Display the information to the visitor with the ReverseSQL in place.)
<%
Set chEmail = Server.CreateObject("ADODB.Command")
chEmail.ActiveConnection=objConn
chEmail.Prepared = true
chEmail.commandtext="SELECT cusEmail, password, username, mydate, fname, lname FROM ordercavecustomer WHERE cusEmail =?"
chEmail.Parameters.Append chEmail.CreateParameter("@cusEmail", adVarChar, adParamInput, 25, loginEmail)
set rschEmail = chEmail.execute
' first we need to make sure that a record exist for the Query
if not rschEmail.eof then
' Now. We want to show our information back to our visitor, so we need to reverse what we have protected. So we wrap our recordsets with the ReverseSQL Function
strEmail = ReverseSQL(rschEmail("cusEmail"))
strpassword = ReverseSQL(rschEmail("password"))
strusername = ReverseSQL(rschEmail("username"))
strmydate = rschEmail("mydate")
strfname = ReverseSQL(rschEmail("fname"))
strlname = ReverseSQL(rschEmail("lname"))
elseif rschEmail.eof then
response.Write "Sorry, the user does not exist in our system, Sorry! Please try again later."
end if
%>
<table>
<tr><td class="MyTD">Full Name</td><td class="MyTD"><%=strfname&" "&strlname%></td></tr>
<tr><td class="MyTD">Email</td><td class="MyTD"><%=strEmail%></td></tr>
<tr><td class="MyTD">Username</td><td class="MyTD"><%=strusername%></td></tr>
<tr><td class="MyTD">Password</td><td class="MyTD"><%=strpassword%></td></tr>
<tr><td class="MyTD">Date Joined</td><td class="MyTD"><%=strmydate%></td></tr>
</table>
复制/粘贴版本如下。 (The copy/paste version is below.)
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%'Make sure that the above line is at the very top of your page, and only one @ is allowed per page%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtm<wbr ></wbr>l1/DTD/xht<wbr ></wbr>ml1-transi<wbr ></wbr>tional.dtd<wbr ></wbr>">
<html xmlns="http://www.w3.org/1<wbr ></wbr>999/xhtml"<wbr ></wbr>>
<head>
<%'Make sure that you are using the charset=utf-8, if not then you will loose some of your protection!%>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<%'our CSS to be used at the bottom of the page%>
<style type="text/css">
.MyTD{
border:1px #000000 double;
text-align:left;
vertical-align:top;
padding:3px;
color:#999999;
background-color:#333333;
}
</style>
</head>
<body>
<%'Example of a FORM, none functional at this point%>
<form>
<input type="hidden" name="MyID" value="<%=getID%>" />
<input type="text" name="loginEmail" value="" />
</form>
<%'Example of a Querystring, none functional at this point, to be used on the Multiple and below%>
page.asp?ID=1&Email=me<wbr ></wbr>@site.com
<%
' First thing is First, we need to make sure that no one can attach our codes
' So we are going to use my custom ProtectSQL script.
' This will be used to PROTECT your code/database from being attacked by idiots with nothing better to do.
Function ProtectSQL(SQLString)
SQLString = Replace(SQLString, "'", "'") ' replace single Quotes with Double Quotes
SQLString = Replace(SQLString, ">", ">") ' replace > with >
SQLString = Replace(SQLString, "<", "<") ' replace < with <
SQLString = Replace(SQLString, "(","(") ' replace ( with (
SQLString = Replace(SQLString, ")",")") ' replace ) with )
SQLString = Replace(SQLString, "&", "&")
SQLString = Replace(SQLString, "%", "%")
SQLString = Replace(SQLString, vblf,"<br />") ' replace vblf with <br /> (This is mainly used for Memo fields.
SQLString = Trim(SQLString)
ProtectSQL = SQLString
End Function
' When you call the codes back out, just do the ProtectSQL function in reverse, basically create a new Function and do a reverse on it.
' This will be used to display the data to the page (To your visitor)
Function ReverseSQL(SQLString)
SQLRevString = Replace(SQLRevString, "'", "'")
SQLRevString = Replace(SQLRevString, ">", ">")
SQLRevString = Replace(SQLRevString, "<", "<")
SQLRevString = Replace(SQLRevString, "(","(")
SQLRevString = Replace(SQLRevString, ")",")")
SQLRevString = Replace(SQLRevString, "&", "&")
SQLRevString = Replace(SQLRevString, "%", "%")
SQLRevString = Replace(SQLRevString,"<br />", vblf)
SQLRevString = Trim(SQLRevString)
Reverse = SQLRevString
End Function
' These are our Variables for our Parameters. For ALL Examples, as you can see, we have wrapped the ProtectSQL() around each one, so that we can capture ALL the bad things that someone might want to throw at us.
loginEmail = ProtectSQL(request.Form("l<wbr ></wbr>oginEmail"<wbr ></wbr>))
loginPass = ProtectSQL(request.Form("P<wbr ></wbr>assword"))<wbr ></wbr>
myID = ProtectSQL(request.Form("m<wbr ></wbr>yID"))
' Example #1. using Parameters with text VarChar, with a field length of 25
Set chEmail = Server.CreateObject("ADODB<wbr ></wbr>.Command")<wbr ></wbr>
chEmail.ActiveConnection=o<wbr ></wbr>bjConn
chEmail.Prepared = true
chEmail.commandtext="SELEC<wbr ></wbr>T cusEmail, password, mydate FROM ordercavecustomer WHERE cusEmail =?"
chEmail.Parameters.Append chEmail.CreateParamet<wbr ></wbr>er("@cusEm<wbr ></wbr>ail", adVarChar, adParamInput, 25, loginEmail)
set rschEmail = chEmail.execute
'Example #2. using Parameters with the Integer (INT)
' As you can tell, we are not adding in a number, this is because the INT does not require a length, it can be any length up to 1 billion.
Set chEmail = Server.CreateObject("ADODB<wbr ></wbr>.Command")<wbr ></wbr>
chEmail.ActiveConnection=o<wbr ></wbr>bjConn
chEmail.Prepared = true
chEmail.commandtext="SELEC<wbr ></wbr>T cusEmail, password, myID FROM ordercavecustomer WHERE myID =?"
chEmail.Parameters.Append chEmail.CreateParamet<wbr ></wbr>er("@myID"<wbr ></wbr>, adInteger, adParamInput, , getmyID)
set rschEmail = chEmail.execute
' Example #3. We are going to get multiple Queries
' Lets get these from our QueryString
' As you can see, we have the Parameters in order of the way they are listed in our Statement, if not, then it will give you an error.
getID = ProtectSQL(request.QuerySt<wbr ></wbr>ring("ID")<wbr ></wbr>)
getEmail = ProtectSQL(request.QuerySt<wbr ></wbr>ring("Emai<wbr ></wbr>l"))
Set chEmail = Server.CreateObject("ADODB<wbr ></wbr>.Command")<wbr ></wbr>
chEmail.ActiveConnection=o<wbr ></wbr>bjConn
chEmail.Prepared = true
chEmail.commandtext="SELEC<wbr ></wbr>T cusEmail, password, myID FROM ordercavecustomer WHERE myID =? and cusEmail=?"
chEmail.Parameters.Append chEmail.CreateParamet<wbr ></wbr>er("@myID"<wbr ></wbr>, adInteger, adParamInput, , getmyID)
chEmail.Parameters.Append chEmail.CreateParamet<wbr ></wbr>er("@cusEm<wbr ></wbr>ail", adVarChar, adParamInput, 25, loginEmail)
set rschEmail = chEmail.execute
'#4 INSERT Statement
' Once again, we have to have everything in order, to make sure that it gets inserted correctly and without error.
Set chEmail = Server.CreateObject("ADODB<wbr ></wbr>.Command")<wbr ></wbr>
chEmail.ActiveConnection=o<wbr ></wbr>bjConn
chEmail.commandtext="INSER<wbr ></wbr>T into ordercavecustomer(cusEmail<wbr ></wbr>, password, myID)values(?,?,?)"
chEmail.Parameters.Append chEmail.CreateParamet<wbr ></wbr>er("@cusEm<wbr ></wbr>ail", adVarChar, adParamInput, 25, loginEmail)
chEmail.Parameters.Append chEmail.CreateParamet<wbr ></wbr>er("@passw<wbr ></wbr>ord", adVarChar, adParamInput, 25, loginPass)
chEmail.Parameters.Append chEmail.CreateParamet<wbr ></wbr>er("@myID"<wbr ></wbr>, adInteger, adParamInput, , getmyID)
set rschEmail = chEmail.execute
'#5 UPDATE Statement
' Same as before, in order as they are written.
' The WHERE goes last, and as you can see, it is also last in the parameters list.
Set chEmail = Server.CreateObject("ADODB<wbr ></wbr>.Command")<wbr ></wbr>
chEmail.ActiveConnection=o<wbr ></wbr>bjConn
chEmail.commandtext="updat<wbr ></wbr>e ordercavecustomer set cusEmail=?, password=? where myID=?"
chEmail.Parameters.Append chEmail.CreateParamet<wbr ></wbr>er("@cusEm<wbr ></wbr>ail", adVarChar, adParamInput, 25, loginEmail)
chEmail.Parameters.Append chEmail.CreateParamet<wbr ></wbr>er("@passw<wbr ></wbr>ord", adVarChar, adParamInput, 25, loginPass)
chEmail.Parameters.Append chEmail.CreateParamet<wbr ></wbr>er("@myID"<wbr ></wbr>, adInteger, adParamInput, , getmyID)
set rschEmail = chEmail.execute
'#6 DELETE Statement
' This example will DELETE the item with the ID of whatever it is in the Querystring (or) FORM
Set chEmail = Server.CreateObject("ADODB<wbr ></wbr>.Command")<wbr ></wbr>
chEmail.ActiveConnection=o<wbr ></wbr>bjConn
chEmail.commandtext="delet<wbr ></wbr>e from ordercavecustomer where myID=?"
chEmail.Parameters.Append chEmail.CreateParamet<wbr ></wbr>er("@myID"<wbr ></wbr>, adInteger, adParamInput, , getmyID)
set rschEmail = chEmail.execute
'#7 Display the information to the visitor with the ReverseSQL inplace.
Set chEmail = Server.CreateObject("ADODB<wbr ></wbr>.Command")<wbr ></wbr>
chEmail.ActiveConnection=o<wbr ></wbr>bjConn
chEmail.Prepared = true
chEmail.commandtext="SELEC<wbr ></wbr>T cusEmail, password, username, mydate, fname, lname FROM ordercavecustomer WHERE cusEmail =?"
chEmail.Parameters.Append chEmail.CreateParamet<wbr ></wbr>er("@cusEm<wbr ></wbr>ail", adVarChar, adParamInput, 25, loginEmail)
set rschEmail = chEmail.execute
' first we need to make sure that a record exist for the Query
if not rschEmail.eof then
' Now. We want to show our information back to our visitor, so we need to reverse what we have protected. So we wrap our recordsets with the ReverseSQL Function
strEmail = ReverseSQL(rschEmail("cusE<wbr ></wbr>mail"))
strpassword = ReverseSQL(rschEmail("pass<wbr ></wbr>word"))
strusername = ReverseSQL(rschEmail("user<wbr ></wbr>name"))
strmydate = rschEmail("mydate")
strfname = ReverseSQL(rschEmail("fnam<wbr ></wbr>e"))
strlname = ReverseSQL(rschEmail("lnam<wbr ></wbr>e"))
elseif rschEmail.eof then
response.Write"Sorry, the user does not exist in our system, Sorry! Please try again later."
end if
%>
<table>
<tr><td class="MyTD">Full Name</td><td class="MyTD"><%=strfname&"<wbr ></wbr> "&strlname%></td></tr>
<tr><td class="MyTD">Email</td><td<wbr ></wbr> class="MyTD"><%=strEmail%><wbr ></wbr></td></tr><wbr ></wbr>
<tr><td class="MyTD">Username</td><wbr ></wbr><td class="MyTD"><%=strusernam<wbr ></wbr>e%></td></<wbr ></wbr>tr>
<tr><td class="MyTD">Password</td><wbr ></wbr><td class="MyTD"><%=strpasswor<wbr ></wbr>d%></td></<wbr ></wbr>tr>
<tr><td class="MyTD">Date Joined</td><td class="MyTD"><%=strmydate%<wbr ></wbr>></td></tr<wbr ></wbr>>
</table>
结论 (Conclusion)
All the codes that I show people how to do here and on other threads throughout EE, is what I use in my real-world applications, I WILL NOT give someone code that I would not trust and use myself on my own sites.
我向人们展示的所有代码以及在整个EE中如何在其他线程上使用的代码,都是我在实际应用程序中使用的代码,我不会给别人我不信任的代码, 并且不会在自己的站点上使用自己的代码。
Have Fun & Happy Programming
开心快乐编程
Carrzkiss
卡尔兹基斯
其他资源 (Additional Resources)
(please view the following code tutorial examples that I have written for EE)
(请查看以下我为EE编写的代码教程示例)
#1: Shows basically what we are doing here in this article.
#1:基本上显示本文中我们在做什么。
SELECT, INSERT, UPDATE, DELETE w/SQL & XSS Injection Prevention
使用SQL和XSS注入预防功能进行SELECT,INSERT,UPDATE,DELETE
Marked up with all the information that is here plus a LOT more.
标记了这里的所有信息以及更多信息。
http://ee.cffcs.com/Q_24801116/Q_24801116.asp
http://ee.cffcs.com/Q_24801116/Q_24801116.asp
code
码
http://ee.cffcs.com/Q_24801116/Q_24801116.zip
http://ee.cffcs.com/Q_24801116/Q_24801116.zip
#2: Protect your members online with a cookie that is also protected from SQL and XSS Injections.
#2:使用Cookie来在线保护您的会员,该cookie也可以免受SQL和XSS注入的攻击。
http://ee.cffcs.com/Q_24252782/login.asp
http://ee.cffcs.com/Q_24252782/login.asp
http://ee.cffcs.com/Q_24252782/Q_24252782.zip
http://ee.cffcs.com/Q_24252782/Q_24252782.zip
#3: Download without the physical path being known
#3:在不知道物理路径的情况下进行下载
http://ee.cffcs.com/Q_26208870/Q_26208870.asp
http://ee.cffcs.com/Q_26208870/Q_26208870.asp
(Click on the =>Download your file here<=)
(单击=>在此处下载文件<=)
Updated Article 08-03-2012.
更新了条款08-03-2012。
From this
由此
chEmail.Parameters.Append getMyProfile.CreateParameter
chEmail.Parameters.Append getMyProfile.CreateParameter
To this
对此
chEmail.Parameters.Append chEmail.CreateParameter
chEmail.Parameters.Append chEmail.CreateParameter
This is a HUGE Mistake on my part, and I wish to apologize to everyone that has come in here and learned from a mistake that I made.
对我而言,这是一个巨大的错误,我谨向来到这里并从我犯下的错误中吸取教训的每个人道歉。
Thank you to "rrhandle8" for pointing this out to me.
谢谢“ rrhandle8 ”向我指出这一点。
翻译自: https://www.experts-exchange.com/articles/3626/ASP-Classic-Using-Parameterized-Queries.html
asp参数化添加记录
272
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
