set comm = server.createobject("adodb.command")
comm.ActiveConnection = conn
comm.commandtext = "insert into userinfo(userid,username,nickname) values (seq_userid.nextval,:username,:nickname) returning userid into :newid"
comm.commandtype = 1
comm.Parameters.Append comm.CreateParameter(":username", 200, 1, 100,"aaa")
comm.Parameters.Append comm.CreateParameter(":nickname", 200, 1, 100, "小鸭子")
comm.Parameters.Append comm.CreateParameter(":newid", 200, 2, 10)
comm.execute()
response.write("返回值:"&comm.Parameters(":newid").value)
set rs=nothing
Set comm.ActiveConnection= Nothing
set comm=nothing
asp利用Parameters对象,实现防止sql注入,执行sql语句并返回变量值
最新推荐文章于 2018-11-21 22:01:59 发布