Parameterized query in Classic Asp

Question

My db access code is like following:

set recordset = Server.CReateObject(\"ADODB.Recordset\")
set cmd1  = Server.CreateObject(\"ADODB.Command\")
cmd1.ActiveC         


        

Answer 1

If you have a complex criteria using parameters here is an example I had to create based on my requirements

    declare @loc smallint = ? , @dt1 date = ? SET @loc = ISNULL(@loc, 999) 
    SELECT m.* , c.*
    FROM Costs c INNER JOIN MbrData m ON c.SN = m.SN and c.startDT = m.startDT 
    WHERE (m.LocationID = @loc OR @loc = 999) AND (MonthYear = @dt1 OR @dt1 IS NULL) 
    ORDER BY m.LocationID

then in your asp

    cmd.CommandText = strSQL ' the string above
cmd.CommandType = 1 ' adCmdText
cmd.Parameters.Append cmd.CreateParameter("@loc",2,1) 'adSmallInt=2, adParamInput=1
cmd.Parameters("@loc") = rptlocation ' scrubbed location ID
cmd.Parameters.Append cmd.CreateParameter("@dt1",7,1) 'adDate=7, adParamInput=1
cmd.Parameters("@dt1") = scrubbed formatted date
set rst = cmd.Execute