发表新帖
发表新帖

Troubleshooting a Parameterized SQL Statement in asp

后端 未结
关注
2 793
小鲜肉
小鲜肉 2021-01-13 09:18

I\'m trying to secure some legacy code written in what I guess is VB or asp(Not really sure if there is a difference). When I try to execute the statement the page gets an i

2条回答
  • 醉酒成梦
    醉酒成梦 (楼主)
    2021-01-13 09:52

    When using a CommandType of adCmdText the placeholder expected by ADODB is ? and trying to passed named parameters like @fy in the CommandText will fail. It is an unfortunate failing in ADODB that

    countCmd.NamedParameters = True

    only works with a CommandType of adCmdStoredProc and only with certain providers.

    However there is a simple workaround for SQL Server (and possibly other providers depending on what they support) which is to build the named parameters in the CommandText like so;

    countCmd.commandText = _
    "DECLARE @fy AS VARCHAR(255);" & vbCrLf & _
    "SET @fy = ?;" & vbCrLf & _
    "SELECT COUNT(*) FROM [table1] WHERE FY=@fy;"

    Useful Links

    • ADO parameterised query not returning any result

    • ADODB.Parameters error '800a0e7c' Parameter object is improperly defined. Inconsistent or incomplete information was provided

    0 讨论(0)
 看不清?
提交回复
热议问题