问题
What is the ASP Classic SQL query equivalent for this Oracle SQL:
SELECT column1 FROM table WHERE column2 = '&num' AND column2 LIKE '&nam%';
回答1:
read about classic asp, adodb and so on, really!
here's a untested example:
sql = "SELECT column1 FROM table WHERE column2 = ? AND column3 LIKE ? + '%'"
set cmd = server.createobject("ADODB.Command")
cmd.activeconnection = yourConnection
cmd.commandText = SQL
cmd.Parameters.Append( cmd.CreateParameter("column2", adVarchar, , 512, valOfColumn2) )
cmd.Parameters.Append( cmd.CreateParameter("column3", adVarchar, , 512, valOfColumn3) )
set rs = cmd.execute
Note that the syntax for string concetenation in the SQL string could differ per database System. i don't know the Syntax in Oracle... by that i mean the "LIKE ? + '%'" Portion of the SQL string.
Furthermore i do not know the definition of your table so i assumed column2 and column3 are varchar fields with a length of 512.
Finally here is a link to MSDN for your further reading about ADODB.Command and so on.
And here is a link about SQL-Injection - READ IT!.
来源:https://stackoverflow.com/questions/18523637/asp-classic-sql-multiple-parameters