日期:2011-05-02 15:21:00 来源:本站整理
<b>用表单来提交sql(转)3</b>[MSSQL防范]
本文“<b>用表单来提交sql(转)3</b>[MSSQL防范]”是由七道奇为您精心收集,来源于网络转载,文章版权归文章作者所有,本站不对其观点以及内容做任何评价,请读者自行判断,以下是其具体内容:
列表 D: buildSQLInsert函数的终究版.
<%
function buildSQLInsert( targetTable, omitFields)
iStr = "insert into " & targetTable & " "
vStr = "values ("
nStr = "("
' 在表单调集合循环,并成立起SQL语句的构成部份
for each x in request.form
fieldName = uCase(x)
' 判断字段能否被省略?
if inStr(uCase(omitFields),x) = 0 then
fieldData = replace(request.form(fieldName), _
"'", "''")
' 假如没有数据,就插入 NULL
if trim(fieldData) = "" then
fieldData = "NULL"
vStr = vStr & fieldData & ", "
nStr = nStr & fieldName & ", "
else
typeDelimPos = inStr(fieldName, "_")
if typeDelimPos = 0 then
' 是文本字段
' 成立字段名列表
nStr = nStr & fieldName & ", "
vStr = vStr & "'" & fieldData & "', "
else
' 字段是别的范例
fieldType = left(fieldName, typeDelimPos - 1)
fieldName = mid(fieldName, typeDelimPos + 1)
' 把字段名加入名称列表
nStr = nStr & fieldName & ", "
' 把字段范例变成大写以确保匹配
select case uCase(fieldType)
case "NUM"
vStr = vStr & fieldData & ", "
'把不明范例按文本型处理
case else
vStr = vStr & "'" & fieldData & "', "
end select
end if
end if
end if
next
' 把末尾的", " 从我们成立的字符串中去掉
vStr = left(vStr, len(vStr) - 2) & ")"
nStr = left(nStr, len(nStr) - 2) & ") "
' 把SQL语句整合起来
buildSQLInsert = iStr & nStr & vStr
end function
if trim(request("fName")&request("lname")&request("age")) <> "" then
response.write( buildSQLInsert("") & "<BR<")
response.write( buildSQLInsert("NUM_AGE") & "<BR>")
response.write( buildSQLInsert("lname,fname") & "<BR>")
response.write( buildSQLInsert("mycheckbox,fname") &
=<"<BR<")
else
%>
<HTML>
<body>
<form name=f method=post action="列表4.ASP">
Gimme your:<br>
First Name: <input type=text name="fName"<<br>
Last Name: <input type=text name="lName"<<br>
Age: <input type=text name="num_age"<<br>
<input type="checkbox" value="Y" name="MyCheckBox"<Do you want this checked?<br>
<input type="submit" value="Submit">
</form>
</body>
</html>
<%
end if
%>
列表 D: buildSQLInsert函数的终究版.
<%
function buildSQLInsert( targetTable, omitFields)
iStr = "insert into " & targetTable & " "
vStr = "values ("
nStr = "("
' 在表单调集合循环,并成立起SQL语句的构成部份
for each x in request.form
fieldName = uCase(x)
' 判断字段能否被省略?
if inStr(uCase(omitFields),x) = 0 then
fieldData = replace(request.form(fieldName), _
"'", "''")
' 假如没有数据,就插入 NULL
if trim(fieldData) = "" then
fieldData = "NULL"
vStr = vStr & fieldData & ", "
nStr = nStr & fieldName & ", "
else
typeDelimPos = inStr(fieldName, "_")
if typeDelimPos = 0 then
' 是文本字段
' 成立字段名列表
nStr = nStr & fieldName & ", "
vStr = vStr & "'" & fieldData & "', "
else
' 字段是别的范例
fieldType = left(fieldName, typeDelimPos - 1)
fieldName = mid(fieldName, typeDelimPos + 1)
' 把字段名加入名称列表
nStr = nStr & fieldName & ", "
' 把字段范例变成大写以确保匹配
select case uCase(fieldType)
case "NUM"
vStr = vStr & fieldData & ", "
'把不明范例按文本型处理
case else
vStr = vStr & "'" & fieldData & "', "
end select
end if
end if
end if
next
' 把末尾的", " 从我们成立的字符串中去掉
vStr = left(vStr, len(vStr) - 2) & ")"
nStr = left(nStr, len(nStr) - 2) & ") "
' 把SQL语句整合起来
buildSQLInsert = iStr & nStr & vStr
end function
if trim(request("fName")&request("lname")&request("age")) <> "" then
response.write( buildSQLInsert("") & "<BR<")
response.write( buildSQLInsert("NUM_AGE") & "<BR>")
response.write( buildSQLInsert("lname,fname") & "<BR>")
response.write( buildSQLInsert("mycheckbox,fname") &
=<"<BR<")
else
%>
<html>
<body>
<form name=f method=post action="列表4.asp">
Gimme your:<br>
First Name: <input type=text name="fName"<<br>
Last Name: <input type=text name="lName"<<br>
Age: <input type=text name="num_age"<<br>
<input type="checkbox" value="Y" name="MyCheckBox"<Do you want this checked?<br>
<input type="submit" value="Submit">
</form>
</body>
</html>
<%
end if
%&g
以上是“<b>用表单来提交sql(转)3</b>[MSSQL防范]”的内容,如果你对以上该文章内容感兴趣,你可以看看七道奇为您推荐以下文章:
本文地址: | 与您的QQ/BBS好友分享! |
评论内容只代表网友观点,与本站立场无关!
评论摘要(共 0 条,得分 0 分,平均 0 分)
查看完整评论