当前位置:七道奇文章资讯数据防范MSSQL防范
日期:2011-05-02 15:21:00  来源:本站整理

<b>用表单来提交sql(转)3</b>[MSSQL防范]

赞助商链接



  本文“<b>用表单来提交sql(转)3</b>[MSSQL防范]”是由七道奇为您精心收集,来源于网络转载,文章版权归文章作者所有,本站不对其观点以及内容做任何评价,请读者自行判断,以下是其具体内容:
列表 D: buildSQLInsert函数的终究版.


<%
function buildSQLInsert( targetTable, omitFields)
         iStr = "insert into " & targetTable & " "
         vStr = "values ("
         nStr = "("
         ' 在表单调集合循环,并成立起SQL语句的构成部份
         for each x in request.form
                  fieldName = uCase(x)
                  ' 判断字段能否被省略?
                  if inStr(uCase(omitFields),x) = 0 then
                       fieldData = replace(request.form(fieldName), _
                                "'", "''")
                       ' 假如没有数据,就插入 NULL
                       if trim(fieldData) = "" then
                                fieldData = "NULL"
                                vStr = vStr & fieldData & ", "
                                nStr = nStr & fieldName & ", "
                       else
                                typeDelimPos = inStr(fieldName, "_")
                                if typeDelimPos = 0 then
                                     ' 是文本字段
                                     ' 成立字段名列表
                                     nStr = nStr & fieldName & ", "
                                     vStr = vStr & "'" & fieldData & "', "
                                else
                                     ' 字段是别的范例
                                     fieldType = left(fieldName, typeDelimPos - 1)
                                     fieldName = mid(fieldName, typeDelimPos + 1)
                                     ' 把字段名加入名称列表
                                     nStr = nStr & fieldName & ", "
                                     ' 把字段范例变成大写以确保匹配
                                     select case uCase(fieldType)
                                              case "NUM"
                                              vStr = vStr & fieldData & ", "
                                              '把不明范例按文本型处理
                                              case else
                                              vStr = vStr & "'" & fieldData & "', "
                                     end select
                                end if       
                       end if
                  end if
         next

         ' 把末尾的", " 从我们成立的字符串中去掉
         vStr = left(vStr, len(vStr) - 2) & ")"
         nStr = left(nStr, len(nStr) - 2) & ") "

         ' 把SQL语句整合起来
         buildSQLInsert = iStr & nStr & vStr
end function


if trim(request("fName")&request("lname")&request("age")) <> "" then
         response.write( buildSQLInsert("") & "<BR<")
         response.write( buildSQLInsert("NUM_AGE") & "<BR>")
         response.write( buildSQLInsert("lname,fname") & "<BR>")
         response.write( buildSQLInsert("mycheckbox,fname") &
         =<"<BR<")
else
%>

<HTML>
<body>
<form name=f method=post action="列表4.ASP">
Gimme your:<br>
First Name: <input type=text name="fName"<<br>
Last Name: <input type=text name="lName"<<br>
Age: <input type=text name="num_age"<<br>
<input type="checkbox" value="Y" name="MyCheckBox"<Do you want this checked?<br>
<input type="submit" value="Submit">
</form>
</body>
</html>

<%
end if
  %>




列表 D: buildSQLInsert函数的终究版.


<%
function buildSQLInsert( targetTable, omitFields)
         iStr = "insert into " & targetTable & " "
         vStr = "values ("
         nStr = "("
         ' 在表单调集合循环,并成立起SQL语句的构成部份
         for each x in request.form
                  fieldName = uCase(x)
                  ' 判断字段能否被省略?
                  if inStr(uCase(omitFields),x) = 0 then
                       fieldData = replace(request.form(fieldName), _
                                "'", "''")
                       ' 假如没有数据,就插入 NULL
                       if trim(fieldData) = "" then
                                fieldData = "NULL"
                                vStr = vStr & fieldData & ", "
                                nStr = nStr & fieldName & ", "
                       else
                                typeDelimPos = inStr(fieldName, "_")
                                if typeDelimPos = 0 then
                                     ' 是文本字段
                                     ' 成立字段名列表
                                     nStr = nStr & fieldName & ", "
                                     vStr = vStr & "'" & fieldData & "', "
                                else
                                     ' 字段是别的范例
                                     fieldType = left(fieldName, typeDelimPos - 1)
                                     fieldName = mid(fieldName, typeDelimPos + 1)
                                     ' 把字段名加入名称列表
                                     nStr = nStr & fieldName & ", "
                                     ' 把字段范例变成大写以确保匹配
                                     select case uCase(fieldType)
                                              case "NUM"
                                              vStr = vStr & fieldData & ", "
                                              '把不明范例按文本型处理
                                              case else
                                              vStr = vStr & "'" & fieldData & "', "
                                     end select
                                end if       
                       end if
                  end if
         next

         ' 把末尾的", " 从我们成立的字符串中去掉
         vStr = left(vStr, len(vStr) - 2) & ")"
         nStr = left(nStr, len(nStr) - 2) & ") "

         ' 把SQL语句整合起来
         buildSQLInsert = iStr & nStr & vStr
end function


if trim(request("fName")&request("lname")&request("age")) <> "" then
         response.write( buildSQLInsert("") & "<BR<")
         response.write( buildSQLInsert("NUM_AGE") & "<BR>")
         response.write( buildSQLInsert("lname,fname") & "<BR>")
         response.write( buildSQLInsert("mycheckbox,fname") &
         =<"<BR<")
else
%>

<html>
<body>
<form name=f method=post action="列表4.asp">
Gimme your:<br>
First Name: <input type=text name="fName"<<br>
Last Name: <input type=text name="lName"<<br>
Age: <input type=text name="num_age"<<br>
<input type="checkbox" value="Y" name="MyCheckBox"<Do you want this checked?<br>
<input type="submit" value="Submit">
</form>
</body>
</html>

<%
end if
  %&g
  以上是“<b>用表单来提交sql(转)3</b>[MSSQL防范]”的内容,如果你对以上该文章内容感兴趣,你可以看看七道奇为您推荐以下文章:
  • <b>hosts是什么 hosts文件在什么位置 若何改正hosts</b>
  • <b>在 Windows 8 中手动安装语言包</b>
  • <b>五个常见 PHP数据库问题</b>
  • Windows中Alt键的12个高效快速的利用本领介绍
  • <b>MySQL ORDER BY 的实现解析</b>
  • <b>详解MySQL存储历程参数有三种范例(in、out、inout)</b>
  • <b>Win8系统恢复出来经典的开始菜单的办法</b>
  • <b>Win8系统花屏怎么办 Win8系统花屏的办理办法</b>
  • <b>Windows 7系统下无线网卡安装</b>
  • <b>为什么 Linux不需求碎片整理</b>
  • <b>Windows 8中删除账户的几种办法(图)</b>
  • <b>教你如安在win7下配置路由器</b>
  • 本文地址: 与您的QQ/BBS好友分享!
    • 好的评价 如果您觉得此文章好,就请您
        0%(0)
    • 差的评价 如果您觉得此文章差,就请您
        0%(0)

    文章评论评论内容只代表网友观点,与本站立场无关!

       评论摘要(共 0 条,得分 0 分,平均 0 分) 查看完整评论
    Copyright © 2020-2022 www.xiamiku.com. All Rights Reserved .