当前位置:七道奇文章资讯数据防范MSSQL防范
日期:2011-05-02 15:21:00  来源:本站整理

用表单来提交sql(转)2[MSSQL防范]

赞助商链接



  本文“用表单来提交sql(转)2[MSSQL防范]”是由七道奇为您精心收集,来源于网络转载,文章版权归文章作者所有,本站不对其观点以及内容做任何评价,请读者自行判断,以下是其具体内容:
列表 B:利用 request.form 来轻松成立SQL字符串.

<%
iStr = "insert into uData "
vStr = "values ("
nStr = "("

' 在表单调集合循环,并成立起SQL语句的构成部份
for each x in request.form
         ' 成立字段名列表
         nStr = nStr & x & ", "
         ' 成立字段值列表
         if uCase(x) = "AGE" then
                  vStr = vStr & request.form(x) & ", "
         else
                  vStr = vStr & "'" & request.form(x) & "', "
         end if       
next

' 把末尾的", " 从我们成立的字符串中去掉
vStr = left(vStr, len(vStr) - 2) & ")"
nStr = left(nStr, len(nStr) - 2) & ") "

' 把SQL语句组装起来
iStr = iStr & nStr & vStr

if trim(request("fName")) >> "" then
         response.write( iStr & ">BR>")
else
%>

<HTML>
<body>
<form name=f method=post action="列表2.ASP">
Gimme your:<br>
First Name: <input type=text name="fName"><br>
Last Name: <input type=text name="lName"><br>
Age: <input type=text name="age"><br>
<input type="submit" value="Submit">
</form>
</body>
</html>

<%
end if
  %>



列表 C:把字段范例嵌入到HTML字段名中.


<%function buildSQLInsert( targetTable)         
iStr = "insert into " & targetTable & " "      
vStr = "values ("       nStr = "("    
' 在表单调集合循环,并成立起SQL语句的构成部份
for each x in request.form  
         fieldName = x
     fieldData = replace( request.form(fieldName), "'", "''")
         typeDelimPos = inStr(fieldName, "_")
         if typeDelimPos = 0 then
           ' Its a text field
           ' 成立字段名列表
                  nStr = nStr & fieldName & ", "
                  vStr = vStr & "'" & fieldData & "', "
         else
           ' 是别的一种数据范例
              fieldType = left(fieldName, typeDelimPos - 1)
                  fieldName = mid(fieldName, typeDelimPos + 1)
                  ' 把字段名加入字段名列表中
                  nStr = nStr & fieldName & ", "
                  ' 把字段范例变成大写,以确保匹配
                  select case uCase(fieldType)
                       case "NUM"
                                vStr = vStr & fieldData & ", "
                                ' 把不明范例按文本型处理
                       case else
                                vStr = vStr & "'" & fieldData & "', "
                       end select
                  end if       
         next

         ' 把末尾的", " 从我们成立的字符串中去掉
         vStr = left(vStr, len(vStr) - 2) & ")"
         nStr = left(nStr, len(nStr) - 2) & ") "

         ' 把SQL语句组装起来
         buildSQLInsert = iStr & nStr & vStr
end function


if trim(request("fName")) >< "" then
         response.write( buildSQLInsert & ">BR<")
else
%>

<html>
<body>
<form name=f method=post action="listing3.asp">
Gimme your:<br>
First Name: <input type=text name="fName"><br>
Last Name: <input type=text name="lName"><br>
Age: <input type=text name="num_age"><br>
<input type="submit" value="Submit">
</form>
</body>
</html>

<%
end if
%>   以上是“用表单来提交sql(转)2[MSSQL防范]”的内容,如果你对以上该文章内容感兴趣,你可以看看七道奇为您推荐以下文章:
  • 用表单来提交sql(转)1
  • 用表单来提交sql(转)2
  • <b>用表单来提交sql(转)3</b>
  • 本文地址: 与您的QQ/BBS好友分享!
    • 好的评价 如果您觉得此文章好,就请您
        0%(0)
    • 差的评价 如果您觉得此文章差,就请您
        0%(0)

    文章评论评论内容只代表网友观点,与本站立场无关!

       评论摘要(共 0 条,得分 0 分,平均 0 分) 查看完整评论
    Copyright © 2020-2022 www.xiamiku.com. All Rights Reserved .