asp执行带参数的sql语句实例
程序员文章站
2022-07-02 18:14:17
asp执行带参数的sql语句,需要向sql语句添加参数,可以有效屏蔽sql注入,源代码如下:
复制代码 代码如下:
var conn = server.createob...
asp执行带参数的sql语句,需要向sql语句添加参数,可以有效屏蔽sql注入,源代码如下:
复制代码 代码如下:
var conn = server.createobject("adodb.connection");
conn.connectionstring = "provider=microsoft.jet.oledb.4.0;data source=" + server.mappath("test.mdb");
conn.open();
var cmd = server.createobject("adodb.command");
cmd.activeconnection = conn;
cmd.commandtype = 1;
cmd.commandtext = "select top 1 * from [user] where username = ? and password = ?";
cmd.parameters.append(cmd.createparameter("@username", 200, 1, 20, "user01"));
cmd.parameters.append(cmd.createparameter("@password", 200, 1, 16, "123456"));
var rs = cmd.execute();
response.write(rs("userid").value);
rs.close();
conn.close();