我正在使用Classic ASP向显示数据库行的表添加注释功能。插入的行将保存到数据库保存的备注,但以下代码无效。
<%
Dim fRemark
fRemark = Request.Form("Remarks")
Dim rsIntra,MyQryItr2
set cnIntra = Server.CreateObject("ADODB.Connection")
set MyQryItra2 = server.CreateObject ("ADODB.Recordset")
set rsIntra = Server.CreateObject("ADODB.Recordset")
MyQryItra2 = "select Remarks from [PurchaseOrderTrackInfo]"
rsIntra.Open MyQryItra,strRMSIDMcn
if rsIntra.eof then
MyQryItr2 = "insert into [PurchaseOrderTrackInfo] Remarks values N'" & fRemark & " '; "
cast(Remarks as int)
cnIntra.Execute MyQryItr2
else
rsIntra.close
set rsIntra = Nothing
set rsIntra = server.CreateObject("ADODB.Recordset")
MyQryItr2 = "UPDATE [PurchaseOrderTrackInfo] SET Remarks = N'" & fRemark & " '; where Remarks = rowID;"
end if
set rsIntra=Nothing
strConnDB= "Driver={SQL Server};Server=GB;Database=PurchaseOrderTrackInfo;UID=madfox;PWD=;"
%>
<td colspan="10" bordercolor=#3399ff bgcolor=#FFFF99 align="center">
<font face="Arabic Transparent" size="1" color="#800080"></font>
<form action=UpdatePO1.asp method=post >
<textarea name="Remarks" cols="20" rows="2" ><%=fRemark%></textarea>
<input type="submit" class="btn1" value="save" name="finish"/>
<input type="hidden" name="rowID" value="ID" />
</td>
</form>
<%
答案 0 :(得分:0)
您永远不会执行更新查询。您的更新语句似乎也没有效果,因为您使用备注列作为备注的存储和行ID。考虑向您的表添加rowid列并使用以下更新语句
MyQryItr2 = "UPDATE [PurchaseOrderTrackInfo] SET Remarks = N'" & fRemark & " ' where rowId =" & rowID
cnIntra.Execute MyQryItr2
由于您的代码容易受到SQL注入攻击,因此您应该查找参数化查询。