在标记中声明参数化查询

时间:2012-08-20 18:03:36

标签: sql-server sql-server-2008 asp-classic parameters

我正在尝试在未参数化的ASP-Classic中转换SQL Server 2008 R2 Express查询,因此我执行了以下操作(请参阅下面的代码),但我一直收到错误消息:

  

Object不支持此属性或方法:'Parameters'

有人可以告诉我我做错了什么!

谢谢!

<%
' OPEN DATABASE
dim objConn, objRS, objTRS, objUnit
dim strConnection
set objConn = Server.CreateObject("ADODB.Connection")
objConn.ConnectionString = "Driver={SQL Server};Server=MSSQLSrv;Database=DbTest;UID=blablabala;PWD=blablabala"
objConn.Open strConnection
set objRS = Server.CreateObject("ADODB.Recordset")
set objRS.ActiveConnection = objConn
strQuery = "SELECT USERNAME,PASSWORD from CUSTOMERS where EMAIL=?"
objRS.Parameters(0) = Request.QueryString("email")
objRS.Open strQuery
%>

3 个答案:

答案 0 :(得分:2)

如果您尝试将其设为参数查询,则需要先创建命令对象和参数。例如:

' create your command object
Const adCmdText = &H0001
Set objCmd = Server.CreateObject("ADODB.Command")
objCmd.ActiveConnection = YourConnectionString
objCmd.CommandType = adCmdText    ' Evaluate as textual definition, not stored procedure

'now create query and add parameters
strQuery = "SELECT USERNAME,PASSWORD from CUSTOMERS where EMAIL=?"  
objCmd.CommandText=strQuery
objCmd.Parameters.Append = objCmd.CreateParameter("ParameterName", ParameterType, adParamInput,   parameterSize, ParameterValue)
SET objRS = objCmd.execute(strSQL)
Set objCmd=Nothing

答案 1 :(得分:2)

参数集合位于command对象而不是recordset

这是一些有效的VB6代码,参数名称并不重要,因为参数顺序是重要的。 

    Dim rst As Recordset
    Dim cmd As ADODB.Command
    Set cmd = New Command

    With cmd
        .CommandText = "SELECT USERNAME,PASSWORD from CUSTOMERS where EMAIL=?" ' this proc also returns factor info
        .CommandType = adCmdText
        Set .ActiveConnection = objconn
        .Parameters.Append .CreateParameter("@Email", adVarChar, adParamInput, 50, "Email")

        Set rst = cmd.Execute
    End With

答案 2 :(得分:1)

您可以这样做:

    ' OPEN DATABASE
    dim objConn,objRS,objTRS,objUnit

   Const adCmdText = &H0001

    Set objConn = Server.CreateObject("ADODB.Command") 
    objConn.ActiveConnection = "Driver={SQL Server};Server=MSSQLSrv;Database=DbTest;UID=blablabala;PWD=blablabala"

   objConn.CommandType = adCmdText

    strQuery = "SELECT USERNAME,PASSWORD from CUSTOMERS where EMAIL=?"
    objConn.CommandText=strQuery 
    objConn.Parameters(0) = Request.QueryString("email")
    SET objRS = objConn.execute(strQuery)
相关问题
最新问题