我正在测试查询分析器上的sql查询,它运行得很好,这里是:
INSERT INTO Questions(QuestionText, QuestionType)
VALUES('test','test')
DECLARE @testID int
SET @testID = @@identity
INSERT INTO Questions(QuestionText)
VALUES (@testID)
(我只是测试了@@ identity功能)
然而,只要我尝试在我的网站上实现它(我使用SQL与asp Classic一起使用)我就会收到错误,有人可以告诉我,我做错了吗?这是我在asp中添加的内容:
set rs=Server.CreateObject("ADODB.recordset")
rs.Open "Select * from Questions", conn
sql="INSERT INTO Questions(QuestionText, QuestionType)"
sql=sql & " VALUES "
sql=sql & "('" & qtext & "',"
sql=sql & "'" & "checkbox" & "')"
sql=sql & "DECLARE @testID int"
sql=sql & "SET @testID = @@identity"
sql=sql & "INSERT INTO Questions(QuestionText)"
sql=sql & " VALUES "
sql=sql & "(@testID)"
on error resume next
conn.Execute sql,recaffected
if err<>0 then
Response.Write("An Error Has Occured")
else
Response.write("Data Added")
end if
conn.close
答案 0 :(得分:2)
在连接SQL时,SQL中没有空格,所以:
sql="INSERT INTO Questions(QuestionText, QuestionType)"
sql=sql & " VALUES "
sql=sql & "('" & qtext & "',"
sql=sql & "'" & "checkbox" & "')"
sql=sql & "DECLARE @testID int"
sql=sql & "SET @testID = @@identity"
sql=sql & "INSERT INTO Questions(QuestionText)"
sql=sql & " VALUES "
sql=sql & "(@testID)"
将产生
"INSERT INTO Questions(QuestionText, QuestionType) VALUES ('', '')DECLARE @testID intSET @testID = @@identityINSERT INTO Questions(QuestionText) VALUES (@testID);
正如您所看到的,您最终会遇到无效语法:
DECLARE @testID intSET @testID = @@identityINSERT
快速解决方法是添加空格和/或terminate your statements properly with a semi-colon:
sql="INSERT INTO Questions(QuestionText, QuestionType)"
sql=sql & " VALUES "
sql=sql & "('" & qtext & "',"
sql=sql & "'" & "checkbox" & "');"
sql=sql & "DECLARE @testID int;"
sql=sql & "SET @testID = @@identity;"
sql=sql & "INSERT INTO Questions(QuestionText)"
sql=sql & " VALUES "
sql=sql & "(@testID);"
最好还是使用parameterised queries,你当前的代码不是类型安全的,容易受到sql注入,并且无法利用查询计划缓存。
最后@@IDENTITY几乎不是正确使用的函数,您应该使用SCOPE_IDENTITY() - See this answer for more info
修改
我知道这只是一个用于测试的原型类型查询,但您可以将查询转换为单个语句,如下所示:
INSERT INTO Questions(QuestionText, QuestionType)
OUTPUT inserted.QuestionText INTO Questions (QuestionText)
OUTPUT inserted.QuestionText
VALUES (?, ?);
第一个输出语句将插入再次插入表中的QuestionText的值,第二个输出将该值返回给ASP。
答案 1 :(得分:-1)
以下是经典ASP中2个简单易用的函数来执行SQL的东西
'---------------------------------------------------------------------------------------
' Generates Recordset from SQL String and either Connection String or Connection Object
' (works with both), 3rd paramter bForUpdate (true/false) specifies if the returned
' Recordset is read-only or allows updates
'
' Returns ADODB Recordset as Result
' Example Usage:
'
' Dim conn : Set conn = Server.CreateObject("ADODB.Connection)
' conn.open "YOUR CONNECTION STRING"
' Dim rs, strSQL
' strSQL = "Select * From Table;"
' Set rs = GenerateRecordSet(strSQL, conn)
' If not rs.EOF Then
' ...
' End If
'---------------------------------------------------------------------------------------
Function GenerateRecordSet(byVal sqlstring, byVal connDSN, byVal bForUpdate) 'as ADODB.Recordset
' Create a Recordset based on SQL Statement
Dim oRecSet
Set oRecSet = Server.CreateObject("ADODB.Recordset")
oRecSet.CursorLocation = 3
If bForUpdate Then
oRecSet.open sqlstring, connDSN, 3,2
Else
oRecSet.open sqlstring, connDSN
End If
Set GenerateRecordSet = oRecSet
End Function
'---------------------------------------------------------------------------------------
' Execute a Stored Procedure or sql statement without return values
' Requires sql string to execute and either DSN connection string to database or
' ADODB.Connection object
' Returns Nothing*
' (using Function instead of Sub that programmers can use FN(param) without
' getting any errors)
'---------------------------------------------------------------------------------------
Function ExecSP(byVal sqlstring, byVal connDSN) 'nothing
Dim bCloseConn : bCloseConn = False
If Not isObject(connDSN) Then
Dim connStr : connStr = connDSN
bCloseConn = True
Set connDSN = Server.CreateObject("ADODB.Connection")
connDSN.ConnectionTimeout = 10000
connDSN.CommandTimeout = 10000
connDSN.Open connStr
End If
connDSN.Execute "SET DEADLOCK_PRIORITY LOW" 'Optional, you can comment it out, if not needed
connDSN.Execute sqlstring
If bCloseConn Then
connDSN.close
Set connDSN = Nothing
End If
End Function