这是我的代码:
if Request.Form("authorize") <> "" and request.form("delete") <> "true" then
post_ids = Request.form("authorize")
ids = split(post_ids, ",")
For i = LBound(ids) to UBound(ids)
sql = "update tbl_comments set authorized = 'true' where comment_id = " & ids(i)
pageDB.execute(sql)
Next
message = "<div id=""succeed""><strong>Updated</strong>: Your comments have been approved.</div>"
end if
不是仅仅将“消息”设置为成功消息,而是希望按照...的方式做一些事情。
if(pageDB.execute(sql) was succesful) then
message = "<div id=""succeed""><strong>Updated</strong>: Your comments have been approved.</div>"
else
message = "<div id=""error""><strong>Error</strong>: Your comments have not been approved.</div>"
end if
答案 0 :(得分:1)
您需要将pageDB.execute(sql)放在try catch块
中像这样的东西
message = "<div id=""succeed""><strong>Updated</strong>: Your comments have been approved.</div>"
Try
pageDB.execute(sql)
Catch ex as Exception
message = "<div id=""error""><strong>Error</strong>: Your comments have not been approved.</div>"
End Try
正如您的问题中的评论所暗示的那样,您不应该更新像这样的SQL数据库,因为您将数据库暴露给黑客(非常容易入侵)
请考虑使用命令参数。网上有很多关于此事的内容。
修改
现在我们谈论的经典ASP错误处理并不容易,但仍然可行。它是一个更大的主题,所以我建议你看一下这篇文章。
http://www.15seconds.com/issue/990603.htm
pageDB是什么类型的对象?