构建Select语句

时间:2015-05-21 17:33:34

标签: vbscript

以下SELECT语句在相应的查询表单上使用单选按钮时工作正常,但在将无线电更改为复选框时出错,并且我选择了2个或更多复选框执行查询。任何有关我做错的建议都将不胜感激。

strSelect = "SELECT * FROM qryMyQuery WHERE"
Select Case strOption
Case "Name" 
  strSelect = strSelect & " Name='" & UCase(strName) & "'"

Case "Location" 
  strSelect = strSelect & " Location='" & UCase(strLocation) & "'"

Case "Type"
  strSelect = strSelect & " Type='" & UCase(strType) & "'"

Case "Season"
  strSelect = strSelect & " Season='" & UCase(strSeason) & "'"

Case "Duration"
  strSelect = strSelect & " Duration='" & UCase(strDuration) & "'"

Case "Year"
  strSelect = strSelect & " Year='" & UCase(strYear) & "'"

End Select 

错误发生在SELECT语句后不久的第111行和我建立数据库连接之后。

  

第111行:       设置RS = dB.Execute(strSelect)

错误如下:

Microsoft OLE DB Provider for ODBC Drivers错误'80040e14'  [Microsoft] [ODBC Microsoft Access驱动程序] WHERE子句中的语法错误。  /query2.asp,第111行

这是简化的查询表格......

<%@ Language="VBScript" %>

<%

' *** Dim the variables ***
Dim strName
Dim strLocation
Dim strType
Dim strSeason
Dim strYear
Dim strDuration
Dim strSubmit
Dim DB
Dim strInsert
Dim seloption

' *** Open the database ***
Set DB = Server.CreateObject("ADODB.Connection")
DB.ConnectionTimeout=60
DB.Open "XXXX"

%>

<FORM ACTION="query2.asp" METHOD="get">

<B>Object Name:</B>
<INPUT TYPE="checkbox" NAME="seloption" VALUE="Name" CHECKED>
<INPUT TYPE="text" NAME=Name>

<B>Location/Region:</B>
     <INPUT TYPE="checkbox" NAME="seloption" VALUE="Location">
     <SELECT size=1 name=Location>
     <option name="Location" value="AAA">AAA</option>
     <option name="Location" value="BBB">BBB</option>
      </select>

<B>Season:</B>
     <INPUT TYPE="checkbox" NAME="seloption" VALUE="Season">
     <SELECT size=1 name=Season>
     <option name="Season" value="Summer">Summer</option>
      <option name="Season" value="Fall">Fall</option>
      </select>

    <B>Type:</B>
    <INPUT TYPE="checkbox" NAME="seloption" VALUE="Type">
     <SELECT size=1 name=Type>
      <option name="Type" value="CCC">CCC</option>
      <option name="Type" value="DDD">DDD</option>
     </select>  

<B>Year:</B>
  <INPUT TYPE="checkbox" NAME="seloption" VALUE="Yr">
    <SELECT size=1 name=Yr>
    <option name="Year" value="2015">2015</option>
    <option name="Year" value="2014">2014</option>
    <option name="Year" value="various">various</option>
    </select>

<B>Duration:</B>
<INPUT TYPE="checkbox" NAME="seloption" VALUE="Duration">
    <SELECT size=1 name=Duration>
    <option name="Duration" value="1 day">1 day</option>
    <option name="Duration" value="2 days">2 days</option>
    <option name="Duration" value="na">n/a</option>
    </select>

     <INPUT TYPE="submit" VALUE="Submit Query">
     <INPUT TYPE="submit" VALUE="Show All" NAME="btnAll">
     <INPUT TYPE="reset" VALUE="Clear Form">

</FORM>

<%
dB.Close
%>

2 个答案:

答案 0 :(得分:0)

至少,您有一些保留字用作需要方括号的字段名称,以便将它们正确解释为存储的 qryMyQuery 查询的字段。

strSelect = "SELECT * FROM qryMyQuery WHERE"
Select Case strOption
    Case "Name" 
      strSelect = strSelect & " [Name]='" & UCase(strName) & "'"
    Case "Location" 
      strSelect = strSelect & " Location='" & UCase(strLocation) & "'"
    Case "Type"
      strSelect = strSelect & " [Type]='" & UCase(strType) & "'"
    Case "Season"
      strSelect = strSelect & " Season='" & UCase(strSeason) & "'"
    Case "Duration"
      strSelect = strSelect & " Duration='" & UCase(strDuration) & "'"
    Case "Year"
      strSelect = strSelect & " [Year]=" & strYear
End Select 

请注意,我已将 [YEAR] 字段解释为数字。

答案 1 :(得分:0)

我怀疑你的一个变量是直接从html复选框中获取的,我是对吗?

在这种情况下,如果您选择多个具有相同名称的复选框,则最终会得到类似strYear = "2014, 2015, 2016"的值,因为当您阅读请求时,具有相同名称的复选框的值会连接在一起,这将无法在sql查询中求值为整数。

但调试查询的最佳方法是只需用Set RS = dB.Execute(strSelect)替换Response.Write strSelect行来打印sql语法。

更新

根据您的评论,我想我知道发生了什么,当您执行strOption = Request.QueryString("seloption")时,由于许多输入都有此名称,因此您获得的值为strOption = "Location, Type, Year",因此您的代码不会输入任何选择案例和您的查询最终只有SELECT * FROM qryMyQuery WHERE,这将解释您收到的错误消息。

如果您允许用户检查许多选项,则无论如何都必须重构您的Select Case,您可以为复选框保留相同的名称,但只需循环遍历请求值:

strSelect = "SELECT * FROM qryMyQuery"
bolFirst = True
For Each strOption In Split(Request.QueryString("seloption"), ", ")

    If bolFirst Then
        strSelect = strSelect & " WHERE"
        bolFirst = False
    Else
        strSelect = strSelect & " AND"
    End If

    Select Case strOption
        Case "Name" 
          strSelect = strSelect & " Name='" & UCase(strName) & "'"

        Case "Location" 
          strSelect = strSelect & " Location='" & UCase(strLocation) & "'"

        Case "Type"
          strSelect = strSelect & " Type='" & UCase(strType) & "'"

        Case "Season"
          strSelect = strSelect & " Season='" & UCase(strSeason) & "'"

        Case "Duration"
          strSelect = strSelect & " Duration='" & UCase(strDuration) & "'"

        Case "Year"
          strSelect = strSelect & " Year='" & UCase(strYear) & "'"

    End Select 
Next

需要考虑的其他事项:

  • 您会发现使用调试程序跟踪代码非常有用 会更容易找到问题
  • 考虑使用ADO parameters而不是连接 sql查询字符串中的值,以防止sql injection