我无法根据多个输入从Oracle检索记录。
这是我的代码:
Search.asp
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>SearchMDFnode</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#99CCFF">
<p align="center"><font color="#9966CC" size="5" face="Georgia, Times New Roman, Times, serif"><strong>Records</strong></font></p>
<style>
A:link {text-decoration: none;color: blue;}
A:visited {text-decoration: none;}
A:hover {text-decoration:underline; color: red;}
</style>
<script>
function updateDate(fname){
var instDate = showModalDialog('upd_date.html','Select Date','dialogHeight:375px;dialogWidth:287px;status:no;resizable:no;help:no;');
if (instDate == -1 || instDate == null){
alert("You did not select any date.")
fname.focus()
} else {
fname.value = instDate
}
}
function findNull(frm,tname,optnull,optorder){
var nfname = optnull.value
var ofname = optorder.value
frm.action = "MDFnodeDisplayTable.asp?opt=" + tname + "&nfield=" + nfname + "&order=" + ofname
frm.submit()
}
</script>
<form name="SearchMDFnode" action="Display.asp?opt=MDFnode" method="post">
<table width="68%" border="1" align="center" cellpadding="3" cellspacing="2">
<table width="94%" border="1" align="center" cellpadding="3" cellspacing="2">
<tr>
<td width="19%">CCP_CODE</td>
<td width="22%"><strong>
<select name="CCP_CODE" id="select4" title="BLOCK_HOUSE">
<option></option>
<option>AM</option>
<option>AR</option>
<option>BD</option>
<option>BP</option>
<option>CG</option>
<option>CT</option>
<option>CY</option>
<option>ES</option>
<option>GL</option>
<option>HG</option>
<option>JE</option>
<option>JR</option>
<option>JW</option>
<option>KT</option>
<option>NT</option>
<option>OC</option>
<option>PL</option>
<option>QT</option>
<option>TB</option>
<option>TP</option>
<option>TS</option>
</select>
</strong></td>
<td width="19%">NODE_SITE_ID</td>
<td width="40%"><strong>
<input name="NODE_SITE_ID" type="text" id="NODE_SITE_ID" size="10" maxlength="10" title="NODE_SITE_ID(max 7 digits)">
</strong></td>
</tr>
<tr>
<td>STREET_NAME</td>
<td><strong>
<input name="STREET_NAME" type="text" id="STREET_NAME" size="30" maxlength="30" title="STREET_NAME(max 30 digits)">
</strong></td>
<td>BUILDING_NAME</td>
<td><strong>
<input name="BUILDING_NAME" type="text" id="BUILDING_NAME" size="25" maxlength="25" title="BUILDING_NAME(max 7 digits)">
</strong></td>
</tr>
<tr>
<td height="38">BLOCK_HOUSE</td>
<td><strong>
<select name="BLOCK_HOUSE" id="select3" title="BLOCK_HOUSE">
<option></option>
<option>BLOCK</option>
<option>HOUSE</option>
</select>
</strong></td>
<td>BLOCK_DESC_NO</td>
<td><strong>
<input name="BLOCK_DESC_NO" type="text" id="BLOCK_DESC_NO" size="6" maxlength="6" title="BLOCK_DESC_NO(max 6 digits)">
</strong></td>
</tr>
<tr>
<td>REMARK</td>
<td><strong>
<input name="REMARK" type="text" id="REMARK" size="50" maxlength="50" title="REMARK(max 50 char)">
</strong></td>
<td>EQ_RM</td>
<td><strong>
<input name="EQ_RM" type="text" id="EQ_RM" size="3" maxlength="3" title="EQ_RM(max 6 digits)">
</strong></td>
</tr>
<tr>
<td>TYPE</td>
<td><strong>
<select name="EQ_TY" id="select" title="EQ_TY">
<option>CE</option>
<option></option>
</select>
</strong></td>
<td>CE_TY</td>
<td><strong>
<input name="CE_TY" type="text" id="CE_TY" size="10" maxlength="10" title="CE_TY(max 6 digits)">
</strong></td>
</tr>
<tr>
<td height="32">STATUS</td>
<td><strong>
<select name="STATUS" id="select2" title="EQ_TY">
<option></option>
<option>-</option>
<option>Site Survey</option>
<option>Survey Done</option>
<option>Document Sent</option>
<option>Equipment Installed</option>
<option>Commissioned</option>
<option>Cancelled</option>
</select>
</strong></td>
<td>NO</td>
<td><strong>
<input name="NO" type="text" id="NO" size="3" maxlength="3" title="NO (max 7 digits)">
<input name="UNIT_DESC_NO" type="text" id="UNIT_DESC_NO" size="2" maxlength="2" title="UNIT_DESC_NO (max 1 digits)">
<input name="NO_ME_CCTS" type="text" id="NO_ME_CCTS" size="2" maxlength="2" title="NO_ME_CCTS (max 2 digits)">
<input name="Rack" type="text" id="Rack" size="2" maxlength="2" title="Rack (max 1 digits)">
<input name="INSTALL_BY" type="text" id="INSTALL_BY" size="2" maxlength="2" title="INSTALL_BY (max 2 digits)">
</strong></td>
</tr>
<td height="32"><font color="#000000" size="3" face="Georgia, Times New Roman, Times, serif">Order By</font></td>
<td colspan="5"><select name="oMDFnode">
<option value="STATUS">STATUS</option>
<option value="NO">NO</option>
<option value="CCP_CODE">CCP_CODE</option>
<option value="CCP_CODE">NODE_SITE_ID</option>
</select>
<select name="orMDFnode" id="orMDFnode">
<option value="NO">NO</option>
<option value="STATUS">STATUS</option>
<option value="CCP_CODE">CCP_CODE</option>
<option value="CCP_CODE">NODE_SITE_ID</option>
</select>
<select name="ordMDFnode" id="ordMDFnode">
<option value="CCP_CODE">NODE_SITE_ID</option>
<option value="CCP_CODE">NO</option>
<option value="CCP_CODE">STATUS</option>
<option value="CCP_CODE">CCP_CODE</option>
</select></td>
</tr>
</table>
<p align="center">
<input type="submit" name="Submit" value="Search">
<input type="reset" name="reset" value="Clear">
</p>
</form>
<form name="commNull" method="post">
<tr>
<td height="56" colspan="4"><div align="center">
</div></td>
</tr>
</form>
</body>
</html>
Display.asp
<% option explicit %>
<!-- METADATA TYPE = "typelib" File = "c:\Program Files\Common Files\System\ado\msado15.dll" -->
<%
dim strTitle
dim strF, fname, ropt, j, i, sno, ropt1
dim objRS, strQuery, strConn, strSort,strQuery1
dim strHref
dim nodesiteid
'dim eq_ty
'ropt1 = request("opt1")
ropt = request("opt")
'eq_ty = request("EQ_TY")
nodesiteid = request("NODE_SITE_ID")
strQuery1 = request("NODE_SITE_ID")
Set objRS = Server.CreateObject("ADODB.Recordset")
strConn = "Provider=MSDAORA.1;Password=hr;User ID=hr;Data Source=xe;Persist Security Info=True"
strSort = ""
strF = "CCP_CODE, NODE_SITE_ID, STREET_NAME, BLOCK_HOUSE, BLOCK_DESC_NO, UNIT_DESC_NO, BUILDING_NAME, EQ_RM, EQ_TY, CE_TY , Rack, INSTALL_BY, STATUS, NO, RFS_DATE, REMARK, NO_ME_CCTS, NO_ME_CCTS" 'these were fields in sql table as well as input name in form
fname= split(strF,",",-1,vbtextcompare) 'split the above string to individual field
if trim(strQuery1) ="" then
strQuery = "select rowid,CCP_CODE, NODE_SITE_ID, STREET_NAME, BLOCK_HOUSE, BLOCK_DESC_NO, UNIT_DESC_NO, BUILDING_NAME, EQ_RM, EQ_TY, CE_TY , Rack, INSTALL_BY, STATUS, NO, RFS_DATE, REMARK, NO_ME_CCTS from MDF_NODE where CCP_CODE = CCP_CODE"
else
strQuery = "select rowid,CCP_CODE, NODE_SITE_ID, STREET_NAME, BLOCK_HOUSE, BLOCK_DESC_NO, UNIT_DESC_NO, BUILDING_NAME, EQ_RM, EQ_TY, CE_TY , Rack, INSTALL_BY, STATUS, NO, RFS_DATE, REMARK, NO_ME_CCTS from MDF_NODE where CCP_CODE = CCP_CODE and NODE_SITE_ID="
strQuery = strQuery & "'" & strQuery1 & "'"
end if
strSort = " order by " & request("oMDFnode") & "," & request("orMDFnode") & "," & request("ordMDFnode")
strTitle = "Summary of Carrier Ethernet Node"
if trim(request("nfield"))= "" then
j=0
for i= 0 to ubound(fname)
if request(fname(i)) <> "" then 'process if user input value in field
if j=0 then
strQuery = strQuery & " and " & fname(i) & " like '" & request(fname(i)) & "' " '1st field shd start with where clause
j = j + 1
else
strQuery = strQuery & " and " & fname(i) & " like '" & request(fname(i)) & "' " 'rest shd start with and clause
j = j + 1
end if
end if
next
strQuery = strQuery & strSort
else
strQuery = strQuery & " where " & trim(request("nfield")) & " is null order by " & trim(request("order"))
end if
objRS.Open strQuery, strConn,adOpenStatic,adLockOptimistic,adCmdText 'open recordset query oracle database
if objRS.eof then
objRS.close
set objRS = nothing
response.write "<script>alert('No Rows Selected')</script>" 'if eof mean NO data return
response.write "<script>history.back()</script>"
else
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>SdhTermDisplayTable2</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#99CCFF"><div align="center">
<p align="left"><strong>
<p> </p>
<p>
</p>
</strong>
<table width=945 align="center">
<tr class="nonPrint" height=30>
<td width="646" nowrap style="vertical-align:middle;font:bolder 12pt verdana;" >
<strong> <font size="4" face="Georgia, Times New Roman, Times, serif"> </font><font size="4" face="Georgia, Times New Roman, Times, serif">
Records/font></strong></td>
</table>
<strong>
<%
if trim(request("nfield"))= "" then
j=0
for i= 0 to ubound(fname)
if request(fname(i)) <> "" then 'process if user input value in field
if j=0 then
strQuery = strQuery & " where " & fname(i) & " like '" & request(fname(i)) & "' " '1st field shd start with where clause
j = j + 1
else
strQuery = strQuery & " and " & fname(i) & " like '" & request(fname(i)) & "' " 'rest shd start with and clause
j = j + 1
end if
end if
next
strQuery = strQuery & strSort
else
strQuery = strQuery & " where " & trim(request("nfield")) & " is null order by " & trim(request("order"))
end if
if objRS.eof then
objRS.close
set objRS = nothing
response.write "<script>alert('No Rows Selected')</script>" 'if eof mean NO data return
response.write "<script>history.back()</script>"
else
call drawHeader(ropt)
objRS.movefirst
sno = sno + 1
do until objRS.eof
call drawB(fname)
sno = sno + 1
objRS.movenext
loop
objRS.close
set objRS = nothing
end if
sub drawHeader(ropt)
response.write "<table id='tbl' table border=1 bordercolor='black' bgcolor='LavenderBlush' cellpadding=1 cellspacing=0 align=center style='BORDER-COLLAPSE: collapse;'>"
select case ropt
case "MDFnode"
response.write "<tr height=20><td><b>SNo</b></td>"
response.write "<td style='font:bold 11pt;' width=50>Exch</b></td><td><b>Cabinet</b></td><td><b>Street Name</b></td><td><b>BLK/HSE</b></td><td><b>No</b></td><td><b>Unit</b></td><td><b>Building Name</b></td><td><b>Room</b></td><td><b>Type</b></td><td><b>Equipment Type</b></td><td><b>Rack</b></td><td><b>Inst By</b></td><td><b>Status</b></td><td><b>ID</b></td><td><b>RFS Date</b></td><td><b>Remark</b></td><td><b>No of ccts</b></td>"
end select
response.write"</tr>"
end sub
response.write"</table>"
sub drawbody(ropt)
response.write "<tr>"
select case ropt
case "MDFnode"
for i= 0 to 10
response.write "<td>" & i & "</td>"
next
end select
response.write"</tr>"
end sub
sub drawB(ofname)
response.write "<tr>"
for i = 0 to ubound(ofname)
if isnull(objRS(i)) then
response.write "<td> </td>"
else
if i = 0 then
strHref = "<a href='e_" & ropt & ".asp?tname=" & ropt & "&rowid=" & server.URLEncode(trim(objRS("rowid"))) & "'>" & sno & "</a>"
response.write "<td style='font:normal 12pt Arial;'>" & strHref & "</td>"
else
response.write "<td style='font:normal 12pt Arial;'>" & trim(objRS(i)) & "</td>"
end if
end if
next
response.write "</tr>"
end sub
end if
response.write"</table>"
%>
</strong></p> </div>
<div align="center">
<input type="button" value="Save as Excel" onClick="vbscript:xlsReport()">
</div>
</p>
</body>
</html>
<script language="VBScript">
dim r, c, colcnt,row
sub xlsReport()
window.status = "Export to Excel ... Please Wait ..."
dim rownow
colcnt = tbl.cells.length / tbl.rows.length
set xls = createobject("Excel.Application")
xls.visible = true
xls.workbooks.add
xls.worksheets.add
for c = 0 to colcnt - 1
xls.cells(3,c+1).value = tbl.rows(0).cells(c).innerText
next
row = 3
for r = 1 to tbl.rows.length -1
for c = 0 to colcnt - 1
xls.cells(row+r,c+1).value = tbl.rows(r).cells(c).innerText
next
next
xls.cells(1,1).value = txtRpt.innerText
set xls = nothing
window.status = "Done"
end sub
</script>
</div>
我根据CCP_Code和NODE_SITE_ID值获取记录。
现在我想仅根据TYPE = 'CE'检索值,但我无法执行此操作。
默认情况下,当我没有选择任何内容时,TYPE值为'CE'。点击提交,它只给我CE类型的值。
当我使用CCp_code TYPE = empty时,它应该根据CCP_Code向我提供所有记录。
当我选择CCP_CODE和NODE_SITE_ID时,它应该根据两者给出值。
当我选择CCP_CODE,NODE_SITE_ID和TYPE='CE'时,它应该根据这些值给出值。
答案 0 :(得分:0)
您需要谷歌“SQL注入”开始。
strQuery = strQuery & "'" & strQuery1 & "'"
但作为一个开始,我会在objRS.Open之前记录“strQuery”的内容 一旦你可以看到查询文本,就应该很容易说出为什么要返回行。