堆栈内存溢出
  简体   繁体   English

在SQL中,如何通过文本框中的任何“用户输入”检索特定记录的数据。 如何将用户输入变量发送到SQL语句

[英]In SQL, how to retrieve data of a certain record by whatever User Inputs in the text box. How to send user input variable to the SQL Statement

 原文  2013-02-20 19:49:12       mysql/ sql/ database-design/ asp-classic

问题描述

I have simple HTML code which is 我有简单的HTML代码, 

form method="post" action='Data.asp

and 

input type="text" name="UserInputData" size=20

What I want is that whatever user inputs in the text box should be stored into a variable in the Data.asp page which I assume will be something like this: 我想要的是,无论用户在文本框中输入的内容如何,​​都应将其存储到Data.asp页的变量中,我认为这将是这样的: 

<%
  ScriptUserInputData=request("UserInputData")
%>

now on Data.asp I also have the select statement as the following: 现在在Data.asp上,我还有以下选择语句: 

select * from Data;

On the html interface, when I click on the submit button with or without typing in anything in the text box, it shows all the records that exist in Data table which means that it is connecting to the database successfully, I now want to know how to display records from this Data table according to what the user inputs in the text box. 在html界面上,当我单击“提交”按钮时,无论是否在文本框中输入任何内容,它都会显示数据表中存在的所有记录,这意味着它已成功连接到数据库,我现在想知道根据用户在文本框中输入的内容显示此数据表中的记录。 I did a lot of research but I cannot find it at all. 我做了很多研究,但根本找不到。 I tried lots of different ways such as Select * from Data WHERE Column1=UserInputData . 我尝试了许多不同的方法,例如Select * from Data WHERE Column1=UserInputData

In simple words, I just want to pass the user input value to the select query which is then sent off to the database to get the output if the certain column or row contains of that value which user had input etc. 简而言之,我只想将用户输入值传递给选择查询,如果特定的列或行包含用户输入的值等,则将其发送到数据库以获取输出。

I'm new to VBScripting and SQL. 我是VBScripting和SQL的新手。 Please help me with it. 请帮我。 It took me quite a long time to write all this information for you to understand properly too. 我花了很长时间写所有这些信息,以便您也正确理解。

1 个解决方案

解决方案1
 1  2013-02-20 21:24:08

The simplest way (not the best way) is to do it like such: 最简单的方法(不是最好的方法)是这样的: 

<%
  ScriptUserInputData=request("UserInputData")
  sql = "select * from Data" 
  if ScriptUserInputData <> "" then
     sql = sql + " WHERE Column1 = '" + Replace(ScriptUserInputData,"'","''") + "'"
  end if
%>

Now the above is highly vulnerable to SQL Injection and you should really be using parameterized queries instead. 现在,上面的代码很容易受到SQL注入的攻击,您实际上应该使用参数化查询。 Something like such: 像这样的东西: 

Set cmd = server.createobject("ADODB.Command")

cmd.ActiveConnection = yourconnection 
cmd.CommandText = "select * from Data WHERE Column1 = ?"
cmd.CommandType = adCmdText
cmd.CommandTimeout = 900 

set prm = cmd1.CreateParameter("@prm", 200, 1, 200, ScriptUserInputData )
cmd.Parameters.Append prm

The above is just an example, but should get you going in the right direction. 以上仅是示例,但应该使您朝正确的方向前进。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用来自 Python 的用户输入的 UPDATE SQL 语句? - How to use an UPDATE SQL statement with user input from Python? 如何从SQL数据库中检索已登录用户的数据 - How to retrieve data from SQL database for a logged in user SQL-检索朋友的用户数据 - SQL - Retrieve user data of friends 用户输入的Java sql更新语句 - java sql update statement with user input 如何在不重写多个 SQL 语句的情况下查询(SQL)可变数量的用户输入 - How to query (SQL) a variable amount of user input without rewriting multiple SQL statements laravel:如何在SQL中运行查询以供用户输入? - laravel : How to run query for user input in sql? 如何基于输入框运行MySQL查询。 - How to run MySQL Queries based upon Input box. 如何在表的用户输入的任何组合可能的情况下构建SQL语句? - How to build a SQL statement when any combination of user input to the table is possible? 如何将用户输入从 HTML 文本表单发送到我的 SQL 数据库? - How do I send user input from a HTML textform to my SQL database? SQL数据库未存储用户输入 - SQL Database not storing user inputs
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM