How can I use ADO on a recordset to insert data to SQL with classic asp (vbscript)

Question

Thanks in advance everyone - let me preface this question by saying that I am a complete ASP + VBscript novice. A client had their site hacked and I am trying to safeguard against future SQL injection in the form submission.

I am comfortable in php and ADO seems to be very similar to PDO's however, I am unsure of how to use an ADO with the recordset object.

So here is the code that was written originally (by an asp programmer).

Set conn = Server.CreateObject("ADODB.Connection")
conn.Mode = 3
conn.open "Provider=SQLOLEDB;Data Source=xxx.xxx.xxx.xxx,xxxx;database=db_example;uid=username;pwd=password;"
set rsAddEvent = server.createobject("adodb.recordset")

rsAddEvent.open "tbl_Application", conn, 2, 3
rsAddEvent.addnew

rsAddEvent("ApplicationNumber") = session.sessionId
rsAddEvent("TimeStamp") = now()
rsAddEvent("Applicant") = session("Applicant")
rsAddEvent("Email") = session("Email")
rsAddEvent("Pet") = session("Pet")
rsAddEvent("Address") = session("Address")
rsAddEvent("Postal") = session("Postal")
rsAddEvent("HomePhone")  = session("HomePhone")
rsAddEvent("WorkPhone") = session("WorkPhone")
rsAddEvent("Name") = session("Name")
rsAddEvent("Email") = session("Email")


rsAddEvent.update
rsAddEvent.movelast

How do I go about inserting multiple columns of data with the recordset object using an ADO?

Thanks,

V

Answer 1

通过execute（）使用SQL插入语句会更容易。