Thanks in advance everyone - let me preface this question by saying that I am a complete ASP + VBscript novice. A client had their site hacked and I am trying to safeguard against future SQL injection in the form submission.
I am comfortable in php and ADO seems to be very similar to PDO's however, I am unsure of how to use an ADO with the recordset object.
So here is the code that was written originally (by an asp programmer).
Set conn = Server.CreateObject("ADODB.Connection")
conn.Mode = 3
conn.open "Provider=SQLOLEDB;Data Source=xxx.xxx.xxx.xxx,xxxx;database=db_example;uid=username;pwd=password;"
set rsAddEvent = server.createobject("adodb.recordset")
rsAddEvent.open "tbl_Application", conn, 2, 3
rsAddEvent.addnew
rsAddEvent("ApplicationNumber") = session.sessionId
rsAddEvent("TimeStamp") = now()
rsAddEvent("Applicant") = session("Applicant")
rsAddEvent("Email") = session("Email")
rsAddEvent("Pet") = session("Pet")
rsAddEvent("Address") = session("Address")
rsAddEvent("Postal") = session("Postal")
rsAddEvent("HomePhone") = session("HomePhone")
rsAddEvent("WorkPhone") = session("WorkPhone")
rsAddEvent("Name") = session("Name")
rsAddEvent("Email") = session("Email")
rsAddEvent.update
rsAddEvent.movelast
How do I go about inserting multiple columns of data with the recordset object using an ADO?
Thanks,
V
通过execute()使用SQL插入语句会更容易。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.