I'm very fresh with web dev, but am putting together a simple software catalog with classic ASP. Everything seems fine, except I want to use a value from my SQL database twice on the page. For example, in the page title as well as in the body of the page, however I can only seem to use each value once:
我对web dev很新鲜,但我正在整理一个带有经典ASP的简单软件目录。一切似乎都很好,除了我想在页面上两次使用我的SQL数据库中的值。例如,在页面标题和页面正文中,但我似乎只能使用每个值一次:
....
Set nItem = Request.QueryString("ID")
strSQL = "SELECT * "_
& "FROM [Packages] "_
& "WHERE id='" & nItem & "';"
Set rstSearch = cnnSearch.Execute(strSQL)
<title><%=rstSearch.Fields("Software") %></title>
<body>
<center>Software Information</center>
<%=rstSearch.Fields("Software")%> <br />
<%=rstSearch.Fields("Version")%> <br />
<%=rstSearch.Fields("ID")%> <br />
<%=rstSearch.Fields("Licence")%> <br />
...
5 个解决方案
#1
Assign it to a variable; don't just pull the value from the Recordset.
将其分配给变量;不要只从Recordset中提取值。
Set nItem = Request.QueryString("ID")
strSQL = "SELECT * "_
& "FROM [Packages] "_
& "WHERE id='" & nItem & "';"
Set rstSearch = cnnSearch.Execute(strSQL)
Dim software
software = rstSearch("Software")
' set your other fields as variables...
<title><%= software %></title>
<body>
<center>Software Information</center>
<%= software %> <br />
Should work fine for you.
应该适合你。
#2
Firstly a quick warning, you are open to SQL injection in your inclusion of nItem in the query. Just an aside but one to watch :)
首先是一个快速警告,您可以在查询中包含nItem时使用SQL注入。只是一个旁边,但一个看:)
Other than that there should be no problem referring to a column in your recordset twice. I'd hazard a guess that you have a different problem in the code. It might help if you publish the behaviour / errors you get when trying this page. But I think there may be some other code that we don't see in the snippet above that is causing the issue.
除此之外,在记录集中引用两次列应该没有问题。我猜你在代码中遇到了不同的问题。如果您发布尝试此页面时获得的行为/错误,它可能会有所帮助。但我认为可能还有一些其他代码,我们在上面的代码段中没有看到导致问题的代码。
One thing to help you run control tests would be to replace the "select *" with "select Software, Version, ID, License" etc. You could refer to the column by numeric ordinal then which may help.
帮助您运行控制测试的一件事是用“选择软件,版本,ID,许可证”等替换“select *”。您可以通过数字序号引用该列,这可能有所帮助。
Good luck with it.
祝它好运。
#3
You may need to just extract the value to a local Var and use it twice. I have seen weird stuff like this before, a long, long time ago.
您可能只需要将值提取到本地Var并使用它两次。很久很久以前,我曾经见过像这样奇怪的东西。
#4
Some comments:
1. Possibly call rstSearch.MoveFirst before the second
rstSearch.Fields("Software")
2. If that doesn't work write <%=Err.Description%> right after the
second rstSearch.Fields("Software") line.
3. Try not to ever use Select * for selecting columns.
Always specify which columns you want.
4. Please try and use ASP.Net. It's much better then ASP3.
#5
Sorry, can't help on the actual answer, but this looks like the prime example of a SQL Injection Attack:
对不起,对实际答案无能为力,但这看起来像SQL注入攻击的主要示例:
Set nItem = Request.QueryString("ID")
strSQL = "SELECT * "_
& "FROM [Packages] "_
& "WHERE id='" & nItem & "';"
Looks like I could just change the URL to "?ID=1'; DROP TABLE STUDENTS; --" to mess stuff up.
看起来我可以将URL更改为“?ID = 1”; DROP TABLE STUDENTS; - “将内容弄糟。
#1
Assign it to a variable; don't just pull the value from the Recordset.
将其分配给变量;不要只从Recordset中提取值。
Set nItem = Request.QueryString("ID")
strSQL = "SELECT * "_
& "FROM [Packages] "_
& "WHERE id='" & nItem & "';"
Set rstSearch = cnnSearch.Execute(strSQL)
Dim software
software = rstSearch("Software")
' set your other fields as variables...
<title><%= software %></title>
<body>
<center>Software Information</center>
<%= software %> <br />
Should work fine for you.
应该适合你。
#2
Firstly a quick warning, you are open to SQL injection in your inclusion of nItem in the query. Just an aside but one to watch :)
首先是一个快速警告,您可以在查询中包含nItem时使用SQL注入。只是一个旁边,但一个看:)
Other than that there should be no problem referring to a column in your recordset twice. I'd hazard a guess that you have a different problem in the code. It might help if you publish the behaviour / errors you get when trying this page. But I think there may be some other code that we don't see in the snippet above that is causing the issue.
除此之外,在记录集中引用两次列应该没有问题。我猜你在代码中遇到了不同的问题。如果您发布尝试此页面时获得的行为/错误,它可能会有所帮助。但我认为可能还有一些其他代码,我们在上面的代码段中没有看到导致问题的代码。
One thing to help you run control tests would be to replace the "select *" with "select Software, Version, ID, License" etc. You could refer to the column by numeric ordinal then which may help.
帮助您运行控制测试的一件事是用“选择软件,版本,ID,许可证”等替换“select *”。您可以通过数字序号引用该列,这可能有所帮助。
Good luck with it.
祝它好运。
#3
You may need to just extract the value to a local Var and use it twice. I have seen weird stuff like this before, a long, long time ago.
您可能只需要将值提取到本地Var并使用它两次。很久很久以前,我曾经见过像这样奇怪的东西。
#4
Some comments:
1. Possibly call rstSearch.MoveFirst before the second
rstSearch.Fields("Software")
2. If that doesn't work write <%=Err.Description%> right after the
second rstSearch.Fields("Software") line.
3. Try not to ever use Select * for selecting columns.
Always specify which columns you want.
4. Please try and use ASP.Net. It's much better then ASP3.
#5
Sorry, can't help on the actual answer, but this looks like the prime example of a SQL Injection Attack:
对不起,对实际答案无能为力,但这看起来像SQL注入攻击的主要示例:
Set nItem = Request.QueryString("ID")
strSQL = "SELECT * "_
& "FROM [Packages] "_
& "WHERE id='" & nItem & "';"
Looks like I could just change the URL to "?ID=1'; DROP TABLE STUDENTS; --" to mess stuff up.
看起来我可以将URL更改为“?ID = 1”; DROP TABLE STUDENTS; - “将内容弄糟。