经典ASP:如何使用SQL中的值两次?

时间:2020-12-10 02:01:28

I'm very fresh with web dev, but am putting together a simple software catalog with classic ASP. Everything seems fine, except I want to use a value from my SQL database twice on the page. For example, in the page title as well as in the body of the page, however I can only seem to use each value once:

我对web dev很新鲜,但我正在整理一个带有经典ASP的简单软件目录。一切似乎都很好,除了我想在页面上两次使用我的SQL数据库中的值。例如,在页面标题和页面正文中,但我似乎只能使用每个值一次:

....
Set nItem = Request.QueryString("ID")

strSQL = "SELECT * "_
    & "FROM [Packages] "_
    & "WHERE id='" & nItem & "';" 

Set rstSearch = cnnSearch.Execute(strSQL)

<title><%=rstSearch.Fields("Software") %></title>
<body>
<center>Software Information</center>
<%=rstSearch.Fields("Software")%> <br />
<%=rstSearch.Fields("Version")%> <br />
<%=rstSearch.Fields("ID")%> <br />
<%=rstSearch.Fields("Licence")%> <br />
...

5 个解决方案

#1


Assign it to a variable; don't just pull the value from the Recordset.

将其分配给变量;不要只从Recordset中提取值。

Set nItem = Request.QueryString("ID")

strSQL = "SELECT * "_
    & "FROM [Packages] "_
    & "WHERE id='" & nItem & "';" 

Set rstSearch = cnnSearch.Execute(strSQL)

Dim software
software = rstSearch("Software")
' set your other fields as variables...

<title><%= software %></title>
<body>
<center>Software Information</center>
<%= software %> <br />

Should work fine for you.

应该适合你。

#2


Firstly a quick warning, you are open to SQL injection in your inclusion of nItem in the query. Just an aside but one to watch :)

首先是一个快速警告,您可以在查询中包含nItem时使用SQL注入。只是一个旁边,但一个看:)

Other than that there should be no problem referring to a column in your recordset twice. I'd hazard a guess that you have a different problem in the code. It might help if you publish the behaviour / errors you get when trying this page. But I think there may be some other code that we don't see in the snippet above that is causing the issue.

除此之外,在记录集中引用两次列应该没有问题。我猜你在代码中遇到了不同的问题。如果您发布尝试此页面时获得的行为/错误,它可能会有所帮助。但我认为可能还有一些其他代码,我们在上面的代码段中没有看到导致问题的代码。

One thing to help you run control tests would be to replace the "select *" with "select Software, Version, ID, License" etc. You could refer to the column by numeric ordinal then which may help.

帮助您运行控制测试的一件事是用“选择软件,版本,ID,许可证”等替换“select *”。您可以通过数字序号引用该列,这可能有所帮助。

Good luck with it.

祝它好运。

#3


You may need to just extract the value to a local Var and use it twice. I have seen weird stuff like this before, a long, long time ago.

您可能只需要将值提取到本地Var并使用它两次。很久很久以前,我曾经见过像这样奇怪的东西。

#4


Some comments:

1. Possibly call rstSearch.MoveFirst before the second 
   rstSearch.Fields("Software")
2. If that doesn't work write <%=Err.Description%> right after the 
   second rstSearch.Fields("Software") line.
3. Try not to ever use Select * for selecting columns. 
   Always specify which columns you want.
4. Please try and use ASP.Net. It's much better then ASP3.

#5


Sorry, can't help on the actual answer, but this looks like the prime example of a SQL Injection Attack:

对不起,对实际答案无能为力,但这看起来像SQL注入攻击的主要示例:

Set nItem = Request.QueryString("ID")

strSQL = "SELECT * "_
    & "FROM [Packages] "_
    & "WHERE id='" & nItem & "';" 

Looks like I could just change the URL to "?ID=1'; DROP TABLE STUDENTS; --" to mess stuff up.

看起来我可以将URL更改为“?ID = 1”; DROP TABLE STUDENTS; - “将内容弄糟。

#1


Assign it to a variable; don't just pull the value from the Recordset.

将其分配给变量;不要只从Recordset中提取值。

Set nItem = Request.QueryString("ID")

strSQL = "SELECT * "_
    & "FROM [Packages] "_
    & "WHERE id='" & nItem & "';" 

Set rstSearch = cnnSearch.Execute(strSQL)

Dim software
software = rstSearch("Software")
' set your other fields as variables...

<title><%= software %></title>
<body>
<center>Software Information</center>
<%= software %> <br />

Should work fine for you.

应该适合你。

#2


Firstly a quick warning, you are open to SQL injection in your inclusion of nItem in the query. Just an aside but one to watch :)

首先是一个快速警告,您可以在查询中包含nItem时使用SQL注入。只是一个旁边,但一个看:)

Other than that there should be no problem referring to a column in your recordset twice. I'd hazard a guess that you have a different problem in the code. It might help if you publish the behaviour / errors you get when trying this page. But I think there may be some other code that we don't see in the snippet above that is causing the issue.

除此之外,在记录集中引用两次列应该没有问题。我猜你在代码中遇到了不同的问题。如果您发布尝试此页面时获得的行为/错误,它可能会有所帮助。但我认为可能还有一些其他代码,我们在上面的代码段中没有看到导致问题的代码。

One thing to help you run control tests would be to replace the "select *" with "select Software, Version, ID, License" etc. You could refer to the column by numeric ordinal then which may help.

帮助您运行控制测试的一件事是用“选择软件,版本,ID,许可证”等替换“select *”。您可以通过数字序号引用该列,这可能有所帮助。

Good luck with it.

祝它好运。

#3


You may need to just extract the value to a local Var and use it twice. I have seen weird stuff like this before, a long, long time ago.

您可能只需要将值提取到本地Var并使用它两次。很久很久以前,我曾经见过像这样奇怪的东西。

#4


Some comments:

1. Possibly call rstSearch.MoveFirst before the second 
   rstSearch.Fields("Software")
2. If that doesn't work write <%=Err.Description%> right after the 
   second rstSearch.Fields("Software") line.
3. Try not to ever use Select * for selecting columns. 
   Always specify which columns you want.
4. Please try and use ASP.Net. It's much better then ASP3.

#5


Sorry, can't help on the actual answer, but this looks like the prime example of a SQL Injection Attack:

对不起,对实际答案无能为力,但这看起来像SQL注入攻击的主要示例:

Set nItem = Request.QueryString("ID")

strSQL = "SELECT * "_
    & "FROM [Packages] "_
    & "WHERE id='" & nItem & "';" 

Looks like I could just change the URL to "?ID=1'; DROP TABLE STUDENTS; --" to mess stuff up.

看起来我可以将URL更改为“?ID = 1”; DROP TABLE STUDENTS; - “将内容弄糟。