ACCESS parameter query, with VBSCRIPT (ASP) and C # (ASP. NET) Functions
ACCESS parameter query, with VBSCRIPT (ASP) and C # (ASP. NET) Functions
Recently, ACCESS is required for a WEB project for database development.
Many people on the Forum asked questions about ACCESS injection security.
Many people solve this problem by replacing special characters with Replace, but this is not very useful.
Today, I will share with you some of the methods and experiences of using ACCESS parametric query.
I hope I will be inspired by everyone. I hope the experts will give me more advice if I have written something wrong.
ASP. NET uses OleDbCommand's new OleDbParameter to create a parameter goods Query
ASP uses the CreateParameter method of Command to create a parameterized Query
(This method is also used to query SQL stored procedures)
ASP. net c # syntax
----------------------------------------------------------------------------
The Code is as follows:
OleDbParameter parm = new OleDbParameter (Name, Type, Direction, Size, Value );
(In fact, it has seven reloads. You can see them in VS.net)
Parameters
Name (optional) is a string that represents the Name of a Parameter object.
Type (optional) long integer value, which specifies the Data Type of the Parameter object.
(Optional) Direction, which is a long integer value and specifies the Parameter object type ..
Size (optional) long integer value. It specifies the maximum length (in characters or bytes) of the parameter value ).
Value (optional) indicates the Value of the Parameter object.
The following is an example to query the news published by all tsing in the news table.
-------------------------------------------------------
SQL = "select * from newss where username =? Order by id"
// Are query conditions used? Number
OleDbConnection conn = new OleDbConnection (connString );
OleDbCommand cmd = new OleDbCommand (SQL, conn );
OleDbParameter parm = new OleDbParameter ("temp", OleDbType. VarChar, 50 );
// You can define temp as a Parameter object. OleDbType. VarChar is a string with a length of 50.
Parm. Direction = ParameterDirection. Input;
// Specify its type input parameters
Cmd. Parameters. Add (parm );
Cmd. Parameters ["temp"]. Value = "tsing ";
// Query tsing. You can also write it as cmd. Parameters [0].
Conn. Open ();
Cmd. ExecuteReader ();
----------------------------------------------------------------------------
Asp vbscript syntax
----------------------------------------------------------------------------
The Code is as follows:
Set parameter = command. CreateParameter (Name, Type, Direction, Size, Value)
Same as above
The following is an example to query the news published by all tsing in the news table.
------------------------------------------------------
Et conn = Server. CreateObject ("Adodb. Connection ")
Conn. ConnectionString = connString
Conn. open ()
Set mycmd = Server. CreateObject ("ADODB. Command ")
Mycmd. ActiveConnection = conn
Mycmd. CommandText = SQL
Mycmd. Prepared = true
Set mypar = mycmd. CreateParameter ("temp", 129,1, 50, "tsing ")
Mycmd. Parameters. Append mypar
Set myrs = mycmd. Execute
---------------------------------------------------------------------------
The method is basically the same as above. asp is different in parameter expression.
129 is adChar, and 1 is the input parameter (in fact, it is the default value)
For details, refer to MICROSOFT's ADOVB. Inc:
The Code is as follows:
'---- ParameterDirectionEnum Values ----
Const adParamUnknown = 0
Const adParamInput = 1
Const adParamOutput = 2
Const adParamInputOutput = 3
Const adParamReturnValue = 4
'---- DataTypeEnum Values ----
Const adEmpty = 0
Const adTinyInt = 16
Const adSmallInt = 2
Const adInteger = 3
Const adBigInt = 20
Const adUnsignedTinyInt = 17
Const adUnsignedSmallInt = 18
Const adUnsignedInt = 19
Const adUnsignedBigInt = 21
Const adSingle = 4
Const adDouble = 5
Const adCurrency = 6
Const adDecimal = 14
Const adnumeric= 131
Const adBoolean = 11
Const adError = 10
Const adUserDefined = 132
Const adVariant = 12
Const adIDispatch = 9
Const adIUnknown = 13
Const adGUID = 72
Const adDate = 7
Const adDBDate = 133
Const adDBTime = 134
Const adDBTimeStamp = 135
Const adBSTR = 8
Const adChar = 129
Const adVarChar = 200
Const adLongVarChar = 201
Const adwchar= 130
Const advarwchar= 202
Const adlongvarwchar= 203
Const ad binary = 128
Const adVarBinary = 204
Const adLongVarBinary = 205