sql - Inserting alphanumeric characters into ms-access database using asp classic -
i having trouble when try introduce alphanumeric characters ms-access database. able numerical , date characters, seems problem alphanumerical ones,
here code use:
dim adocon dim strsql set adocon=server.createobject("adodb.connection") adocon.open "provider=microsoft.jet.oledb.4.0; data source=" & server.mappath("basededades.mdb") 'here getting values passed form. stringentrada=request.form("stringentrada") stringsortida=request.form("stringsortida") valoridhabitaciolliure=request.form("valoridhabitaciolliure") numeropersones=request.form("numeropersones") nom=request.form("nom") dni=request.form("dni") tlf=request.form("tlf") mail=request.form("mail") ciutat=request.form("ciutat") tipush=request.form("tipush") diareserva=request.form("diareserva") mail,nom,ciutat,tipush,dni,valoridhabitaciolliure alphanumerical characters text input form. diareserva,stringsortida,stringentrada, dates form text input form. tlf integer variable.
strsql="insert reserva (dni,tlf,diareserva,inici,fi,tipushabitacio) values ("&dni&","&tlf&",'"&diareserva&"','"&stringentrada&"','"&stringsortida&"'," "&tipush&")" adocon.execute(strsql) when see values inserted database realise date variables "diareserva" or "stringsortida" , numerical ones "tlf" inserted correctly.
to insert date variables use simple ' surrounded double " in sql query: '"&stringentrada&"'
to insert numerical ones use double: "&tlf&"
if try use simple ' when trying insert alphanumerical, like: '"mail"' not recieve error, database records blank value.
if try use double ", like: "mail" getting error.
how insert alphanumerical variables without having trouble?
thank time, , sorry bad english.
you can avoid "quoting problem" , avoid sql injection vulnerabilities using parameterized query similar one:
dim con '' adodb.connection dim cmd '' adodb.command dim stringname, longsponsorid, datetimedatejoined const adcmdtext = 1 const advarwchar = 202, adinteger = 3, addate = 7 const adparaminput = 1 '' test data stringname = "gord" longsponsorid = 5 datetimedatejoined = set con = createobject("adodb.connection") con.open "provider=microsoft.jet.oledb.4.0;data source=c:\users\public\mdbtest.mdb;" set cmd = createobject("adodb.command") cmd.commandtype = adcmdtext cmd.activeconnection = con cmd.commandtext = _ "insert members " & _ "(membername, sponsorid, datejoined) " & _ "values " & _ "(?, ?, ?)" '' parameter [membername] cmd.parameters.append cmd.createparameter("?", advarwchar, adparaminput, 255, stringname) '' parameter [sponsorid] cmd.parameters.append cmd.createparameter("?", adinteger, adparaminput, , longsponsorid) '' parameter [datejoined] cmd.parameters.append cmd.createparameter("?", addate, adparaminput, , datetimedatejoined) cmd.execute set cmd = nothing con.close set con = nothing
Comments
Post a Comment