An investment in knowledge
pays the best interest.
-Benjamin Franklin
 
Home   News   Tips   Glossary   Templates   Forums   Help   Logon   Order   Contact Us  
 
Tips & Tricks

New Tips Added Weekly!
Click here to get on our Mailing List

   
 
ASP

Query String

How to handle a Query String used in parameterised Query

In this tutorial you will learn how to handle parameters passed from a Query String.

       
	'CORRECT WAY - Parameterized Query with dynamic sql
	'--------------------------------------------------
	strSQL = "SELECT * FROM users WHERE username=? AND password=?"
	Dim cmd1
	Set cmd1 = Server.CreateObject("ADODB.Command")    
	cmd1.ActiveConnection = cnnLogin
	cmd1.CommandText = strSQL
	cmd1.CommandType = adCmdText
	cmd1.Parameters(0) = Request.Form("login")
	cmd1.Parameters(1) = Request.Form("password")
	Set rstLogin = cmd1.Execute()
	
 
	'BAD WAY WITH CONCATENTATION DON'T DO IT!!!
	'------------------------------------------
	strSQL = "SELECT * FROM users WHERE username='" & Request.Form("login") & _
		"' AND password='" & Request.Form("password") & "';"
	Set rstLogin = cnnLogin.Execute(strSQL)
	

What if you want a LIKE clause in your Query?

	SELECT * FROM tblX WHERE Field LIKE '%' & Name & '%'
	

Tried this but it didn't work.

	SELECT * FROM tblX WHERE Field LIKE '%?%'
	

Include ADOVBS.inc in your page to use the Constants.

	'Set parameter = command.CreateParameter (Name, Type, Direction, Size, Value)
	'cmd1.Parameters.Append(cmd1.CreateParameter("Name", 200, 1, 512, name))
	cmd1.Parameters.Append(cmd1.CreateParameter("Name", 200, 1, 512, "%" & name & "%"))
	

Or you could wrap it before you assign:

	cmd1.Parameters(0) = name
	
	cmd1.Parameters(0) = "%" & name & "%"
	

 

Alex Hedley (Avatar) By: Alex Hedley


Click here to sign up for more FREE tips

 

You may want to read these articles from the 599CD News:

 

Learn
 
Accessindex
Excelindex
Wordindex
Windowsindex
PowerPointindex
Photoshopindex
Visual Basicindex
ASPindex
Seminars
More...
Customers
 
Account Login
Online Theater
Downloads
Lost Password
Free Upgrades
Insider Circle
Student Databases
Change Email
Info
 
Latest News
New Releases
User Forums
Topic Glossary
Tips & Tricks
Articles
Search Our Site
Waiting List
Production Schedule
Collapse Menus
Help
 
Live Chat
Customer Support
WalkThru Tutorials
Troubleshooting
FAQs
TechHelp
Consulting Services
About Us
 
Background
Testimonials
Jobs
Affiliate Program
Richard Rost
Free Lessons
Mailing List
Order
 
Video Tutorials
Handbooks
MYOLP Memberships
Idiot's Guide to Excel
Volume Discounts
Payment Info
Shipping
Terms of Sale
Gift CDs
Contact
 
Live Chat
General Info
Support Policy
Contact Form
Email Us
Mailing Address
Phone Number
Fax Number
Course Survey
Facebook    Twitter

Google Plus    LinkedIn

Blog RSS Feed    YouTube Channel
Richard Rost Microsoft MVP