在asp中实现sql语句参数化查询

var conn = Server.CreateObject("ADODB.Connection"); conn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + Server.MapPath("Test.mdb"); conn.Open(); var cmd = Server.CreateObject("ADODB.Command"); cmd.ActiveConnection = conn; cmd.CommandType = 1; cmd.CommandText = "SELECT TOP 1 * FROM [User] WHERE UserName = ? AND Password = ?"; cmd.Parameters.Append(cmd.CreateParameter("@UserName", 200, 1, 20, "user01")); cmd.Parameters.Append(cmd.CreateParameter("@Password", 200, 1, 16, "123456")); var rs = cmd.Execute(); Response.Write(rs("UserId").value); rs.Close(); conn.Close();

posted @ 2012-07-22 20:02 wala-wo 阅读(661) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

wala-wo

爱学习，总是好事的！

在asp中实现sql语句参数化查询

公告