1. 首頁
  2. 問答
  3. 經典asp中的循環更新語句

經典asp中的循環更新語句

2013-06-06 102 views
0

我真的需要一些關於此代碼的幫助。當有4個記錄被選中時,循環只會使更新語句運行一次,因此它必須循環4次。這是第一次遇到這個問題,我似乎不明白爲什麼它會這樣做。請幫忙。謝謝。經典asp中的循環更新語句

<!--#include file="connectionString.inc"--> 
<% 
Dim strmode, arrmode,i,rs,SQLstr, a, b, site_to 


strmode=Request.form("changeBox") 
cont1=request.form("cont1") 
arrmode=split(strmode,",") 




if request.form("submitChange") = "" then 
    response.write("Please try again, you have no selected anything. Press back on your browser") 
end if 
    if request.form("submitChange") = "site" then 
    response.write(b) 
    for i = 0 to UBound(arrmode) 
     SQLstr = "UPDATE SCSer SET Ser_Site_Num = '" & request.form("site_to") & "' WHERE Ser_Num = '" & arrmode(i) & "'" 
     Set rs = Server.CreateObject("ADODB.Recordset") 
     rs.open SQLstr, conn, 1, 2  
     Response.Write("SUCCESSFULLY UPDATED! " + arrmode(i)) 
    next 
end if 

if request.form("submitChange") = "contract" then 
    a=LBound(arrmode) 
b=UBound(arrmode) 
    SQLstr = "UPDATE SCSer SET Ser_Site_Num = '" & request.form("site_to") & "' WHERE Ser_Num BETWEEN '" & arrmode(a) & "' AND '" & arrmode(b) & "'" 
    Set rs = Server.CreateObject("ADODB.Recordset") 
    rs.open SQLstr, conn, 1, 2 
    Response.Write("SUCCESSFULLY UPDATED! <br/>") 
    response.write(arrmode(a)+"<br/>") 
    response.write(arrmode(b)) 
end if 
%>

來源

2013-06-06 user2456829

+0

確定實際arrmode有超過1個記錄? UBound(arrmode)返回什麼?順便提一下,這種代碼只是要求進行依賴注入攻擊。 ADO支持參數化查詢。它們更安全,更快速,並且易於編寫 –

+0

Hi UBound(arrmode)返回存儲在數組中的記錄數。我不知道依賴注入攻擊是什麼,我不知道如何做ADO位。你能幫我嗎? – user2456829

+0

UBound(arrmode)的價值是什麼?我敢打賭它是1而不是你的想法。只要做一個Response.Write,或更好的,調試應用程序,看看包含什麼arrmode –

回答

0

試試這個,看看有什麼迴應說:

<% 
Dim strmode, arrmode,i,rs,SQLstr, a, b, site_to 
Dim oConn 

strmode=Request.form("changeBox") 
cont1=request.form("cont1") 
arrmode=split(strmode,",") 

Response.Write "submitChange is:" & request.form("submitChange") & "<br>" 


if request.form("submitChange") = "" then 
    response.write("Please try again, you have not selected anything. Press back on your browser") 
    Response.end 
end if 

set oConn = Server.CreateObject("ADODB.Connection") 
oConn.Open conn 

if request.form("submitChange") = "site" then 
    for i = 0 to UBound(arrmode) 
     SQLstr = "UPDATE SCSer SET Ser_Site_Num = '" & request.form("site_to") & "' WHERE Ser_Num = '" & Trim(arrmode(i)) & "'" 
     Response.Write "Executing SQL: "& SQLstr &"<br>" 
     oConn.Execute(SQLstr)  
     Response.Write("SUCCESSFULLY UPDATED! " + arrmode(i)) 
    next 
end if 

if request.form("submitChange") = "contract" then 
    a=LBound(arrmode) 
    b=UBound(arrmode) 
    SQLstr = "UPDATE SCSer SET Ser_Site_Num = '" & request.form("site_to") & "' WHERE convert(int,Ser_Num) BETWEEN " & arrmode(a) & " AND " & arrmode(b) & "" 
    Response.Write "Executing SQL: "& SQLstr &"<br>" 
    oConn.Execute(SQLstr)  
    Response.Write("SUCCESSFULLY UPDATED! <br/>") 
    response.write(arrmode(a)+"<br/>") 
    response.write(arrmode(b)) 
end if 
%>

來源

2013-06-06 09:29:23 SearchAndResQ

+0

這就是它說的: submitChange是:site 執行SQL :更新SCSer SET Ser_Site_Num ='sungard03'WHERE Ser_Num ='53852' 處理URL時服務器上發生錯誤。請聯繫系統管理員。 如果您是系統管理員,請點擊此處瞭解有關此錯誤的更多信息。 – user2456829

+0

已經改變了代碼,我認爲'conn'是一個連接字符串 – SearchAndResQ

+0

是的,它是連接字符串 – user2456829

相關問題

 相關問題