2009-09-24 193 views
0

我有一個經典的ASP頁面,其中包含一些代碼以檢查表中是否存在電子郵件,如下所示;檢查電子郵件是否存在

<% 
    '' //Check the submitted email against existing ones in the database 
    set CmdCheckEmail = server.CreateObject("ADODB.Command") 
    CmdCheckEmail.ActiveConnection = MM_dbconn_STRING 
    CmdCheckEmail.CommandText = "SELECT COUNT(ReferredEmail) AS 'CountEmail' FROM TenantReferral WHERE ReferredEmail = '" & Request("Email") & "'" 
    Response.Write(CmdCheckEmail.CommandText) 
    CmdCheckEmail.CommandType = 1 
    CmdCheckEmail.CommandTimeout = 0 
    CmdCheckEmail.Prepared = true 
    CmdCheckEmail.Execute() 

    countEmail = CmdCheckEmail("CountEmail") 

    set CmdCheckEmail = nothing 
    conn.close 
    set conn = nothing 

    If(countEmail >= 1) Then 
     Message = Message & "<p>This email address has already been referred.</p>" 
    End If 
%> 

但是,頁面正在報告以下錯誤;

SELECT COUNT(ReferredEmail) AS 'CountEmail' FROM TenantReferral WHERE ReferredEmail = '[email protected]' 

ADODB.Command error '800a0cc1' 

Item cannot be found in the collection corresponding to the requested name or ordinal. 

/default2.asp, line 19 

第19行如下;

countEmail = CmdCheckEmail("CountEmail") 

電子郵件確實存在於表與表只是有以下幾列; ReferredEmail和ReferredCode

我想知道是否有人能夠解決這個錯誤?

謝謝。

回答

0

注意確保您正在使用的數據庫,但試圖改變你的SQL語句:

SELECT COUNT(ReferredEmail) AS CountEmail FROM TenantReferral WHERE ReferredEmail = '[email protected]' 

然後改變

CmdCheckEmail.Execute()  
countEmail = CmdCheckEmail("CountEmail") 

set rs = CmdCheckEmail.Execute() 
countEmail = rs("CountEmail") 

而且,你有一個SQL注入問題與該查詢。你應該使用parameterized queries

+0

@Orbman - 我正在使用MSSQL數據庫,但是仍然報告使用'CountEmail'或CountEmail時出現同樣的錯誤:( – doubleplusgood 2009-09-24 11:44:27

+0

您正在使用cmd對象不正確,請參閱我的編輯 – RedFilter 2009-09-24 11:48:30

+0

感謝Orbman,我現在得到一個對象:'conn' /default2.asp,第20行錯誤 – doubleplusgood 2009-09-24 11:53:31

0

CmdCheckEmail("CountEmail")嘗試訪問Command對象的默認成員,該對象是參數集合。但是,您不想訪問參數,而是訪問生成的記錄集的字段。

試試這個(未測試):

Set rs=CmdCheckEmail.Execute() 

countEmail = rs("CountEmail") 

除此之外,請注意:這條線:

CmdCheckEmail.CommandText = "SELECT COUNT(ReferredEmail) AS 'CountEmail' FROM TenantReferral WHERE ReferredEmail = '" & Request("Email") & "'" 

是容易受到攻擊SQL injection

從不將字符串嵌入到SQL語句中;改用參數。 (在這種情況下,你可以使用Command.Parameters集合來做到這一點。)