取而代之的是不要去這裏,你已經使用了ADODB.Command對象,爲什麼不使用parameterised query的方式。
試試這個;
由於您尚未提供有關您所在領域類型的信息,我只能推測,因此我已將[datatype]和[size]佔位符替換爲ADO data type constants。在T-SQL地圖ado如何數據類型一個很好的資源是這篇文章 - Data Type Mapping
sql = ""
sql = sql & "INSERT INTO dbo.Jobs (" & vbCrLf
sql = sql & "JobID, CompanyName, DateReceived, DateOfDocument, ClientReference" & vbCrLf
sql = sql & ", Subject, TypeOfService,DueDate,AssignedAgent, ClientName, Plaintiff" & vbCrLf
sql = sql & ", Defendant1, Defendant2, Defendant3, CourtJurisdiction, Court" & vbCrLf
sql = sql & ", Subtype, CourtNumber, Amount, ServiceMethod, JobNotes, JobStatus" & vbCrLf
sql = sql & ", CreatedBy, CreatedDate" & vbCrLf
sql = sql & ") VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?);"
With CreateJob
.ActiveConnection = "yourconnectionstring"
.CommandType = adCmdText
.CommandText = sql
'Add your parameters (all 24 of them in order)
'Assumed JobID is int which equates to adInteger ADO data type constant.
.Parameters.Append(.CreateParameter("@JobID", adInteger, adParamInput, 4))
.Parameters.Append(.CreateParameter("@CompanyName", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@DateReceived", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@DateOfDocument", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@ClientReference", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@Subject", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@TypeOfService", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@DueDate", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@AssignedAgent", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@ClientName", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@Plaintiff", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@Defendant1", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@Defendant2", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@Defendant3", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@CourtJurisdiction", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@Court", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@Subtype", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@CourtNumber", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@Amount", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@ServiceMethod", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@JobNotes", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@JobStatus", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@CreatedBy", [datatype], adParamInput, [size]))
.Parameters.Append(.CreateParameter("@CreatedDate", [datatype], adParamInput, [size]))
'Specify your parameter values may need some conversion based on what you are passing.
.Parameters("@JobId").Value = Request.QueryString("jobid")
'Add the other 23 parameters as the above line.
'...
'Doing an INSERT no need to return recordset
Call .Execute(adExecuteNoRecords)
End With
Set CreateJob = Nothing
看看這個:http://stackoverflow.com/questions/1586560/how-do-i-escape -a-single-quote-in-sqlserver – ipohfly
逃避撇號是使用查詢參數的很多好理由之一。 –
@ipohfly該方法適用於基於SQL的用法,但OP使用[tag:asp-classic]中的代碼並指出他這樣的答案只會導致他走錯了路。我們應該使用[tag:ado]中的'ADODB.Command'對象來建議參數化他的輸入。 – Lankymart