0
我正在使用asp classic。我是新來的asp,它的語法似乎讓我感到困惑。更新查詢:未終止的字符串常量錯誤asp
我有這個代碼來更新名爲jeanmeasure的表中的數據。
這個查詢有什麼問題?它提供了以下錯誤:
現在我的代碼是
Dim m1,m2,m3,m4,m5,m6,m7,m8,m9,m1d,m2d,m3d,m4d,m5d,m6d,m7d,m8d,m9d
m1 = Request.QueryString("m1")
m2 = Request.QueryString("m2")
m3 = Request.QueryString("m3")
m4 = Request.QueryString("m4")
m5 = Request.QueryString("m5")
m6 = Request.QueryString("m6")
m7 = Request.QueryString("m7")
m8 = Request.QueryString("m8")
m9 = Request.QueryString("m9")
m1d = Request.QueryString("m1d")
m2d = Request.QueryString("m2d")
m3d = Request.QueryString("m3d")
m4d = Request.QueryString("m4d")
m5d = Request.QueryString("m5d")
m6d = Request.QueryString("m6d")
m7d = Request.QueryString("m7d")
m8d = Request.QueryString("m8d")
m9d = Request.QueryString("m9d")
sql =" UPDATE jeanmeasure SET m1 = "&m1&" , m2 = ,"&m2&", m3 = "&m3&", m4 = "&m4&", m5 = "&m5&",m6 = "&m6&",m7 = "&m7&",m8 = "&m8&",m9 = "&m9&",m1d = "&m1d&", m2d = "&m2d&", m3d = "&m3d&", m4d = "&m4d&",m5d = "&m5d&",m6d = "&m6d&",m7d = "&m7d&", m8d = "&m8d&", m9d = "&m9d&" WHERE id = 1 "
Response.Write(sql)
dbobj.execute(sql)
,誤差 語法埃羅 附近'=「M1,M2 =,M2,M3 = M3,M4 =,M5 = M5,M6 = M6,M7 = M7,M8 = M8,M9 = M9,M1D'位於第1行
你是爲[SQL注入]完全開放(HTTP:/ /en.wikipedia.org/wiki/SQL_injection)。您應該使用[參數化查詢](http://www.userfriendlythinking.com/Blog/BlogDetail.asp?p1=7013&p2=119&p7=3001)。在到達SQL Server之前,您是否檢查過'up'的值? – Oded 2012-07-13 10:03:33
忘記了現在..我需要修復此查詢@Oded – user1450479 2012-07-13 10:06:02
您在執行之前檢查了查詢的_actual_值嗎?看看(可能在此發佈) - 這是錯誤的地方。 – Oded 2012-07-13 10:06:52