asp执行带参数的sql语句实例

2018-09-06 12:22

阅读:403

  asp执行带参数的sql语句,需要向sql语句添加参数,可以有效屏蔽SQL注入,源代码如下:

  复制代码 代码如下:
conn.ConnectionString = Provider=Microsoft.Jet.OLEDB.4.0;Data Source= + Server.MapPath(Test.mdb);
conn.Open();
cmd.ActiveConnection = conn;
cmd.CommandType = 1;
cmd.CommandText = SELECT TOP 1 * FROM [User] WHERE UserName = ? AND Password = ?;
cmd.Parameters.Append(cmd.CreateParameter(@UserName, 200, 1, 20, user01));
cmd.Parameters.Append(cmd.CreateParameter(@Password, 200, 1, 16, 123456));
var rs = cmd.Execute();
Response.Write(rs(UserId).value);
rs.Close();
conn.Close();


评论


亲,登录后才可以留言!