1,217
社区成员
发帖
与我相关
我的任务
分享sql 中插入字符串的问题,请高手帮忙!!!UP 有分....
问题:插入特殊的字符串的时候报错,可能是因为字符串没有经过处理.请高手帮忙!!
Option Explicit
Dim con As New ADODB.Connection
-----------------------------------------------
'打开SQL 连接
Private Sub Form_Load()
con.ConnectionString = SQlConnectionstring
con.CursorLocation = adUseClient
con.Open
End Sub
---------------------------------------
'向表 TEST 插入一行,其中表 Test 只包含一列,类型为CHR(20)
'RndStr() 为 字符串随机产生函数.
Private Sub Command1_Click()
Dim asa As String, sql As String
asa = RndStr(20)
sql = sql & "DECLARE @X CHAR(20) "
sql = sql & "SELECT @X ='" & asa & "' "
sql = sql & "INSERT INTO TEST VALUES (@X)"
con.Execute sql
End Sub
------------------------------------------
字符串随机产生函数.
Private Function RndStr(leng As Long) As String
Dim i As Long
Dim ChrValue As Integer
Dim Result As String
While Len(Result) < 20
Randomize
ChrValue = Int((255 - 1 + 1) * Rnd + 1)
Result = Result & Chr(ChrValue)
Wend
RndStr = Result
End Function
Option Explicit
Dim con As New ADODB.Connection
-----------------------------------------------
'打开SQL 连接
Private Sub Form_Load()
con.ConnectionString = SQlConnectionstring
con.CursorLocation = adUseClient
con.Open
End Sub
---------------------------------------
'向表 TEST 插入一行,其中表 Test 只包含一列,类型为CHR(20)
'RndStr() 为 字符串随机产生函数.
Private Sub Command1_Click()
Dim asa As String, sql As String
asa = RndStr(20)
sql = sql & "DECLARE @X CHAR(20) "
sql = sql & "SELECT @X ='" & asa & "' "
sql = sql & "INSERT INTO TEST VALUES (@X)"
con.Execute sql
End Sub
------------------------------------------
字符串随机产生函数.
Private Function RndStr(leng As Long) As String
Dim i As Long
Dim ChrValue As Integer
Dim Result As String
While Len(Result) < 20
Randomize
ChrValue = Int((255 - 1 + 1) * Rnd + 1)
Result = Result & Chr(ChrValue)
Wend
RndStr = Result
End Function
...全文
请发表友善的回复…
发表回复
zyg0 2005-09-07
- 打赏
- 举报
asa=replace(asa,"'","!")
'这个符号是插入错误的祸首,建议楼主查一下sql注入,恐怕平时楼主没有注意这个问题
Private Sub Command1_Click()
Dim asa As String, sql As String
asa = RndStr(20)
asa=replace(asa,"'","!")
sql = sql & "DECLARE @X CHAR(20) "
sql = sql & "SELECT @X ='" & asa & "' "
sql = sql & "INSERT INTO TEST VALUES (@X)"
con.Execute sql
End Sub
'这个符号是插入错误的祸首,建议楼主查一下sql注入,恐怕平时楼主没有注意这个问题
Private Sub Command1_Click()
Dim asa As String, sql As String
asa = RndStr(20)
asa=replace(asa,"'","!")
sql = sql & "DECLARE @X CHAR(20) "
sql = sql & "SELECT @X ='" & asa & "' "
sql = sql & "INSERT INTO TEST VALUES (@X)"
con.Execute sql
End Sub
__ANDY__WU 2005-09-06
- 打赏
- 举报
那么怎么解决啊?
pweixing 2005-09-04
- 打赏
- 举报
发现一个问题,
ChrValue = Int((255 - 1 + 1) * Rnd + 1)
Result = Result & Chr(ChrValue)
这两句有可能在你的字符串中间产生回车哦!估计是这样的字符串sql没有办法接受吧!
ChrValue = Int((255 - 1 + 1) * Rnd + 1)
Result = Result & Chr(ChrValue)
这两句有可能在你的字符串中间产生回车哦!估计是这样的字符串sql没有办法接受吧!
__ANDY__WU 2005-09-04
- 打赏
- 举报
如果 :
asa = "',''',',',',',',','," 等不符合SQL語法的該怎么辦阿?這樣不就錯誤暸么?
asa = "',''',',',',',',','," 等不符合SQL語法的該怎么辦阿?這樣不就錯誤暸么?
__ANDY__WU 2005-09-04
- 打赏
- 举报
不行的,我試過了!!
pweixing 2005-09-04
- 打赏
- 举报
asa = RndStr(20)
sql = sql & "DECLARE @X CHAR(20) "
sql = sql & "SELECT @X ='" & asa & "' "
sql = sql & "INSERT INTO TEST VALUES (@X)"
这个地方为什么要这么写啊!??
直接: sql = "INSERT INTO TEST VALUES ('"& asa &"')"
就可以了啊!
sql = sql & "DECLARE @X CHAR(20) "
sql = sql & "SELECT @X ='" & asa & "' "
sql = sql & "INSERT INTO TEST VALUES (@X)"
这个地方为什么要这么写啊!??
直接: sql = "INSERT INTO TEST VALUES ('"& asa &"')"
就可以了啊!
__ANDY__WU 2005-09-04
- 打赏
- 举报
ziji自己UP 一下
