Insert into db, Object Required String
I need to insert some data into DB, there is a problem..it gives me an error :
Source line:
SET sql =\"Insert In
-
If I was to guess I'd say your problem is you're passing the
SupIDandCatIDfields as strings when they are probably integers. The problem with handling INSERT this way is you leave yourself open to SQL Injection plus you encounter data type issues like you seem to be experiencing here.Whenever possible when interacting with a database you should try to use Parameterised Queries. In Classic ASP the best object to do this is
ADODB.Command.Here is an example using your code;
NOTE: If you have problems with the ADO named constants like
adParamInputthen look in the links section below to see how to use theMETADATAtag in yourglobal.asafile to reference the ADO type library across your application.Dim cmd, sql, conn_string, rs, data 'Wouldn't recommend storing your database inside your website root, instead 'store it outside in another folder and set up a variable in an include file 'to store the location. That way it is not accessible to everyone. conn_string = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("WebData/DB.mdb") & ";" Set cmd = Server.CreateObject("ADODB.Command") sql = "SELECT * FROM Products WHERE ProductName = ?" With cmd .ActiveConnection = conn_string .CommandType = adCmdText .CommandText = sql Call .Parameters.Append(.CreateParameter("@ProductName", adVarWChar, adParamInput, 50)) Set rs = .Execute(, Array(pName)) If Not rs.EOF Then data = rs.GetRows() Call rs.Close() Set rs = Nothing End With If IsArray(data) Then sql = "" sql = sql & "INSERT INTO Products (ProductName, SupID, CatID, Price, Pic, Description) " & vbCrLf sql = sql & "VALUES (?, ?, ?, ?, ?, ?)" Set cmd = Server.CreateObject("ADODB.Command") With cmd .ActiveConnection = conn_string .CommandType = adCmdText .CommandText = sql 'Define Parameters 'Making some assumptions about your data types, but you can modify these to fit 'good guide for this is http://www.carlprothman.net/Technology/DataTypeMapping/tabid/97/Default.aspx Call .Parameters.Append(.CreateParameter("@ProductName", adVarWChar, adParamInput, 50)) Call .Parameters.Append(.CreateParameter("@SupID", adInteger, adParamInput, 4)) Call .Parameters.Append(.CreateParameter("@CatID", adInteger, adParamInput, 4)) Call .Parameters.Append(.CreateParameter("@Price", adCurrency, adParamInput, 4)) Call .Parameters.Append(.CreateParameter("@Pic", adVarWChar, adParamInput, 255)) Call .Parameters.Append(.CreateParameter("@Description", adLongVarWChar, adParamInput, 1000)) 'Some of your variables may require conversion before setting the parameter values. .Parameters("@ProductName").Value = pName .Parameters("@SupID").Value = CLng(pbId) .Parameters("@CatID").Value = CLng(pcId) .Parameters("@Price").Value = price .Parameters("@Pic").Value = pic .Parameters("@Description").Value = desc 'Execute Command .Execute() End With Set cmd = Nothing Call Response.write("<script language=""javascript"">alert('Product added succesfully!');</script>") Else Call Response.Write("<script language=""javascript"">alert('Product already exist!');</script>") End IfLinks
- Data Type Mapping
- Using METADATA to Import DLL Constants
- Answer from SQL insert into database with apostrophe
讨论(0) -
In VBScript, VBA and VB5/6,
SETis required to assign an object reference; to assign any other sort of data (including a string), just remove it:sql = "Insert Into Products (ProductName,SupID,CatID,Price,Pic,Description) Values( '"&pName&"','"&pbId&"','"&pcId&"','"&price&"','"&pic&"','"&desc&"')"(In VBA and VB5/6 you could also use
LEThere.)The reason
SETworks when assigning the result of aRequest.Form("foo")call is because theFormcollection is a collection of objects - the subsequent tests against""and"-1"are valid only because the objects returned have a default parameterless property or method that return a string-compatible variant.讨论(0)
加载中...
- 热议问题