https://stackoverflow.com/questions/21578101
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianyou code is wide open for a SQL injection!!!
read about parametrized queries.
in your first SQL you have apostrophes (') which is bad if cid is a number
Variable interpolation in ASP, ADO
-
07-10-2022 - |
質問
I am using a variable to interpolate in ASP, for this i have an vairable:
cid=Request.Form("customerID")
and then,
rs.open "SELECT * FROM customers WHERE customerID='" & cid & "'",conn
the above statement does not work.
while this works:
rs.open "SELECT * FROM customers WHERE customerID=1",conn
can someone please help me???
解決
所属していません StackOverflow
