Asp classic asp中sql的参数化_Asp Classic

Asp classic asp中sql的参数化

asp-classic

Asp classic asp中sql的参数化,asp-classic,Asp Classic,我不太熟悉asp，但我有一个项目，其中有一页 <% 'declare the variables Dim Connection Dim ConnString Dim Recordset Dim SQL Dim userName userName = Request.Form("userName") 'define the connection string, specify database driver ConnString="JJJJJ"//connection informat

我不太熟悉asp，但我有一个项目，其中有一页

<% 
'declare the variables 
Dim Connection
Dim ConnString
Dim Recordset
Dim SQL
Dim userName 
userName = Request.Form("userName")
'define the connection string, specify database driver
ConnString="JJJJJ"//connection information

'declare the SQL statement that will query the database
SQL = "SELECT info AS Lunch, "
SQL = SQL & "FROM dbo.AgentActivityLog WHERE UserId = '" & userName & "'

'create an instance of the ADO connection and recordset objects
Set Connection = Server.CreateObject("ADODB.Connection")
Set Recordset = Server.CreateObject("ADODB.Recordset")

'Open the connection to the database
Connection.Open ConnString

'Open the recordset object executing the SQL statement and return records 
Recordset.Open SQL,Connection

'first of all determine whether there are any records 
If Recordset.EOF Then 
Response.Write("No records returned.") 
Else 
'process record
Next
Recordset.MoveNext     
Loop
End If

'close the connection and recordset objects to free up resources
Recordset.Close
Set Recordset=nothing
Connection.Close
Set Connection=nothing
%>

我建议您查看以下链接上的答案，因为它将填写您寻求的答案：

从提供的代码中，关键的缺失部分是ADODB.Command，用于实际运行SQL并将参数添加到查询中，您可以：
    Set Param = Command.CreateParameter("@userid",adVarChar,adParamInput)
    Param.Value = userName
    Command.Paramters.Append Param

除了将变量更改为？和粘贴到上面的代码中之外，我还需要进一步更改代码吗？链接看起来与我的代码完全不同。