甲骨文错误“;针对Oracle的Microsoft OLE DB提供程序错误';80040e14';ORA-00936:缺少表达式/secure/databook/behandl_-databook.asp,第49行“; %@Languag
甲骨文错误“;针对Oracle的Microsoft OLE DB提供程序错误';80040e14';ORA-00936:缺少表达式/secure/databook/behandl_-databook.asp,第49行“;甲骨文错误“;针对Oracle的Microsoft OLE DB提供程序错误';80040e14';ORA-00936:缺少表达式/secure/databook/behandl_-databook.asp,第49行“; %@Languag,oracle,Oracle,甲骨文错误“;针对Oracle的Microsoft OLE DB提供程序错误';80040e14';ORA-00936:缺少表达式/secure/databook/behandl_-databook.asp,第49行“; %@Language=VBScript%> 好的,然后打印出sSQL的值,并在sql客户机中运行它,以查看完整的构造sql语句。如果调试显示的是aktfilid值,那么Session(“kundenummer”)是否会为空?但是是的,打印/记录正在执行的实际命令
%@Language=VBScript%>
好的,然后打印出sSQL的值,并在sql客户机中运行它,以查看完整的构造sql语句。如果调试显示的是aktfilid
值,那么Session(“kundenummer”)
是否会为空?但是是的,打印/记录正在执行的实际命令将很快发现错误。既然您似乎没有任何绑定变量,那么您正在设置哪些参数?既然您是从用户输入构建命令,那么您如何防止注入呢?
%@ Language=VBScript %>
<% option explicit %>
<!-- #include virtual="/secure/inc/logged_on.asp" -->
<!-- #include virtual="/secure/inc/resettimer.asp" -->
<!-- #include virtual="/secure/databoks/inc/open_dbox_db.asp" -->
<!-- #include virtual="/secure/inc/functions.asp" -->
<!-- #include virtual="/secure/databoks/inc/dbox_functions.asp" -->
<!-- #include file="adovbs.inc" -->
<!-- #include virtual="/secure/inc/security_functions.asp" --> <% ' #2758 %>
<%
Dim setkomma
Dim aktfilid
Dim sSQL
Dim item
If Request.Form("slettet") <> "" Then
sSQL = "UPDATE dbox_files SET slettet = sysdate WHERE kundenr = " & Session("kundenummer") & " and brugernr = '" & Session("rkibrugernummer") & "' and slettet is null and filid in("
setkomma = false
For Each item In Request.Form("slettet")
aktfilid = trim(item)
session("_logger").debug "asp.databoks/behandl_databoks", "(1) aktfilid: " & aktfilid
If setkomma Then
sSQL = sSQL & ","
End if
sSQL = sSQL & aktfilid
setkomma = true
Next
sSQL = sSQL & ")"
Dim objCmd
Dim Rec
const adCmdText = &H0001
Const adVarChar = 200
Const adParamInput = &H0001
set objCmd = server.CreateObject("ADODB.Command")
objCmd.ActiveConnection = DBoxConn
objCmd.CommandType =adCmdText
objCmd.CommandText=sSQL
objCmd.parameters.append objCmd.CreateParameter("@kundenummer", adVarChar, adParamInput, 150, Session("kundenummer"))
objCmd.parameters.append objCmd.CreateParameter("@rkibrugernummer", adVarChar, adParamInput, 150, Session("rkibrugernummer"))
For populating recordset do the following:
Set recordsetobject = .Execute
Set Rec = objCmd.Execute()
While NOT Rec.EOF
Rec.MoveNext
Wend
Set objCmd = Nothing
End If