中科新闻网2013 上市公司 ppp:ASP高手分析一下
来源:百度文库 编辑:中科新闻网 时间:2024/05/01 06:51:05
源程序:
<!--#include file="conn.asp"-->
<%
yourname=Request("yourname")
email=Request("email")
name=request.Form("name")
add=request("add")
postcode=request("postcode")
tel=request("tel")
qq=request("qq")
leixing=request("leixing")
neirong=request("neirong")
domain=request("domain")
danweiname=request("danweiname")
qianyue=request("qianyue")
ename=request("ename")
danweiadd=request("danweiadd")
SQL="Insert into dinggou (qianyue,yourname,email,name,add,postcode,tel,qq,leixing,neirong,domain,danweiname,ename,danweiadd) Values ('"qianyue"','"&yourname&"','"&email&"','"&name&"','"&add&"','"&postcode&"','"&tel&"','"&qq&"','"&leixing&"','"&neirong&"','"&domain&"','"&danweiname&"','"&ename&"','"&danweiadd&"')"
conn.Execute SQL
conn.Close
set Conn = nothing
%>
<script language=javascript>
alert("订购成功!")
document.location="index.asp"
</script>
----------------------------------------
出错提示:
Microsoft VBScript 编译器错误 错误 '800a0401'
语句未结束
/dinggouadd.asp,行17
SQL="Insert into dinggou (qianyue,yourname,email,name,add,postcode,tel,qq,leixing,neirong,domain,danweiname,ename,danweiadd) Values ('"qianyue"','"&yourname&"','"&email&"','"&name&"','"&add&"','"&postcode&"','"&tel&"','"&qq&"','"&leixing&"','"&neirong&"','"&domain&"','"&danweiname&"','"&ename&"','"&danweiadd&"')"
---------------------------------------------------------------------------------------------------------------------------------------^
-------------------------------------
Jackfled
SQL的问题我是在conn.asp文件过滤了的
------------------------------------------
Microsoft VBScript 编译器错误 错误 '800a0409'
未结束的字符串常量
/dinggouadd.asp,行17
SQL="Insert into dinggou (qianyue,yourname,email,name,add,postcode,tel,qq,leixing,neirong,domain,danweiname,ename,danweiadd) Values ('" & qianyue & "','" & yourname & "','" & email & "','" & name & "','" & add & "','" & postcode&"','" & tel & "','" & qq & "','" & leixing & "','" & neirong & "','" & domain & "','" & danweiname & "','" & ename & "','" & danweiadd & "')conn.Execute SQL
-------------------------------
我加了空格了,还是不行
<!--#include file="conn.asp"-->
<%
yourname=Request("yourname")
email=Request("email")
name=request.Form("name")
add=request("add")
postcode=request("postcode")
tel=request("tel")
qq=request("qq")
leixing=request("leixing")
neirong=request("neirong")
domain=request("domain")
danweiname=request("danweiname")
qianyue=request("qianyue")
ename=request("ename")
danweiadd=request("danweiadd")
SQL="Insert into dinggou (qianyue,yourname,email,name,add,postcode,tel,qq,leixing,neirong,domain,danweiname,ename,danweiadd) Values ('"qianyue"','"&yourname&"','"&email&"','"&name&"','"&add&"','"&postcode&"','"&tel&"','"&qq&"','"&leixing&"','"&neirong&"','"&domain&"','"&danweiname&"','"&ename&"','"&danweiadd&"')"
conn.Execute SQL
conn.Close
set Conn = nothing
%>
<script language=javascript>
alert("订购成功!")
document.location="index.asp"
</script>
----------------------------------------
出错提示:
Microsoft VBScript 编译器错误 错误 '800a0401'
语句未结束
/dinggouadd.asp,行17
SQL="Insert into dinggou (qianyue,yourname,email,name,add,postcode,tel,qq,leixing,neirong,domain,danweiname,ename,danweiadd) Values ('"qianyue"','"&yourname&"','"&email&"','"&name&"','"&add&"','"&postcode&"','"&tel&"','"&qq&"','"&leixing&"','"&neirong&"','"&domain&"','"&danweiname&"','"&ename&"','"&danweiadd&"')"
---------------------------------------------------------------------------------------------------------------------------------------^
-------------------------------------
Jackfled
SQL的问题我是在conn.asp文件过滤了的
------------------------------------------
Microsoft VBScript 编译器错误 错误 '800a0409'
未结束的字符串常量
/dinggouadd.asp,行17
SQL="Insert into dinggou (qianyue,yourname,email,name,add,postcode,tel,qq,leixing,neirong,domain,danweiname,ename,danweiadd) Values ('" & qianyue & "','" & yourname & "','" & email & "','" & name & "','" & add & "','" & postcode&"','" & tel & "','" & qq & "','" & leixing & "','" & neirong & "','" & domain & "','" & danweiname & "','" & ename & "','" & danweiadd & "')conn.Execute SQL
-------------------------------
我加了空格了,还是不行
第一个值少了 两个&
改成:
SQL="Insert into dinggou (qianyue,yourname,email,name,add,postcode,tel,qq,leixing,neirong,domain,danweiname,ename,danweiadd) Values ('" & qianyue & "','"&yourname&"','"&email&"','"&name&"','"&add&"','"&postcode&"','"&tel&"','"&qq&"','"&leixing&"','"&neirong&"','"&domain&"','"&danweiname&"','"&ename&"','"&danweiadd&"')"
还有:这样SQL语句很容易给SQL注入。
所有 & 号的前后留个空格
很可能是你没有对这些插入的数据进行单引号处理,比如这个neirong,应该处理一下,再插入数据库:
neirong=Replace(request("neirong"),"'","''")
...
首先你在设计数据表的时候,可能把tel和qq都设为数据类型.
而你在写入的时候,确用''号做为字串符写入.
检查表段类型,然后确定原因.