Pass a vbscript String list to a SQL "in"operator -

-

in vb script have select statement trying pass string value undetermined length sql in operator below code works allows sql injection.

i looking way use ado createparameter method. believe different ways have tried getting caught in data type (advarchar, adlongchar, adlongwchar)

    dim studentid  studentid = getrequestparam("studentid")  dim rsgetdata, dbcommand     set dbcommand = server.createobject("adodb.command")     set rsgetdata = server.createobject("adodb.recordset")     dbcommand.commandtype = adcmdtext     dbcommand.activeconnection = dbconn dbcommand.commandtext = "select * students studentid in (" & studentid & ")" set rsgetdata = dbcommand.execute()

i have tried

call addparameter(dbcommand, "studentid", advarchar, adparaminput, nothing, studentid)

which gives me error adodb.parameters error '800a0e7c' problems adding parameter (studentid)=('sid0001','sid0010') :parameter object improperly defined. inconsistent or incomplete information provided.

i have tried

call addparameter(dbcommand, "studentid", adlongvarchar, adparaminput, nothing, studentid)

and

    dim studentid  studentid = getrequestparam("studentid")  dim slength slength = len(studentid) response.write(slength)  dim rsgetdata, dbcommand     set dbcommand = server.createobject("adodb.command")     set rsgetdata = server.createobject("adodb.recordset")     dbcommand.commandtype = adcmdtext     dbcommand.activeconnection = dbconn dbcommand.commandtext = "select * students studentid in (?)"     call addparameter(dbcommand, "studentid", advarchar, adparaminput, slength, studentid) set rsgetdata = dbcommand.execute()

both of these options don't anything... no error message , sql not executed.

additional information:

studentid being inputted through html form textarea. design able have user input list of student id's (up 1000 lines) , perform actions on these student profiles. in javascript on previous asp have function takes list , changes comma delimited list '' around each element in list.

classic asp not have support this. need fall 1 of alternatives discussed here:

http://www.sommarskog.se/arrays-in-sql-2005.html

that article kind of long, in way: it's considered many standard work on subject.

it happens preferred option not included in article. use holding table each individual item in list, such each item uses ajax request insert or remove holding table moment user selects or de-selects it. join table list, end this:

select s.*  students s inner join studentselections ss on s.studentid = ss.studentid ss.sessionkey = ?

Comments

Post a Comment

Popular posts from this blog

java - Intellij Synchronizing output directories .. -

-
i trying build project, run in debug mode , keep getting "synchronizing output directories" in intellij. takes around 5-10 minutes actual build. project empty , stored on local drive. tried invalidate catche has not worked. out of ideas .. had similar issues? most likely, of data on network drive or in profile being synchronized network drive. if on windows, try moving .ideaxxx/system directory , work directory somewhere else on c: drive.
Read more

git - Initial Commit: "fatal: could not create leading directories of ..." -

-
i trying make initial commit git repository on github unity project. followed along this guide am. note: reason or another, couldn't set unity's asset serialization mode force text, settled on mixed (which believe should work). when call git clone --bare . , error. note not creator of repository , contributor (though making initial commit). here's in terminal (i'm using git bash): welcome git (version 1.8.4-preview20130916) run 'git git' display index. run 'git <command>' display specific commands. cheddar@cheddar-pc ~ $ cd documents/ics168swarch/ cheddar@cheddar-pc ~/documents/ics168swarch $ git init initialized empty git repository in c:/users/cheddar/documents/ics168swarch/.git / cheddar@cheddar-pc ~/documents/ics168swarch (master) $ git add . warning: lf replaced crlf in assets/prefabs.meta. file have original line endings in working directory. warning: lf replaced crlf in assets/prefabs/pellet.prefab.meta. file have original
Read more