搜索
编程论坛WEB开发『 ASP技术论坛 』 → 再一次求助啊~~急~~ASP表单问题
标题:再一次求助啊~~急~~ASP表单问题
取消只看楼主
wfywfy
Rank: 1
等 级:新手上路
帖 子:5
专家分:0
注 册:2011-10-28
结帖率:66.67%
楼主
已结贴  问题点数:20 回复次数:0 
再一次求助啊~~急~~ASP表单问题
asp sql查询好像无法获取表单数据
这个是HTML表单:
                    <td height="25" align="right" class="FontHB">身份证号:</td>
                    <td height="25"><input name="UserAddr" type="text" id="UserAddr" style="width:150px" size="10" class="txt1"></td>
                  </tr>
                                    <tr>
                    <td height="25" align="right" class="FontHB">证书编号:</td>
                    <td height="25"><input name="UserAge" type="text" id="UserAge" style="width:150px" size="10" class="txt1"></td>
                  </tr>
                                    <tr>
                    <td height="25" align="right" class="FontHB">准考证号:</td>
                    <td height="25"><input name="UserNum" type="text" id="UserNum" style="width:150px" size="10" class="txt1"></td>
                  </tr>
                                    <tr>
                    <td height="25" align="right" class="FontHB">姓&nbsp&nbsp&nbsp&nbsp名:</td>
                    <td height="25"><input name="UserName" type="text" id="UserName" style="width:150px" size="10" class="txt1"></td>
                  </tr>
                   <tr>
            <td height="25" align="center"></td>


这个是asp核心文件


'-----------------------------------------------------------
'过滤非法SQL字符
'-----------------------------------------------------------
function ReplaceBadChar(strChar)
    if strChar="" then
        ReplaceBadChar=""
    else
        ReplaceBadChar=replace(replace(replace(replace(replace(replace(replace(strChar,"'",""),"*",""),"?",""),"(",""),")",""),"<",""),".","")
    end if
end function
'-----------------------------------------------------------
'取得表单数据
'-----------------------------------------------------------
dim UserAddr,UserAge,UserNum,UserName
UserAddr=ReplaceBadChar(Trim(Request.QueryString("UserAddr")))
UserAge=ReplaceBadChar(Trim(Request.QueryString("UserAge")))
UserNum=ReplaceBadChar(Trim(Request.QueryString("UserNum")))
UserName=ReplaceBadChar(Trim(Request.QueryString("UserName")))
'Response.Write(UserNum)
'-----------------------------------------------------------
'生成SQL代码
'-----------------------------------------------------------
XcUserInfo =1
IF UserAddr<> "" Then
    StrSql="Select * From XcUserInfo where UserAddr='" &UserAddr&"' or UserAge='"&UserAge&"' or UserNum='"&UserNum&"' or UserName='"&UserName&"'"
    XcUserInfo =2
Else
      StrSql="Select * From XcUserInfo where UserAddr='" &UserAddr&"' or UserAge='"&UserAge&"' or UserNum='"&UserNum&"' or UserName='"&UserName&"'"
End If
'Response.Write(StrSql)              我解除这条注释  结果显示 Select * From XcUserInfo where UserAddr='' or UserAge='' or UserNum='' or UserName=''     
Set Rs=Conn.execute(StrSql)
'Response.Write(XcUserInfo )

 %>


求大神帮忙啊  感激不尽~~~~~~~`
搜索更多相关主题的帖子: 证书 身份证号 
2011-10-29 13:03



参与讨论请移步原网站贴子:https://bbs.bccn.net/thread-353765-1-1.html




关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.077470 second(s), 8 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved