注册 登录
编程论坛 ASP技术论坛

再一次求助啊~~急~~ASP表单问题

wfywfy 发布于 2011-10-29 13:03, 540 次点击
asp sql查询好像无法获取表单数据
这个是HTML表单:
                    <td height="25" align="right" class="FontHB">身份证号:</td>
                    <td height="25"><input name="UserAddr" type="text" id="UserAddr" style="width:150px" size="10" class="txt1"></td>
                  </tr>
                                    <tr>
                    <td height="25" align="right" class="FontHB">证书编号:</td>
                    <td height="25"><input name="UserAge" type="text" id="UserAge" style="width:150px" size="10" class="txt1"></td>
                  </tr>
                                    <tr>
                    <td height="25" align="right" class="FontHB">准考证号:</td>
                    <td height="25"><input name="UserNum" type="text" id="UserNum" style="width:150px" size="10" class="txt1"></td>
                  </tr>
                                    <tr>
                    <td height="25" align="right" class="FontHB">姓&nbsp&nbsp&nbsp&nbsp名:</td>
                    <td height="25"><input name="UserName" type="text" id="UserName" style="width:150px" size="10" class="txt1"></td>
                  </tr>
                   <tr>
            <td height="25" align="center"></td>


这个是asp核心文件


'-----------------------------------------------------------
'过滤非法SQL字符
'-----------------------------------------------------------
function ReplaceBadChar(strChar)
    if strChar="" then
        ReplaceBadChar=""
    else
        ReplaceBadChar=replace(replace(replace(replace(replace(replace(replace(strChar,"'",""),"*",""),"?",""),"(",""),")",""),"<",""),".","")
    end if
end function
'-----------------------------------------------------------
'取得表单数据
'-----------------------------------------------------------
dim UserAddr,UserAge,UserNum,UserName
UserAddr=ReplaceBadChar(Trim(Request.QueryString("UserAddr")))
UserAge=ReplaceBadChar(Trim(Request.QueryString("UserAge")))
UserNum=ReplaceBadChar(Trim(Request.QueryString("UserNum")))
UserName=ReplaceBadChar(Trim(Request.QueryString("UserName")))
'Response.Write(UserNum)
'-----------------------------------------------------------
'生成SQL代码
'-----------------------------------------------------------
XcUserInfo =1
IF UserAddr<> "" Then
    StrSql="Select * From XcUserInfo where UserAddr='" &UserAddr&"' or UserAge='"&UserAge&"' or UserNum='"&UserNum&"' or UserName='"&UserName&"'"
    XcUserInfo =2
Else
      StrSql="Select * From XcUserInfo where UserAddr='" &UserAddr&"' or UserAge='"&UserAge&"' or UserNum='"&UserNum&"' or UserName='"&UserName&"'"
End If
'Response.Write(StrSql)              我解除这条注释  结果显示 Select * From XcUserInfo where UserAddr='' or UserAge='' or UserNum='' or UserName=''     
Set Rs=Conn.execute(StrSql)
'Response.Write(XcUserInfo )

 %>


求大神帮忙啊  感激不尽~~~~~~~`
2 回复
#2
VB爱上我2011-10-29 22:22
Request.QueryString("UserAddr") 这种带QueryString的是url get 传递方式,如果网址上没有这个UserAddr参数就没有值的,如果你用post传递方式Request.Form("UserAddr")或Request("UserAddr")就可以获取文本框值,前提是要有<form action="" method="post">

补充:如果<form action="" method="get">如果是get,用Request.QueryString("UserAddr")也行
#3
cnfarer2011-10-30 13:13
用Request("UserAddr")这种方式好,不管POST还是GET都行!
1
©2025, BC-CN.NET
电脑版