asp语句的语法错误!
来源:百度知道 编辑:UC知道 时间:2024/05/16 08:13:49
<% dim username
<!--#include file="conn.asp"-->
dim usermail
username=request.Form("username")
usermail=request.Form("useremail")
sql="update data set usermail="& usermail &" where username=" & username
conn.execute(sql)
%>
怎么这语句老弹出,sql语句有语法错误啊?
<!--#include file="conn.asp"-->
dim usermail
username=request.Form("username")
usermail=request.Form("useremail")
sql="update data set usermail="& usermail &" where username=" & username
conn.execute(sql)
%>
怎么这语句老弹出,sql语句有语法错误啊?
sql语句这样改
sql="update data set usermail='"& usermail &"' where username='" & username & "'"
应该可以执行
不过username和usermail两个变量过滤一下好一些,否则可能被sql注入
username=replace(request.Form("username"),"'","''")
usermail=replace(request.Form("useremail"),"'","''")
最后如下
<% dim username
<!--#include file="conn.asp"-->
dim usermail
username=replace(request.Form("username"),"'","''")
usermail=replace(request.Form("useremail"),"'","''")
sql="update data set usermail='"& usermail &"' where username='" & username & "'"
conn.execute(sql)
%>
有
sql="update data set usermail='"& usermail &"