asp執(zhí)行帶參數(shù)的sql語(yǔ)句實(shí)例

    asp執(zhí)行帶參數(shù)的sql語(yǔ)句，需要向sql語(yǔ)句添加參數(shù)，可以有效屏蔽SQL注入，源代碼如下：
    代碼如下:
    var conn = Server.CreateObject("ADODB.Connection");
    conn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + Server.MapPath("Test.mdb");
    conn.Open();
    var cmd = Server.CreateObject("ADODB.Command");
    cmd.ActiveConnection = conn;
    cmd.CommandType = 1;
    cmd.CommandText = "SELECT TOP 1 * FROM [User] WHERE UserName = ? AND Password = ?";
    cmd.Parameters.Append(cmd.CreateParameter("@UserName", 200, 1, 20, "user01"));
    cmd.Parameters.Append(cmd.CreateParameter("@Password", 200, 1, 16, "123456"));
    var rs = cmd.Execute();
    Response.Write(rs("UserId").value);
    rs.Close();
    conn.Close();