First post but thank you for all the help I've gotten from this site so far.
I'm trying to parameterize an SQL query:
query_url = Request.QueryString("ID")
Set rs = Server.CreateObject("ADODB.Recordset")
Set cmd = server.createobject("ADODB.Command")
cmd.ActiveConnection = Internet_String
cmd.CommandType = adCmdText
cmd.CommandText = "SELECT NAME FROM OWNER.TABLE WHERE ID = " + "?" + ""
Set param = cmd.CreateParameter(, , ,200 , Replace(query_url, "'", "''"))
cmd.Parameters.Append param
Set rs = cmd.Execute()
So if I use (no parameters):
SELECT NAME FROM OWNER.TABLE WHERE ID = " + Replace(query_url, "'", "''") + ""
It works fine, so I know my DB connection and query_url are working. Is something wrong with my SQL statement in the parameterized query? I've tried it so many different ways.
When I run my parameterized query in Dreamweaver the page will not load anytime, just spins infinitely, I'm assuming it's not getting a response back from the DB.
Thanks!
EDIT
Alright thanks for the help so far, I'm getting closer. The page loads now but the fields are still blank, heres what I've got so far:
Set rs = Server.CreateObject("ADODB.Recordset")
Set cmd = server.createobject("ADODB.Command")
cmd.ActiveConnection = internet_string
cmd.CommandType = adCmdText
cmd.CommandText = "SELECT NAME FROM OWNER.TABLE WHERE ID = @param"
Set param = cmd.CreateParameter("@param", , ,200 , query_url)
cmd.Parameters.Append param
response.Write(param)
Set rs = cmd.Execute()
Here's how I'm referencing the data:
<strong>Name: <%=(rs.Fields.Item("NAME").Value)%></strong>
Any ideas?
cmd.CreateParameter(, , ,200 , query_url). Since you're using parameters, all the work of escaping special characters is done behind the scenes.