在Classic Asp中使用参数化查询时生成错误的查询

I am making a database call through the following parametrized query.

我通过以下参数化查询进行数据库调用。

set recordset = Server.CReateObject("ADODB.Recordset")
set cmd1  = Server.CreateObject("ADODB.Command")
cmd1.CommandText = "SELECT * FROM tbl_catmaster where (catname =? or catname =?) ORDER BY catname"
cmd1.ActiveConnection = Conn //connection object already created
cmd1.Parameters(0) = "programmer"
cmd1.Parameters(1) = "developer"
set recordset = cmd1.Execute

My problem is that when I see the query in the sql server profiler, it is like :

我的问题是，当我在sql server profiler中看到查询时，它就像：

"Select catname,catname FROM tbl_catmaster"

Please help. I am using sql server 2005.

请帮忙。我正在使用sql server 2005。

2 个解决方案

#1

I would do like this:

我会这样做：

function commandCreateText(conn, sql)
  dim recordset, cmd1
  set cmd1 = server.createobject("adodb.command")
  set recordset = server.createobject("adodb.recordset")
  set cmd1.activeconnection = conn //which you already have defined
  cmd1.commandtext = sql
  cmd1.commandtype = 1
  set commandCreateText = cmd1
end function

sql = "select * from tbl_catmaster where catname = ? or catname = ? order by catname"
set cmd1 = commandCreateText(conn, sql)
set recordset = cmd1.execute(, array("programmer", "developer"))

if recordset.eof then
  response.write("No records found!")
else
  do until recordset.eof
    response.write("1 record found!")
    recordset.movenext
  loop
end if

#2

You need to create and append the parameters, not sure about the profiler.

您需要创建和附加参数，不确定分析器。

set prm = cmd1.CreateParameter("@prm", 200, 1,200 , "developer")
cmd1.Parameters.Append prm

#1