我有一个经典的ASP页面,其中包含一些代码,用于检查表中是否存在电子邮件,如下所示;
<%
'' //Check the submitted email against existing ones in the database
set CmdCheckEmail = server.CreateObject("ADODB.Command")
CmdCheckEmail.ActiveConnection = MM_dbconn_STRING
CmdCheckEmail.CommandText = "SELECT COUNT(ReferredEmail) AS 'CountEmail' FROM TenantReferral WHERE ReferredEmail = '" & Request("Email") & "'"
Response.Write(CmdCheckEmail.CommandText)
CmdCheckEmail.CommandType = 1
CmdCheckEmail.CommandTimeout = 0
CmdCheckEmail.Prepared = true
CmdCheckEmail.Execute()
countEmail = CmdCheckEmail("CountEmail")
set CmdCheckEmail = nothing
conn.close
set conn = nothing
If(countEmail >= 1) Then
Message = Message & "<p>This email address has already been referred.</p>"
End If
%>
但是,该页面报告了以下错误;
SELECT COUNT(ReferredEmail) AS 'CountEmail' FROM TenantReferral WHERE ReferredEmail = 'test@xyz.com'
ADODB.Command error '800a0cc1'
Item cannot be found in the collection corresponding to the requested name or ordinal.
/default2.asp, line 19
第19行如下;
countEmail = CmdCheckEmail("CountEmail")
电子邮件确实存在于表格中,表格中只包含以下列; ReferredEmail和ReferredCode
我想知道是否有人能够解释这个错误?
谢谢。
答案 0 :(得分:0)
请注意确定您正在使用的数据库,但请尝试将您的sql更改为:
SELECT COUNT(ReferredEmail) AS CountEmail FROM TenantReferral WHERE ReferredEmail = 'test@xyz.com'
然后改变
CmdCheckEmail.Execute()
countEmail = CmdCheckEmail("CountEmail")
到
set rs = CmdCheckEmail.Execute()
countEmail = rs("CountEmail")
此外,您对该查询存在SQL注入问题。您应该使用parameterized queries。
答案 1 :(得分:0)
CmdCheckEmail("CountEmail")尝试访问Command对象的默认成员,即参数集合。但是,您不希望访问参数,而是访问结果记录集的字段。
试试这个(未经测试):
Set rs=CmdCheckEmail.Execute()
countEmail = rs("CountEmail")
除此之外,请注意:这一行:
CmdCheckEmail.CommandText = "SELECT COUNT(ReferredEmail) AS 'CountEmail' FROM TenantReferral WHERE ReferredEmail = '" & Request("Email") & "'"
易受SQL injection攻击。
永远不要将文字字符串嵌入到SQL语句中;改用参数。 (在这种情况下,您可以使用Command.Parameters集合执行此操作。)