tags:

views:

1373

answers:

3
+2  Q: 

How to make a parametrized SQL Query on Classic ASP?

Can someone show me the simplest way of perform a parametrized SQL query using Classic ASP in VBscript?

A compilable example would be best.

+6  A: 

I'm assuming you are referring to a parameterized SQL Query. If this is the case, then the VBScript code would look something like this:

Set adoCon = Server.CreateObject("ADODB.Connection")
adoCon.Open "connectionstring"
SET cmd = Server.CreateObject("ADODB.Command")
cmd.ActiveConnection = adoCon
cmd.CommandType= adCmdStoredProc 
cmd.CommandText = "GetCustomerByFirstName" 

cmd.Parameters.Append cmd.CreateParameter("@FirstName",adVarchar,adParamInput,50,"John")    

Set Rec = cmd.Execute()
While NOT Rec.EOF
  'code to iterate through the recordset
  Rec.MoveNext
End While

UPDATE: You need to include the ADOVBS.inc file for the constants to be recognized.

Here's a link: ADOVBS.inc

Jose Basilio  2009-04-20 23:07:58
do I need to include some file to get ASP to recognize adVarchar and adParamInput constants?
Pablo Santa Cruz  2009-04-20 23:13:06
Yes. Here's a link to that file http://www.asp101.com/articles/john/adovbs/adovbs.inc.txt
Jose Basilio  2009-04-20 23:15:25
+5  A: 

Use the adodb.command object.

with createobject("adodb.command")
    .activeConnection = application("connectionstring")
    .commandText = "select * from sometable where id=?"
    set rs = .execute( ,array(123))
end with

I would also advise to use a custom db access object instead of using adodb directly. This allows you to build a nicer api, improves testability and add hooks for debuging/logging/profiling. Secondly you can add request scoped transactions with implicit rollback's on errors using the class_terminiate event. Oure db access object offers the following query api 

call db.execute("update some_table set column=? where id=?", array(value, id))
set rs = db.fetch_rs("select * from some_table where id=?", array(id))
count = db.fetch_scalar("select count(*) from some_table where column > ?", array(value))
 2009-04-21 06:48:14
+3  A: 

Another option to including adovbs.inc is to add a reference to the following type library near the top of your ASP. Supposedly this has better performance than an include:

<!--METADATA TYPE="TypeLib" NAME="ADODB Type Library" UUID="00000205-0000-0010-8000-00AA006D2EA4" FILE="C:\Program Files\Common Files\System\ado\msado15.dll" VERSION="2.5" -->

Here is a list of some type libraries.

Mike Henry  2009-04-23 20:15:46
+1 excellent suggestion!
Abel  2010-07-30 11:24:13

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP