我正在尝试对一个旧的VB网络应用程序进行一些小的更改,我需要在字符串内添加引号,但迄今为止没有成功。该字符串是:
Dim sql As String = "Select * from Usertask Where UserId = " & Session("UserId") & " and JobID=" & ddlReqTask.SelectedValue
我需要在Session("UserID")值周围添加引号。
我正在尝试对一个旧的VB网络应用程序进行一些小的更改,我需要在字符串内添加引号,但迄今为止没有成功。该字符串是:
Dim sql As String = "Select * from Usertask Where UserId = " & Session("UserId") & " and JobID=" & ddlReqTask.SelectedValue
我需要在Session("UserID")值周围添加引号。
""
将引号插入字符串中,例如:
dim sometext as String = "Hello ""Frank"" how are you?"
这将给出:
Hello "Frank" how are you?
要转义引号,您只需要添加另一个引号,我相信这就是您所需的:
Dim sql As String = "Select * from Usertask Where UserId = """ & Session("UserId") & """ and JobID=" & ddlReqTask.SelectedValue
'; DROP TABLE Usertask; --
相反,使用参数。根据您执行SQL的方式,有不同的方法来执行它; 请向我们展示执行SQL查询的代码。
回答您的问题,
Dim StringWithQuotes As String = "Hello, I've got ""Quotes""!"
这个字符串将会被
你好,我有“引号”!
Dim sql As String = "Select * from Usertask Where UserId = ? AND JobID = ?"
然后向Command对象添加2个ADODB.Parameters,以提供2个参数的值,例如:
Set param = New ADODB.Parameter
param.Name = "@UserId"
param.Direction = adParamInput
param.Type = adVarChar
param.Size = (give size of user id field)
param.value = Session("UserId")
yourADOCommand.Parameters.Append param
同样的方法也适用于JobId参数。
Chr(34)
。Dim sql As String = "Select * from Usertask Where UserId = " & Chr(34) & Replace(Session("UserId"), Chr(34), Chr(34) & Chr(34)) & Chr(34) & " and JobID=" & CLng(ddlReqTask.SelectedValue)
就像这样..
dim user_id as string="SomePerson"
debug.print "UserId=" & chr(34) & user_id & Chr(34)
生成..
UserID="SomePerson"