這裏是SQL語句:SQL查詢不插入正確的值到數據庫
SQL = "INSERT INTO MYIMAGES(image_blob, filename, description, filesize, accountnum, rmanum, billol, copiedfilename) VALUES(?, '"
SQL = SQL & File.Filename & "', '"
SQL = SQL & Replace(Upload.Form("DESCR"), "'", "''") & "', '"
SQL = SQL & File.Size & "', '"
SQL = SQL & Replace(Upload.Form("accountnum"), "'", "''") & "', '"
SQL = SQL & Replace(Upload.Form("rmanum"), "'", "''") & "', '"
SQL = SQL & Replace(Upload.Form("billol"), "'", "''") & "', "
SQL = SQL & Replace(Upload.Form("accountnum"), "'", "''") & "-" & Replace(Upload.Form("rmanum"), "'", "''") & ")"
accountnum = 3456345 rmanum = 345234
在被輸入數據庫中的值是3111111
什麼,我希望它是是3456345-345234
該列的數據類型是varchar(255)
- 我在做什麼錯?
[SQL注入](http://en.wikipedia.org/wiki/SQL_injection),有人嗎? – Oded 2013-02-08 20:35:01
如果輸出sql變量,它看起來像什麼?另外,你在說什麼領域? – 2013-02-08 20:36:18
對不起,這是最後一個,複製文件名字段 – user7954 2013-02-08 20:37:57