asp 多条件查询 SQL 查询的时候应该怎么处理
日期:2014-05-16 浏览次数:20893 次
asp 多条件查询 SQL 查询的时候应该怎么办!
asp 多条件查询 SQL 查询的时候应该怎么办!
比如当选着“全部”的时候 sql 中的查询语句 a.GongSiNo = '"&request("gongsi")&"' 不应该有!
现在的语句是这样的!
------解决方案--------------------
组合下就好了,还有其他数据要注释验证是否有值,还有有效性,你这个sql注入100%的
asp 多条件查询 SQL 查询的时候应该怎么办!
比如当选着“全部”的时候 sql 中的查询语句 a.GongSiNo = '"&request("gongsi")&"' 不应该有!
现在的语句是这样的!
select a.gongsimc,a.card_kehu_no as kehu_no,a.card_no,a.card_kehu_mc as kehu_mc,a.card_kehu_shouji as kehu_dh,a.che_no,a.card_kind,a.card_enddate,lastdate,datediff(day,isnull(lastdate,getdate()-365),getdate()) days from (select zhifu_card_no,max(lastdate) as lastdate from (select zhifu_card_no ,xche_jsrq lastdate from work_pz_sj union select zhifu_card_no,xc_rq lastdate from work_xiche_pz_sj union select zhifu_card_no,xiao_rq lastdate from xiaosh_pz_sj union select card_no as zhifu_card_no,xche_jsrq lastdate from work_pz_sj union select card_no as zhifu_card_no,xc_rq lastdate from work_xiche_pz_sj union select card_no as zhifu_card_no,xiao_rq lastdate from xiaosh_pz_sj) aa group by zhifu_card_no) b left join card a on b.zhifu_card_no=a.card_no where a.card_no is not null and lastdate>='"&request("txtBeginDate")&"' and lastdate<='"&request("txtEndDate")&"' and a.GongSiNo = '"&request("gongsi")&"' and datediff(day,isnull(lastdate,getdate()-365),getdate())>='"&request("txtDay")&"' and datediff(day,isnull(lastdate,getdate()-365),getdate())<='"&request("txtDay2")&"' ORDER BY lastdate
------解决方案--------------------
sql="select a.gongsimc,a.card_kehu_no as kehu_no,a.card_no,a.card_kehu_mc as kehu_mc,a.card_kehu_shouji as kehu_dh,a.che_no,a.card_kind,a.card_enddate,lastdate,datediff(day,isnull(lastdate,getdate()-365),getdate()) days from (select zhifu_card_no,max(lastdate) as lastdate from (select zhifu_card_no ,xche_jsrq lastdate from work_pz_sj union select zhifu_card_no,xc_rq lastdate from work_xiche_pz_sj union select zhifu_card_no,xiao_rq lastdate from xiaosh_pz_sj union select card_no as zhifu_card_no,xche_jsrq lastdate from work_pz_sj union select card_no as zhifu_card_no,xc_rq lastdate from work_xiche_pz_sj union select card_no as zhifu_card_no,xiao_rq lastdate from xiaosh_pz_sj) aa group by zhifu_card_no) b left join card a on b.zhifu_card_no=a.card_no where a.card_no is not null and lastdate>='"&request("txtBeginDate")&"' and lastdate<='"&request("txtEndDate")&"' and datediff(day,isnull(lastdate,getdate()-365),getdate())>='"&request("txtDay")&"' and datediff(day,isnull(lastdate,getdate()-365),getdate())<='"&request("txtDay2")&"'"
v=request("gongsi")
if v<>"全部" then sql=sql&" and a.GongSiNo = '"&v&"'
sql=sql&" ORDER BY lastdate"组合下就好了,还有其他数据要注释验证是否有值,还有有效性,你这个sql注入100%的
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
