FMR-Net
asked on
Getting VBS to query SQL with variable.
Im having some problems getting vbscript behave like I want it to. The parts I have done, don't even behave as I want (or expected them to.
Below is my script. What I thought would happen, was that it would query the database. and tell me all entires in the users table. However, what it actually does, is it tells me the firstname of the first entry in the table.
However, what I really want, just don't how to do, is to use the SearchFor variable in a WHERE clause, so the userinput would actually be a name, and then the script would search for that name... and give back all the results.
Hope someone can help me out here.
SearchFor = inputbox("Enter persons name")
Set conn = CreateObject("ADODB.Connec tion")
conn.ConnectionString="Pro vider=SQLN CLI10.1;In tegrated Security=SSPI;Initial Catalog=TestDatabase;Data Source=(local);"
conn.Open
WScript.Echo "Connected"
SQL = "select firstname, lastname from TestDatabase.dbo.members"
Set rs = conn.Execute(SQL)
wscript.Echo rs("firstname")
conn.Close
WScript.Echo "connection closed"
(I'm using MS SQL Server)
Below is my script. What I thought would happen, was that it would query the database. and tell me all entires in the users table. However, what it actually does, is it tells me the firstname of the first entry in the table.
However, what I really want, just don't how to do, is to use the SearchFor variable in a WHERE clause, so the userinput would actually be a name, and then the script would search for that name... and give back all the results.
Hope someone can help me out here.
SearchFor = inputbox("Enter persons name")
Set conn = CreateObject("ADODB.Connec
conn.ConnectionString="Pro
conn.Open
WScript.Echo "Connected"
SQL = "select firstname, lastname from TestDatabase.dbo.members"
Set rs = conn.Execute(SQL)
wscript.Echo rs("firstname")
conn.Close
WScript.Echo "connection closed"
(I'm using MS SQL Server)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you use this direct approach of MacroShadow, you should be careful to be not vulnerable for SQL injection and you need to make sure to escape all the special characters (especially the single quote by doubling it)
Using a Command object and creating a Parameter for it removes this risk and possible point of problems.
If it is used in secure conditions (environment) you can go this easier way.
Using a Command object and creating a Parameter for it removes this risk and possible point of problems.
If it is used in secure conditions (environment) you can go this easier way.
http://msdn.microsoft.com/en-us/library/windows/desktop/ms675101%28v=vs.85%29.aspx