Avatar of FMR-Net
FMR-Net
 asked on

Getting VBS to query SQL with variable.

Im having some problems getting vbscript behave like I want it to. The parts I have done, don't even behave as I want (or expected them to.
Below is my script. What I thought would happen, was that it would query the database. and tell me all entires in the users table. However, what it actually does, is it tells me the firstname of the first entry in the table.
However, what I really want, just don't how to do, is to use the SearchFor variable in a WHERE clause, so the userinput would actually be a name, and then the script would search for that name... and give back all the results.

Hope someone can help me out here.

SearchFor = inputbox("Enter persons name")

Set conn = CreateObject("ADODB.Connection")
conn.ConnectionString="Provider=SQLNCLI10.1;Integrated Security=SSPI;Initial Catalog=TestDatabase;Data Source=(local);"
conn.Open
WScript.Echo "Connected"

SQL = "select firstname, lastname from TestDatabase.dbo.members"
Set rs = conn.Execute(SQL)
wscript.Echo rs("firstname")

conn.Close
WScript.Echo "connection closed"


(I'm using MS SQL Server)
VB ScriptMicrosoft SQL Server

Avatar of undefined
Last Comment
HugoHiasl

8/22/2022 - Mon
HugoHiasl

Here you can find a nice example about using Command object.

http://msdn.microsoft.com/en-us/library/windows/desktop/ms675101%28v=vs.85%29.aspx
ASKER CERTIFIED SOLUTION
Joe Howard

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
HugoHiasl

If you use this direct approach of MacroShadow, you should be careful to be not vulnerable for SQL injection and you need to make sure to escape all the special characters (especially the single quote by doubling it)

Using a Command object and creating a Parameter for it removes this risk and possible point of problems.

If it is used in secure conditions (environment) you can go this easier way.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck