Getting VBS to query SQL with variable.
Im having some problems getting vbscript behave like I want it to. The parts I have done, don't even behave as I want (or expected them to.
Below is my script. What I thought would happen, was that it would query the database. and tell me all entires in the users table. However, what it actually does, is it tells me the firstname of the first entry in the table.
However, what I really want, just don't how to do, is to use the SearchFor variable in a WHERE clause, so the userinput would actually be a name, and then the script would search for that name... and give back all the results.
Hope someone can help me out here.
SearchFor = inputbox("Enter persons name")
Set conn = CreateObject("ADODB.Connec
conn.ConnectionString="Pro
conn.Open
WScript.Echo "Connected"
SQL = "select firstname, lastname from TestDatabase.dbo.members"
Set rs = conn.Execute(SQL)
wscript.Echo rs("firstname")
conn.Close
WScript.Echo "connection closed"
(I'm using MS SQL Server)
Below is my script. What I thought would happen, was that it would query the database. and tell me all entires in the users table. However, what it actually does, is it tells me the firstname of the first entry in the table.
However, what I really want, just don't how to do, is to use the SearchFor variable in a WHERE clause, so the userinput would actually be a name, and then the script would search for that name... and give back all the results.
Hope someone can help me out here.
SearchFor = inputbox("Enter persons name")
Set conn = CreateObject("ADODB.Connec
conn.ConnectionString="Pro
conn.Open
WScript.Echo "Connected"
SQL = "select firstname, lastname from TestDatabase.dbo.members"
Set rs = conn.Execute(SQL)
wscript.Echo rs("firstname")
conn.Close
WScript.Echo "connection closed"
(I'm using MS SQL Server)
Here you can find a nice example about using Command object.
http://msdn.microsoft.com/en-us/library/windows/desktop/ms675101%28v=vs.85%29.aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/ms675101%28v=vs.85%29.aspx
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
If you use this direct approach of MacroShadow, you should be careful to be not vulnerable for SQL injection and you need to make sure to escape all the special characters (especially the single quote by doubling it)
Using a Command object and creating a Parameter for it removes this risk and possible point of problems.
If it is used in secure conditions (environment) you can go this easier way.
Using a Command object and creating a Parameter for it removes this risk and possible point of problems.
If it is used in secure conditions (environment) you can go this easier way.
Join our community and discover your potential
Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.
*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.