We help IT Professionals succeed at work.

Getting VBS to query SQL with variable.

FMR-Net
FMR-Net asked
on
4,050 Views
Last Modified: 2014-05-19
Im having some problems getting vbscript behave like I want it to. The parts I have done, don't even behave as I want (or expected them to.
Below is my script. What I thought would happen, was that it would query the database. and tell me all entires in the users table. However, what it actually does, is it tells me the firstname of the first entry in the table.
However, what I really want, just don't how to do, is to use the SearchFor variable in a WHERE clause, so the userinput would actually be a name, and then the script would search for that name... and give back all the results.

Hope someone can help me out here.

SearchFor = inputbox("Enter persons name")

Set conn = CreateObject("ADODB.Connection")
conn.ConnectionString="Provider=SQLNCLI10.1;Integrated Security=SSPI;Initial Catalog=TestDatabase;Data Source=(local);"
conn.Open
WScript.Echo "Connected"

SQL = "select firstname, lastname from TestDatabase.dbo.members"
Set rs = conn.Execute(SQL)
wscript.Echo rs("firstname")

conn.Close
WScript.Echo "connection closed"


(I'm using MS SQL Server)
Comment
Watch Question

Here you can find a nice example about using Command object.

http://msdn.microsoft.com/en-us/library/windows/desktop/ms675101%28v=vs.85%29.aspx
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
If you use this direct approach of MacroShadow, you should be careful to be not vulnerable for SQL injection and you need to make sure to escape all the special characters (especially the single quote by doubling it)

Using a Command object and creating a Parameter for it removes this risk and possible point of problems.

If it is used in secure conditions (environment) you can go this easier way.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.