Link to home
Start Free TrialLog in
Avatar of FMR-Net

asked on

Getting VBS to query SQL with variable.

Im having some problems getting vbscript behave like I want it to. The parts I have done, don't even behave as I want (or expected them to.
Below is my script. What I thought would happen, was that it would query the database. and tell me all entires in the users table. However, what it actually does, is it tells me the firstname of the first entry in the table.
However, what I really want, just don't how to do, is to use the SearchFor variable in a WHERE clause, so the userinput would actually be a name, and then the script would search for that name... and give back all the results.

Hope someone can help me out here.

SearchFor = inputbox("Enter persons name")

Set conn = CreateObject("ADODB.Connection")
conn.ConnectionString="Provider=SQLNCLI10.1;Integrated Security=SSPI;Initial Catalog=TestDatabase;Data Source=(local);"
WScript.Echo "Connected"

SQL = "select firstname, lastname from TestDatabase.dbo.members"
Set rs = conn.Execute(SQL)
wscript.Echo rs("firstname")

WScript.Echo "connection closed"

(I'm using MS SQL Server)
Avatar of HugoHiasl

Here you can find a nice example about using Command object.
Avatar of Joe Howard
Joe Howard
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
If you use this direct approach of MacroShadow, you should be careful to be not vulnerable for SQL injection and you need to make sure to escape all the special characters (especially the single quote by doubling it)

Using a Command object and creating a Parameter for it removes this risk and possible point of problems.

If it is used in secure conditions (environment) you can go this easier way.