0
我有一个通过Ajax构建以下表单的页面。ASP MySQL循环数组
<form action="go.asp" method="get">
<!--row-->
<input type='hidden' name='BundleItemID' id='BundleItemID' value='123'/>
<input type='hidden' name='BundleColorID' id='BundleColorID' value='4'/>
<input type='hidden' name='BundleSizeID' id='BundleSizeID' value='Large'/>
<input type='hidden' name='BundleQtyID' id='BundleQtyID' value='4'/>
<!--#row-->
</form>
形式建立起与行之间的循环,使数据看起来就像是:
<form action="go.asp" method="get">
<!--row-->
<input type='hidden' name='BundleItemID' id='BundleItemID' value='123'/>
<input type='hidden' name='BundleColorID' id='BundleColorID' value='4'/>
<input type='hidden' name='BundleSizeID' id='BundleSizeID' value='Large'/>
<input type='hidden' name='BundleQtyID' id='BundleQtyID' value='4'/>
<!--#row-->
<!--row-->
<input type='hidden' name='BundleItemID' id='BundleItemID' value='123'/>
<input type='hidden' name='BundleColorID' id='BundleColorID' value='4'/>
<input type='hidden' name='BundleSizeID' id='BundleSizeID' value='Large'/>
<input type='hidden' name='BundleQtyID' id='BundleQtyID' value='4'/>
<!--#row-->
<!--row-->
<input type='hidden' name='BundleItemID' id='BundleItemID' value='123'/>
<input type='hidden' name='BundleColorID' id='BundleColorID' value='4'/>
<input type='hidden' name='BundleSizeID' id='BundleSizeID' value='Large'/>
<input type='hidden' name='BundleQtyID' id='BundleQtyID' value='4'/>
<!--#row-->
<!--row-->
<input type='hidden' name='BundleItemID' id='BundleItemID' value='123'/>
<input type='hidden' name='BundleColorID' id='BundleColorID' value='4'/>
<input type='hidden' name='BundleSizeID' id='BundleSizeID' value='Large'/>
<input type='hidden' name='BundleQtyID' id='BundleQtyID' value='4'/>
<!--#row-->
</form>
我希望提交一个表单go.asp - 这个网页将行之间的所有内容循环,提交数据到mySQL,我的代码到目前为止:
<%
dim LoopData
for i=1 to Request.QueryString("BundleItemID").Count
Set rs = Server.CreateObject("ADODB.Recordset")
sql = "SELECT * FROM tblProducts"
rs.Open sql, conn.c
While Not rs.EOF
LoopData = LoopData & Request.QueryString("BundleItemID")(i) & ""
sql= "INSERT INTO tblProducts (BundleItemID,BundleColorID,BundleSizeID,BundleQtyID) VALUES ("&request("BundleItemID")&","&request("BundleColorID")&","&request("BundleSizeID")&","&request("BundleQtyID")&")"
rs.MoveNext()
Wend
next
%>
我该怎么做?
你知道这代码很容易被sql注入,对吧? – 2011-11-21 23:14:50
是的。尽管ASP经典缺乏mySQL注入尝试,但它在PHP中更常见 – TheBlackBenzKid 2011-11-22 08:11:42