asp sql查询好像无法获取表单数据
这个是HTML表单：
                    <td height="25" align="right" class="FontHB">身份证号：</td>
                    <td height="25"><input name="UserAddr" type="text" id="UserAddr" style="width:150px" size="10" class="txt1"></td>
                  </tr>
                                    <tr>
                    <td height="25" align="right" class="FontHB">证书编号：</td>
                    <td height="25"><input name="UserAge" type="text" id="UserAge" style="width:150px" size="10" class="txt1"></td>
                  </tr>
                                    <tr>
                    <td height="25" align="right" class="FontHB">准考证号：</td>
                    <td height="25"><input name="UserNum" type="text" id="UserNum" style="width:150px" size="10" class="txt1"></td>
                  </tr>
                                    <tr>
                    <td height="25" align="right" class="FontHB">姓&nbsp&nbsp&nbsp&nbsp名：</td>
                    <td height="25"><input name="UserName" type="text" id="UserName" style="width:150px" size="10" class="txt1"></td>
                  </tr>
                   <tr>
            <td height="25" align="center"></td>


这个是asp核心文件


'-----------------------------------------------------------
'过滤非法SQL字符
'-----------------------------------------------------------
function ReplaceBadChar(strChar)
    if strChar="" then
        ReplaceBadChar=""
    else
        ReplaceBadChar=replace(replace(replace(replace(replace(replace(replace(strChar,"'",""),"*",""),"?",""),"(",""),")",""),"<",""),".","")
    end if
end function
'-----------------------------------------------------------
'取得表单数据
'-----------------------------------------------------------
dim UserAddr,UserAge,UserNum,UserName
UserAddr=ReplaceBadChar(Trim(Request.QueryString("UserAddr")))
UserAge=ReplaceBadChar(Trim(Request.QueryString("UserAge")))
UserNum=ReplaceBadChar(Trim(Request.QueryString("UserNum")))
UserName=ReplaceBadChar(Trim(Request.QueryString("UserName")))
'Response.Write(UserNum)
'-----------------------------------------------------------
'生成SQL代码
'-----------------------------------------------------------
XcUserInfo =1
IF UserAddr<> "" Then
    StrSql="Select * From XcUserInfo where UserAddr='" &UserAddr&"' or UserAge='"&UserAge&"' or UserNum='"&UserNum&"' or UserName='"&UserName&"'"
    XcUserInfo =2
Else
      StrSql="Select * From XcUserInfo where UserAddr='" &UserAddr&"' or UserAge='"&UserAge&"' or UserNum='"&UserNum&"' or UserName='"&UserName&"'"
End If
'Response.Write(StrSql)              我解除这条注释  结果显示 Select * From XcUserInfo where UserAddr='' or UserAge='' or UserNum='' or UserName=''     
Set Rs=Conn.execute(StrSql)
'Response.Write(XcUserInfo )

 %>


求大神帮忙啊  感激不尽~~~~~~~`

Request.QueryString("UserAddr") 这种带QueryString的是url get 传递方式，如果网址上没有这个UserAddr参数就没有值的，如果你用post传递方式Request.Form("UserAddr")或Request("UserAddr")就可以获取文本框值，前提是要有<form action="" method="post">

补充：如果<form action="" method="get">如果是get，用Request.QueryString("UserAddr")也行

收到的鲜花

• wfywfy 于 2011-10-31 15:07 送鲜花  3朵  

用Request("UserAddr")这种方式好,不管POST还是GET都行!