<% if Trim (Request.form ("Submit")) <> "" "" THEN DIM ARR_WAWA, RS_WAWA, STRCONN, SQL SET RS_WAWA = Server.createObject ("AdoDb.Recordset") StrConn = "Driver = {SQL Server}; server = 192.168.0.110; database = northwind; uid = sa; pwd = sa;" "Gets the form variable, only filter space, but in the actual application, it is necessary to filter more the dangerous characters. EmployeeID = Trim (Request.Form ( "EmployeeID")) TitleOfcourtesy = Trim (Request.Form ( "TitleOfcourtesy")) FirstName = Trim (Request.Form ( "FirstName")) LastName = Trim (Request.Form ("Lastname")) Title = TRIM (Request.form ("Title")) City = trim (Request.Form ("City") "The following is a dynamically generated a SQL query string '******* ***************************** SQL = "SELECT EMPL oyeeID, TitleOfCourtesy, FirstName, LastName, Title, City FROM Employees WHERE "If EmployeeID <>" "Then sql = sql &" EmployeeID = "& EmployeeID &" AND "If TitleOfCourtesy <>" "Then sql = sql &" TitleOfcourtesy = ' "& TitleOfCourtesy &" 'And "if firstname <>" "the SQL = SQL &" FirstName Like'% "& firstname &"% 'and "if Lastname <>" "" "" "" THEN SQL = SQL & "LastName Like'%" & LastName & "% '
And "if title <>" "the SQL = SQL &" Title Like '% "& Title &"%' and "if city <>" "" the SQL = SQL & "City Like '%" & city & "%' and" if right (SQL , 5) = "where" THEN SQL = Left (SQL, CLNG (LEN (SQL)) - 5) 'Solving all parameters is empty if Right (SQL, 3) = "AND" THEN SQL = Left (SQL , CLNG (LEN (SQL) - 3) 'Remove Parameters Last and SQL = SQL & "Order By Employeeid Desc"' Response.write SQL 'debug' ************** *********************** RS_WAWA.Open SQL, STRCONN, 1, 3 IF NOT (RS_WAWA.EOF and RS_WAWA.BOF) THEN ARR_WAWA = rs_wawa.getrows () 'Remove the offline recording set, remove the record set, then you can close the record set, save the resource else response.write ("
