调试出了错误,淅沥糊涂的.帮帮我.谢谢了,刚学
情况是这样的:我在order.asp中填写
联系人(n_ame):***** 联系电话(tt_el):**** email(e_mail):******
然后提交给sendorder.asp进行处理:
当我(联系人:)填写123等数字时就不会出现任何错误.
当我填写safs时就会出现:在此上下文中不允许使用 'safs'。此处只允许使用常量、表达式或变量。不允许使用列名。
当我填写1111asfa时就会出现下面这错误:
---------------------------------
错误类型:
Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
[Microsoft][ODBC SQL Server Driver][SQL Server]第 1 行: 'asfa' 附近有语法错误。
/shopping/sendorder.asp, 第 25 行
浏览器类型:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
网页:
POST 52 ??? /shopping/sendorder.asp
POST Data:
n_ame=1111asfa&t_el=11&e_mail=22&submit=%CC%E1%BD%BB
-----------------------------------------------------------------------------
我sendorder.asp中代码:
<%
if not IsObject(session("cart")) then
response.redirect("/")
end if
%> '加一个判断,如果session("cart")为空,则重定位URL
<%
Set rs1=server.createobject("ADODB.recordset")
Set cart=session("cart")
keys=cart.keys '取出数组里面的产品ID
items=cart.items '取出数组里面的产品数量
%>
<%
set list = Server.CreateObject("ADODB.Command")
list.ActiveConnection = strConnectString
For i = 0 To cart.Count -1
list.CommandText = "INSERT INTO o_rder (m_um, p_roid,nn_ame,tt_el,ee_m_ail) VALUES (" + Replace(items(i)(0), "'", "''") + "," + Replace(keys(i), "'", "''") + "," + Replace(Request.form("n_ame"), "'", "''") + "," + Replace(Request.form("t_el"), "'", "''") + "," + Replace(Request.form("e_mail"), "'", "''") + ") "
list.CommandType = 1
list.CommandTimeout = 0
list.Prepared = true
list.Execute()
next
%>
<%
set add = Server.CreateObject("ADODB.Command")
add.ActiveConnection = strConnectString
add.CommandText = "INSERT INTO co_table (nn_ame, tt_el, ee_m_ail) VALUES (" + Replace(Request.form("n_ame"), "'", "''") + ", " + Replace(Request.form("t_el"), "'", "''") + ", " + Replace(Request.form("e_mail"), "'", "''") + ") "
add.CommandType = 1
add.CommandTimeout = 0
add.Prepared = true
add.Execute()
%>
--------------------------------
就是把数据放进数据库里.这是什么问题?