View Full Version : how do I pass a query into a SQL statement?

08-27-2007, 04:20 PM
:confused: So I have a table with 3000 entries, containing 0000- 2999, in one column. I wrote 60 queries returning ranges of 50 rows (0000-0049, 1550-1599...). The other variables which are used are being passed into asp from a form, so the query should be passed through from the same form as well- perhaps as radio options?

I want the SQL statement to look like this:

Set DB = Connect()
SQL = "SELECT fol_List FROM *"
Set RS = DB.Execute (SQL)

Where the * is replaced by the radio option.

Can this be done- and if so- how?

Thank you for any assistance:) .


08-27-2007, 05:15 PM
SQL = "SELECT fol_List FROM " & request.form("your_radio_button")

That's all it takes.

08-27-2007, 07:59 PM
Be sure to strip possible malicious characters from the input (on the server side), as it's pretty easy to script attack this sort of thing.