View Full Version : how do I pass a query into a SQL statement?

08-27-2007, 04:20 PM
:confused: So I have a table with 3000 entries, containing 0000- 2999, in one column. I wrote 60 queries returning ranges of 50 rows (0000-0049, 1550-1599...). The other variables which are used are being passed into asp from a form, so the query should be passed through from the same form as well- perhaps as radio options?

I want the SQL statement to look like this:

Set DB = Connect()
SQL = "SELECT fol_List FROM *"
Set RS = DB.Execute (SQL)

Where the * is replaced by the radio option.

Can this be done- and if so- how?

Thank you for any assistance:) .


08-27-2007, 05:15 PM
SQL = "SELECT fol_List FROM " & request.form("your_radio_button")

That's all it takes.

08-27-2007, 07:59 PM
Be sure to strip possible malicious characters from the input (on the server side), as it's pretty easy to script attack this sort of thing.

EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum