This is strange. In the news details page, I want to take a few different values from different tables with one query. However, for some strange reason, I only get two values back. So the outcome is like:
<Desc></Desc>
<Date/>
</row>
</rows>
If I disable fullname, then I get shortdesc but not others. Same things happens with others.
NewsID = Request.QueryString("NEWSID")
SQL = "SELECT N.NewsID, N.MembersID, N.CategoriesID, N.ImagesID, N.NewsTitle, N.NewsShortDesc, N.NewsDesc, N.NewsActive, N.NewsDateEntered, C.CategoriesID, C.CategoriesName, M.MembersID, M.MembersFullName"
Set objViewNews = objConn.Execute(SQL)
With Response
.Write "<?xml version='1.0' encoding='windows-1254' ?>"
.Write "<rows>"
End With
With Response
.Write "<row id='"& objViewNews("NewsID") &"'>"
.Write "<FullName>"& objViewNews("MembersFullName") &"</FullName>"开发者_如何学C
.Write "<CategoryName>"& objViewNews("CategoriesName") &"</CategoryName>"
.Write "</row>"
End With
With Response
.Write "</rows>"
End With
objViewNews.Close
Set objViewNews = Nothing
- I'm assuming you are expecting a single row or only care about the first row?
- Is MembersFullName nullable? Is NewsShortDesc nullable?
- You should always check your inputs instead of concatenating them directly into the string. So you should use a function that verifies and checks that NewsID is of the type you expect and is properly escaped like so:
SQL = SQL & " Where N.NewsId = " & SqlString("int", newsId)
4.You might consider using the JOIN syntax like so:
(Presuming the input checking function)
SQL = "SELECT N.NewsID, N.MembersID, N.CategoriesID, N.ImagesID, N.NewsTitle, N.NewsShortDesc, N.NewsDesc, N.NewsActive, N.NewsDateEntered, C.CategoriesID, C.CategoriesName, M.MembersID, M.MembersFullName"
SQL = SQL & " FROM News N"
SQL = SQL & " Inner Join Categories C"
SQL = SQL & " On C.CategoriesID = N.CategoriesID"
SQL = SQL & " Inner Join Members M"
SQL = SQL & " On M.MembersID = N.MembersID"
SQL = SQL & " Where N.NewsId = " & SqlString(VariantType.Integer
, NewsId)
SQL = SQL & " And N.NewsActive = 1"
(man the formatting can be quirky)
EDIT You should try wrapping all values in CDATA like so:
With Response
.Write "<row id='"& objViewNews("NewsID") &"'>"
.Write "<FullName><![CDATA["& objViewNews("MembersFullName") &"]]></FullName>"
.Write "<CategoryName><![CDATA["& objViewNews("CategoriesName") &"]]></CategoryName>"
.Write "<Title><![CDATA["& objViewNews("NewsTitle") &"]]></Title>"
.Write "<ShortDesc><![CDATA["& objViewNews("NewsShortDesc") &"]]></ShortDesc>"
.Write "<Desc><![CDATA["& objViewNews("NewsDesc") &"]]></Desc>"
.Write "<Date>"& objViewNews("NewsDateEntered") &"</Date>"
.Write "</row>"
End With
I did not wrap the date value in a CDATA although you might also consider doing so just to be sure.
精彩评论