javascript var connection = new ActiveXObject("ADODB.Connection") 行是什么?意思是为什么它不起作用?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22817295/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
what does the line var connection = new ActiveXObject("ADODB.Connection"); mean and why doesn't it work?
提问by user3475785
I have found a code in net, and there is a code line there, which I don't undersand it meaning and what does it do. Moreover the line doesn't work. Can anyone help?
我在 net 中找到了一个代码,那里有一个代码行,我不明白它的含义以及它的作用。此外,该线路不起作用。任何人都可以帮忙吗?
the code-
代码-
var connection = new ActiveXObject("ADODB.Connection"); /*the line*/
var connectionstring = "Data Source=srvp7rnd-herm;Initial Catalog=hermes;User ID=hermes;Password=hermes;Provider=SQLOLEDB";
connection.Open(connectionstring);
/* JavaScript obect to access a SQL query's results */
var rs = new ActiveXObject("ADODB.Recordset");
/* Getting the current MAX(id) from the database */
rs.Open("SELECT MAX(id) FROM Screen_Template", connection);
rs.MoveFirst;
var maxID = rs.Fields.Item(0);
maxID = maxID + 1;
/* TODO: Get the last UID */
var sql = "INSERT INTO Screen_Template(template_name, OpCo, env, template_xml, language, id, title, role, UID) VALUES (" + templateName + "," + opco + "," + env + "," + "<hello>hello</hello>" + ",eng," + maxID + ",Hermes SMS message composer," + "manag, 10)";
alert(sql);
rs.Open(sql, connection);
/* Closing the connections */
rs.close;
connection.close;
回答by StuartLC
The code you are looking at is either javascript, or Microsoft-flavoured jscript. The code can be either server side in ASP-Classic(Jscriptwas an option here, albeit unusual - most coded server side in VB Script), however, given that there is an alerthalf way through the page, it is likely that intended for client side, on a browser.
您正在查看的代码是 javascript 或 Microsoft 风格的jscript。代码可以是ASP-Classic 中的任一服务器端(Jscript这里是一个选项,尽管不寻常 - 大多数编码服务器端在VB Script),但是,鉴于alert页面有一半,很可能是用于客户端,在浏览器。
The lines
线条
var connection = new ActiveXObject("ADODB.Connection");
and
和
var rs = new ActiveXObject("ADODB.Recordset");
attempt to create an Active Xcomponent (aka Component Object Model, or COM) of ADODB.Connectionand ADODB.Recordset, respectively, and then use these to insert data into the database. You can get reference to these here, although not that most of the reference is in VB :(
试图创建一个Active X组分(又名组件对象模型,或COM)ADODB.Connection和ADODB.Recordset分别,然后使用这些将数据插入到数据库中。您可以在此处获得对这些的参考,尽管并非大部分参考都在 VB 中 :(
So here is a list of some of the possible issues:
因此,这里列出了一些可能的问题:
- The code will only ever run in IE browsers
- You may need to download and install the COM components - ADO is installed via
MDAC- Download here - You may need to run IE as an Administrator
- You may need to open all sorts of security loopholesin IE (ActiveX controls, safe for scripting etc)
- 代码只能在 IE 浏览器中运行
- 您可能需要下载并安装 COM 组件 - ADO 是通过以下方式安装的
MDAC-在此处下载 - 您可能需要以管理员身份运行 IE
- 您可能需要打开IE 中的各种安全漏洞(ActiveX 控件、脚本安全等)
If you enable script debugging on the browser you'll get more info on the actual issue.
如果您在浏览器上启用脚本调试,您将获得有关实际问题的更多信息。
I guess I need to point a couple of other major issues:
我想我需要指出其他几个主要问题:
- The concatenated sql string is prone to sql injection attacks (although obviously anyone viewing the page source can do whatever they like to the database anyway) - parameterization is the solution here.
SELECT Max(ID), incrementing, and inserting isn't concurrent safe - the solution here is to use anIDENTITYorGUID
- 串联的 sql 字符串容易受到 sql 注入攻击(尽管显然任何查看页面源的人都可以对数据库做任何他们喜欢的事情) - 参数化是这里的解决方案。
SELECT Max(ID)、递增和插入不是并发安全的 - 这里的解决方案是使用IDENTITY或GUID
However, all that said, this is obsolete technology, a security nightmare, and architecturally just plain wrong IMO - possibly you can convince your school to redesign the code using a more modern technology stack? (Sorry to be the bearer of bad news)
然而,总而言之,这是过时的技术,安全噩梦,并且在架构上完全错误的 IMO - 您是否可以说服您的学校使用更现代的技术堆栈重新设计代码?(很抱歉成为坏消息的承载者)
