How Do I Use A Passed Variable In A Query?
i need to add a variable brought into the
script like: script.asp?variable=var
and i need to make it for use in
var1 = request.querystring("var")
mySQL = "SELECT * FROM members WHERE nick = 'VAR1'"
can anyone tell me how to do this?
View Replies
ADVERTISEMENT
when guarding against sql injection attack from modified form or
querystring variables is it enough to strip out just apostrophes...if the
variable USERNAME is the name of a text box passed to a script is the below
always safe...
q1="select * from TABLENAME where username='" &
trim(replace(request("USERNAME"),"'","''")) & "'"
View Replies
View Related
I have a page that passes a variable in to an sql query
It parses the string (a date) for month and year.
It works when i use the date() function Code:
View Replies
View Related
I need to loop through a query and dump the result into a variable that I can assign to the body of an email. something like: Code:
While Not objRS.EOF
Response.Write objRS("email") & "<BR>"
objRS.MoveNext
Wend
Mail.Body = objRS
View Replies
View Related
I have a sql query that runs on my asp page.
select
contactname,contactnumber,contactnumber1,contactem ail,address,city,state
,zip,type,sqft,0,bedrooms,baths,lotsize,acreage,ga rage,comments,price,0,
0,county from table1 where active='Y'
I need HASPHOTO to equal 1 if hasphoto <> 0 and HASPHOTO=0 when
hasphoto=0. Make sense? HASPHOTO usually equals a number, but in this
case, I want it to equal a 1 or 0 because I am exporting this to a CSV
file. I know how to do everything else, just not this part.
View Replies
View Related
I am trying to construct an If Statement from an URL variable.
Basically if a string in the URL variable, reads, 'Technology, then I want to response.write something. If its anything different, then i would like to response.write something different. The URL = news.asp?type=technology
I have already declared that the lngRecord = Request.QueryString("type") and I have constructed the following If statement off the top of my head, but its not working properly.
I have also been able to access an individual page depending on the URL variable so it's definitely a problem with only my poorly-constructed If statement and nothing else
Code:
View Replies
View Related
The form post an agent name to the next page it then takes that name and matches it to the database and shows all entries that agent has. my problem is with calling the variable in the query I just cant seem to get the syntax right Code:
View Replies
View Related
I have a SQL DB with a number of tables and queries (views) in.
In front of this is my ASP app I am designing.
When my users log in, their User ID is stored in a session variable.
One of the views determines which User ID can access which records, and
obviously then I want to base all my app around this so that a user can only
ever be working on data relevant to them.
Is there any way of using a variable in my SQL View outside of DWMX so that
once my users log in, the SQL View is automatically filtered based on their
User ID in the session variable?
Is there a way of inserting a variable/parameter into SQL so this happens?
View Replies
View Related
I've never seen this before. I am new to querystrings, as just using hidden
fields and the POST method has been more than adequate for me until
recently. But I started using the GET method, and I noticed that when I
clicked the submit button, it gave me this for a URL:
http://localhost/DisplayTickets.ASP...nsearchTSE.y=11
The thing is, selectTSE and Status are the two <SELECT> boxes, so I
understand them being there. But why is is telling me the x and y
coordinates of where I clicked the button to submit the form?
I should add that the submit button is an image, not a regular button.
This doesn't hurt anything, just wondering why it's there. And maybe it will
hurt something later on; I don't know enough to say.
View Replies
View Related
can cookies be passed from a pop up "secure folder log in" window, provided by my hosting company? As I would like to display a welcome message with their name when they log in.
View Replies
View Related
when i try passing a numeric value as a string("0004") using asp to a stored procedure, the value is stored as 4 and not as 0004 in the table. In the table and stored procedure the value type is nvarchar.
View Replies
View Related
I'm trying to pass paramter values to another .aspx page via a querystring. The record in the db table looks something like this �lah�lah�lah. The value that gets passed looks like this �lahblahblah. So basically the is not getting passed.
Here's what my querystring looks like: Code:
View Replies
View Related
When i submit this form all the record values are being passed to the next asp page. But i want only those records which the user has changed in this page.
View Replies
View Related
I am using SQL SERVER 2005 and ASP.
Would anyone be kind enough to give me a solution to the problem below please?
If for example in the stored procedure looks like this:
-- Initialize the SQL Server XML stored procedures
EXEC sp_xml_preparedocument @xmlDoc OUTPUT, @xmlString
Insert into @TableBook
SELECT * FROM OPENXML (@xmlDoc, 'books/book') WITH
(
bookNameVARCHAR(100) 'name',
authorVARCHAR(100) 'author'
)
The question is supposing there is a node called 'Surname' but I am not adding 'Surname' to 'Author'. If I want to check 'Surname' value DOES exists and I want to replace it with 'Author' or if 'Surname' does not exist, just use 'Author' node instead.
I am not sure how you can use IF statement to check a node and put the value into SET @surname and then put something like author VARCHAR(100) '@surname' OR author VARCHAR(100) '@Author'. Just like switching it around.
View Replies
View Related
I would like to clean up my mailing list by changing the URL I use at the moment which is in the format
www.mysite.com/view_pic.asp?pic_number=123
To be
http://www.mysite.com/view_pic.asp?p...il=bob@bob.com
it would then insert the email into a table, collect these for a while and only see these as active members.Any ideas how to do this, I've tried a few things but no luck.
View Replies
View Related
I am trying to work out the length of time that a page was opened till it reached another page, I amusing the script below Code:
View Replies
View Related
does anyone know why my session number doesnt stay the same when i pressed refresh?
it works on w2k, but not on w2k server
my programmer thinks that the IIS is not passing the session back to the client. is there a way to check or any other alternative for sessions?
View Replies
View Related
I am creatiung a track record website which displays a list of branches and how many people are available at each individual time slot.
I thought the best way to update would be to create a link which passed two variables, the branch and what time slot. This would then be retrieved int he book.asp page which then would knock one of the current count. I came up with the below page: Code:
View Replies
View Related
my ASP code creates a form and an array of chekbox with this statement response.write "<input type='checkbox' name='chkProduct" & Cstr(counter) & "' value='delete'>" all goes well and i also have a button that points to a VBScript function passing one parameter the counter start value so i can loop throught the checkboxs on the client side and determine if checked or not.
Ok i can display my command "document.frmProductCart.chkProduct & (Cstr(counter)) & .checked" as a string in alert but cannot make it as a command like it should be, anyone got any pointers ?
View Replies
View Related
I have created a database connection function which I use to open my database connection and recordset and another to close it. Easy stuff I know. The problem is this.
I want to be able to create database conenctions and recordsets specifically when I call the function. For example Code:
View Replies
View Related
I have a ton of TD attributes that have to be changed based on the
data in the DB. All TD elements are ID and runat=server.
Changing the attributes of a SINGLE TD is simple:
<td id=thisTD runat=server>
thisTD.Attributes.Clear();
thisTD.Attributes.Add("Class",reader["thisTD_Class"].toString());
Now, say we have 100 TD elements with IDs TD_1 to TD_100
I have not been able to find a way to (essentially) say:
for(int i=0;i<100;i++){
"TD_"+i.Attributes.Clear();
"TD_"+i.Attributes.Add("Class",reader["TDClass"+i].toString());
}
in J-Script, I could do it by Eval() or about eight ways through the
DOM. It seems crazy to me that if I can access the Attributes of a
specific element directly by ID (thisTD.Attributes), I couldn't also
access it by reference.
But I have been able to find NOTHING to indicate how this may be done.
Obviously, my problem is not limited to a single attribute, or else I
would have just typed them all out by now. Trouble is, there is a lot
of logic that must be applied to the data before setting the
attribute. Without being able to iterate or loop by reference, I will
be typing for ages just to change some freaking classes.
View Replies
View Related
I have encountered some strange behaviour when using the XMLHTTP Request object in Javascript to return xml from a C# Webservice Method. I create a SOAP envelope and send it off to the Webservice, which I have debug points in, which when hit I can see that all the parameters are coming thru as null....
View Replies
View Related
My code retrieves a username and a password from a form. Then this information is compared to some usernames and passwords that are stored in a database. The important thing here is that the comparison must be case sensitive meaning that "passWord" is not the same thing as "password"
I have this code, working fine in access 2003
SQL = "SELECT * FROM users WHERE StrComp(username_column,'" & entered_username_in_form & "',0) = 0 AND StrComp(password_column,'" & entered_password_in_form & "',0) = 0"
but get the following error when I run it against my sql 2005 database.
[Microsoft][SQL Native Client][SQL Server]'StrComp' is not a recognized built-in function name.
I don't know the corresponding t-sql for the query.
View Replies
View Related
I'm turning my application into a "DLL". Everything worked fine untill I try to do a "While" in my asp code. Then I recieve an error like this:
"Object variable or With block variable not set"
My vb code look like this.....
View Replies
View Related
is there any way of passing a javascript variable over to a asp variable so
i can write it to my database.
View Replies
View Related
I'm trying to pass a parameter from a for loop to the nested while loop
but only the first counter is passed. Here is the code:
View Replies
View Related
I am running a querry on an access database and have set the number of records/page displayed at 20. if there are more than 20 records returned, then 1st page will show the first 20, the next page will show next 20 and so on....
The trouble:
the count of total records displayed is correct and the first page is displayed correctly. But when i click on *Next* to go to the next page, all the records of the database get displayed (not the 2nd page of records from the query).
View Replies
View Related
I am using ASP/MS ACCESS to see how I can query the same database, via 2 formfields.
{name: - search}Textfield 1: - Search by Category
AND/OR By
{name: - searchT}Textfield 2: - Location
Currently,
strSearchwords = Trim(Request.QueryString("search")); where "search" is the name of Textfield1
Which is fine, but how can I set it so that on Submit, the string from search, and searchT are somehow joined together into one string?
View Replies
View Related
How do I convert an ASP variable to a Javascript variable?
View Replies
View Related
In Access you use "*" + [passed variable] + "*", + can be replaced with &
Calling a parameterized query in Access requires % be used in place of *,
however, all that I have read show dynamic SQL passed to Access:
WHERE [some column] LIKE '" & ASPvar & "' % ORDER BY ...
However, my call is similar to:
conn.qMyLookup strVar, rs
If I modify the query in Access to:
"%" & [passed variable] & "%"
I get all records. If I only put it at the end, as suggested, I only get
matches at the end, not throughout the column. Code:
View Replies
View Related
sql = "SELECT * FROM & console &'news'"
I got that right now but i want the variable, console to be placed along with news so when it selects from the db it selects from gcnnews or whatever variable it's on. How do I do that?
View Replies
View Related
im trying to subtart one quantity from another then stick the answer in to an update statment, but all i get is an error in syntax message
variable math bit=
qty=request.form("oqty")-Request.form("qty")
sql =
sSQL="Update spares SET spares.location='"&request("location")&_
"',spares.machine='"&request("machine")&_
"',spares.part_desc='"&request("part_desc")&_
"',spares.part_number='"&request("part_number")&_
"',spares.qty='(" & qty & ") "&_
"',spares.min_qty='"&request("min_qty")&_
"',spares.updated_by='"&session("name")&"' WHERE(spares.id)=" & form_id
View Replies
View Related
I need to assign a value to a variable, but this variable name is dependant upon another variable!! I am including the code below so you can see it, cos if not I am sure you are thinking whattt?? Code:
View Replies
View Related
