Passed A Variable
when guarding against sql injection attack from modified form or
querystring variables is it enough to strip out just apostrophes...if the
variable USERNAME is the name of a text box passed to a script is the below
always safe...
q1="select * from TABLENAME where username='" &
trim(replace(request("USERNAME"),"'","''")) & "'"
View Replies
ADVERTISEMENT
I have a page that passes a variable in to an sql query
It parses the string (a date) for month and year.
It works when i use the date() function Code:
View Replies
View Related
i need to add a variable brought into the
script like: script.asp?variable=var
and i need to make it for use in
var1 = request.querystring("var")
mySQL = "SELECT * FROM members WHERE nick = 'VAR1'"
can anyone tell me how to do this?
View Replies
View Related
I've never seen this before. I am new to querystrings, as just using hidden
fields and the POST method has been more than adequate for me until
recently. But I started using the GET method, and I noticed that when I
clicked the submit button, it gave me this for a URL:
http://localhost/DisplayTickets.ASP...nsearchTSE.y=11
The thing is, selectTSE and Status are the two <SELECT> boxes, so I
understand them being there. But why is is telling me the x and y
coordinates of where I clicked the button to submit the form?
I should add that the submit button is an image, not a regular button.
This doesn't hurt anything, just wondering why it's there. And maybe it will
hurt something later on; I don't know enough to say.
View Replies
View Related
can cookies be passed from a pop up "secure folder log in" window, provided by my hosting company? As I would like to display a welcome message with their name when they log in.
View Replies
View Related
when i try passing a numeric value as a string("0004") using asp to a stored procedure, the value is stored as 4 and not as 0004 in the table. In the table and stored procedure the value type is nvarchar.
View Replies
View Related
I'm trying to pass paramter values to another .aspx page via a querystring. The record in the db table looks something like this lahlahlah. The value that gets passed looks like this lahblahblah. So basically the is not getting passed.
Here's what my querystring looks like: Code:
View Replies
View Related
When i submit this form all the record values are being passed to the next asp page. But i want only those records which the user has changed in this page.
View Replies
View Related
I am using SQL SERVER 2005 and ASP.
Would anyone be kind enough to give me a solution to the problem below please?
If for example in the stored procedure looks like this:
-- Initialize the SQL Server XML stored procedures
EXEC sp_xml_preparedocument @xmlDoc OUTPUT, @xmlString
Insert into @TableBook
SELECT * FROM OPENXML (@xmlDoc, 'books/book') WITH
(
bookNameVARCHAR(100) 'name',
authorVARCHAR(100) 'author'
)
The question is supposing there is a node called 'Surname' but I am not adding 'Surname' to 'Author'. If I want to check 'Surname' value DOES exists and I want to replace it with 'Author' or if 'Surname' does not exist, just use 'Author' node instead.
I am not sure how you can use IF statement to check a node and put the value into SET @surname and then put something like author VARCHAR(100) '@surname' OR author VARCHAR(100) '@Author'. Just like switching it around.
View Replies
View Related
I would like to clean up my mailing list by changing the URL I use at the moment which is in the format
www.mysite.com/view_pic.asp?pic_number=123
To be
http://www.mysite.com/view_pic.asp?p...il=bob@bob.com
it would then insert the email into a table, collect these for a while and only see these as active members.Any ideas how to do this, I've tried a few things but no luck.
View Replies
View Related
I am trying to work out the length of time that a page was opened till it reached another page, I amusing the script below Code:
View Replies
View Related
does anyone know why my session number doesnt stay the same when i pressed refresh?
it works on w2k, but not on w2k server
my programmer thinks that the IIS is not passing the session back to the client. is there a way to check or any other alternative for sessions?
View Replies
View Related
I am creatiung a track record website which displays a list of branches and how many people are available at each individual time slot.
I thought the best way to update would be to create a link which passed two variables, the branch and what time slot. This would then be retrieved int he book.asp page which then would knock one of the current count. I came up with the below page: Code:
View Replies
View Related
my ASP code creates a form and an array of chekbox with this statement response.write "<input type='checkbox' name='chkProduct" & Cstr(counter) & "' value='delete'>" all goes well and i also have a button that points to a VBScript function passing one parameter the counter start value so i can loop throught the checkboxs on the client side and determine if checked or not.
Ok i can display my command "document.frmProductCart.chkProduct & (Cstr(counter)) & .checked" as a string in alert but cannot make it as a command like it should be, anyone got any pointers ?
View Replies
View Related
I have created a database connection function which I use to open my database connection and recordset and another to close it. Easy stuff I know. The problem is this.
I want to be able to create database conenctions and recordsets specifically when I call the function. For example Code:
View Replies
View Related
I have a ton of TD attributes that have to be changed based on the
data in the DB. All TD elements are ID and runat=server.
Changing the attributes of a SINGLE TD is simple:
<td id=thisTD runat=server>
thisTD.Attributes.Clear();
thisTD.Attributes.Add("Class",reader["thisTD_Class"].toString());
Now, say we have 100 TD elements with IDs TD_1 to TD_100
I have not been able to find a way to (essentially) say:
for(int i=0;i<100;i++){
"TD_"+i.Attributes.Clear();
"TD_"+i.Attributes.Add("Class",reader["TDClass"+i].toString());
}
in J-Script, I could do it by Eval() or about eight ways through the
DOM. It seems crazy to me that if I can access the Attributes of a
specific element directly by ID (thisTD.Attributes), I couldn't also
access it by reference.
But I have been able to find NOTHING to indicate how this may be done.
Obviously, my problem is not limited to a single attribute, or else I
would have just typed them all out by now. Trouble is, there is a lot
of logic that must be applied to the data before setting the
attribute. Without being able to iterate or loop by reference, I will
be typing for ages just to change some freaking classes.
View Replies
View Related
I have encountered some strange behaviour when using the XMLHTTP Request object in Javascript to return xml from a C# Webservice Method. I create a SOAP envelope and send it off to the Webservice, which I have debug points in, which when hit I can see that all the parameters are coming thru as null....
View Replies
View Related
I'm turning my application into a "DLL". Everything worked fine untill I try to do a "While" in my asp code. Then I recieve an error like this:
"Object variable or With block variable not set"
My vb code look like this.....
View Replies
View Related
is there any way of passing a javascript variable over to a asp variable so
i can write it to my database.
View Replies
View Related
I'm trying to pass a parameter from a for loop to the nested while loop
but only the first counter is passed. Here is the code:
View Replies
View Related
How do I convert an ASP variable to a Javascript variable?
View Replies
View Related
sql = "SELECT * FROM & console &'news'"
I got that right now but i want the variable, console to be placed along with news so when it selects from the db it selects from gcnnews or whatever variable it's on. How do I do that?
View Replies
View Related
im trying to subtart one quantity from another then stick the answer in to an update statment, but all i get is an error in syntax message
variable math bit=
qty=request.form("oqty")-Request.form("qty")
sql =
sSQL="Update spares SET spares.location='"&request("location")&_
"',spares.machine='"&request("machine")&_
"',spares.part_desc='"&request("part_desc")&_
"',spares.part_number='"&request("part_number")&_
"',spares.qty='(" & qty & ") "&_
"',spares.min_qty='"&request("min_qty")&_
"',spares.updated_by='"&session("name")&"' WHERE(spares.id)=" & form_id
View Replies
View Related
I need to assign a value to a variable, but this variable name is dependant upon another variable!! I am including the code below so you can see it, cos if not I am sure you are thinking whattt?? Code:
View Replies
View Related
I have many buttons that mapping many textbox, when I click button, I
want to show a string that contains button number( and the mapping
string ), but it failed.
Here is the code:
/////////////////////////////////////////////////////////////////////
<%response.write"<input type='button' name="'btUS95resone"&" a &"'
value='Save' onclick='resone("&a&")'>"%>
function resone(cnt)
{
alert("document.all.txt_note"+cnt)
}
////////////////////////////////////////////////
It seems that the component I called is not there...
View Replies
View Related
Can anybody tell me what is the asp equivalent of the php-phrase:
if (!$Variable) {}
?
Another question: is there a special syntaxis for asp conditions in condition?
I tried this code it doesn t work:
If Condition Then
If 2nd condition Then
ElseIf Then
End If
End If
And it works only when I remove the 2nd condition's End If and the ElseIf. Seems strange, no?
View Replies
View Related
I have a text file that looks like this:
Artist Name: Kiss
Song Title: Rock and Roll All Night
Running Time: 04:38
And I need to be able to get the artist name and song title in asp and display it on a website. The thing is, the text file changes with the song being played on the radio. How can I do this?
View Replies
View Related
I've been given an ASP app written with server side javascript. This app needs to get the username of the person currently logged in to windows (Request.ServerVariables("AUTH_USER") in vbscript). I found a way to get this variable in javascript, but then it wouldn't let me split it (server kept saying method not supported). So I've gave up on getting the username with javascript, and have set variables in VBscript at the top of my page. How do I access those variables within the javascript portion?
View Replies
View Related
i have a textbix name "building" inside my system where the user might input one or several building name in it seperated by a comma. How can i extract each of the value in it? For example, "PG2, PG7, PG6", i want to extract each of them.
View Replies
View Related
I have this url that loads, but in the url is the date, so I need a variable i can use so as the date changes the url is automatically updated,
View Replies
View Related
using access db and asp
i have a variable from a form
sRound = request.form("round") and for now let us say this value is 3
now i want to include that 3 in sql, but it is part of a field name which
is round3_report
cm.CommandText ="UPDATE rounds SET round" & sRound & "_report = '" & var5 &
"' WHERE Name ='" & sName & "' AND meeting = " & var4 & ""
cm.execute
this isn't working. i keep getting parameter error. i know there is a way to
join a word with a variable in order to make a field name in asp/sql
View Replies
View Related
I am having difficulty in displaying Response.Write rsVacancies("Title") variable more than once. If I remove it from the page title it displays within the description tag but does not display in both. Code:
View Replies
View Related
I am tring to search a database with an SQL statement via a web page. I am using Dreamweaver to build my page. The search works great when I hard code the table field into the Recordset. However, I would like to implement a variable on the field in the table to do the search on.
For Instance, a user can make a selection in a drop down box and then enter the text in a text field. I am having trouble implementing the drop down box variable into the code. I suspect I need the WHERE to be a variable just as the LIKE parameter but I keep getting errors. Code:
View Replies
View Related