We log hundreds of SQL injection attempts per day -- the type with
CAST(0x44004500... AS VARCHAR(4000)). It amuses me that the last thing the
attack does is DEALLOCATE its cursor. My SQL Server DBA tells me this makes
no difference. So...
Are these hackers cargo cultists? Or am I missing something?
I am working on a web application that uses both asp classic and asp.net
pages. We need to validate user input to avoid attacks like sql injection.
Can a component be created that both page types can use? Is that the best
approach? Would I simply use pattern matching to validate strings and/or
remove any unwanted characters?
I'm looking for some direction in writing a SELECT statement that will allow me to identify the three most recent records in a table-specifically their unique ID numbers.
Because the records may not be continuous or sequential due to a record being deleted from the table in another part of the app.I can not do something simple like order the statement by DESC and then grab the largest ID.and subtract 1 and 2 from that number to get the three ID's I'm looking for.
I would like to embed an include that fetches the top 3 or 5 most recent topics on my message boards and have them show up on my home page or any other page. They would be linked to that topic discussion. If you look at the bottom of SitePoint.com it would be like that include. I'm using the Snitz Forums on my site if that helps. Is there an easy way to do that?
View Replies View RelatedI'm using SQL to pull records from our db but my query is returning all results in the db table and I only want the most recent entry. There is a date_time column in the format MMDDYYYY HH:MM:SS and I'm using that to order by then writing only the first line which works, but is very slow since there are a lot of records to go through.
What I'm looking for is a way to only retrieve that most recent record instead of pulling them all, then ordering them. Would I be able to use the MAX function for something like this? Does MAX work with a date_time field?
I have created an asp form which I want to use to retrieve attachment from my site users. I am using Aspupload Component on sever to upload attach file on server at specific location. Although I am able to upload attach file on server. Also I created to retrieve attachment from mail its not working.
Can any one help me out to make form or code to retrieve uploaded file as attachment through mail.
Here is file where user fill his information and attach his CV....
I have the following equation.
<% varWT = Round(CInt((rsFreePack.Fields.Item("Weight").Value)) +
CInt(Session("w"))) %>
Assume....
Round(CInt((rsFreePack.Fields.Item("Weight").Value)) = .12
CInt(Session("w")) = 30
How can I get it to always ROUND up to 31 ...?
I have a number with a decimal point that i always want to round upwards to the nearest whole number.Now i can use the round(No.) function and this works for any value of .5 and above the problem is the lower .1 .2 .3 .4.So an example
if i get the number 14.2 i want the output to be 15
11.3 = 12
13.8 = 14
If I have a value that is 53.123499999, how can I round it to 53.12?
View Replies View RelatedI have a variable (ex. 5.66666666) and I want to round it to 2 decimal places. Anyone got this code?
View Replies View RelatedI've created a freight calculator that needs to know how many pallets I'm shipping. I'm using 1 pallet for 750lbs and an extra pallet for anything more than that.
If materialWeight <= 750 Then numPallets = 1 Else numPallets = Round(materialWeight / 750) End If
Now, let's say the materialWeight/750 ends up being 3.2. This is returning 3, but I need it to return 4 since we need an extra pallet.
How can I make it Round up to the next whole number? If it turned out to be an exact number without a decimal then it should stay where it is, but if it's over x.0 at all it should go up to the next whole number.
I'm working on finishing a project the was started by someone else who no longer works here. Its an asp page that takes a whack of numbers form a db, and makes em look all pretty in tables. (its a remake of an excel spreadsheet)
the problem is some of the numbers are not apearing properly. I'm thinking it's because they used Round() sometimes and formatNumber() other times.
the question is... do these functions handle numbers differently? i know formatNumber can do more then just round but i just need it to make the numbers 1 or 2 decimals.
I want to round numbers to include a 0 at the end.
response.write "<td bgcolor=white align=center class=menuText>" & 100 - Round(CTASCAvail,2) & "%</td>"
response.write "<td bgcolor=white align=center class=menuText>" & 100 - Round(Avail,2) & "%</td>"
the following code will round the numbers 2 decimal places but if it is a 0 it will not display it.
Does anyone know how I could round the minutes to the nearest 15 minutes, I'm using this
%=minute(now()) %>
Given: total = 18.01
I use FormatNumber(total,2), it give me 18.01
I use FormatNumber(total,0) it give me 18
I wanna to get 19, how should i do the code?? if there is any decimal
value, i wanna round it up to the next whole number.
I am dividing a value by two .. what i need is to round the number up if it is not a whole number.
View Replies View Relatedi have a very simple question which is driving me nuts. Using the ASP function Round():
Why do BOTH Round(1.775, 2) and Round(1.785, 2) both give the exact same result of 1.78 ?
Surely they should give different results, 1.78 and 1.79 respectively.
for eg x = 3.14. I want to do a round up to 1 decimal. if I were to use round(3.14) , I will get 3.1 , however I want to round up , expecting to get 3.2 .
View Replies View RelatedIn ASP, how do I do this?
Like 1.5 ---> 2
1.001 ---> 2
4.3---> 5
5.0001---> 6
how to round off numbers i have tried 2 different ways but hitting the dead end. say for example the number stored in my variable is
strnum="112"
i want to round it to 115 so my new value will be strnum="115" . so if its 113 it should be rounded to 115 . if its 116 or 117 or 118 or 119 it should be 120 . if its 111 or 112 or 113 it should be 115 . how i can round the numbers.
How can I round the value to the nearest whole number. I have searched on math.round but
can not get it to function. Here is how I am getting the results if not division by zero. Code:
If I have a number that looks like 32.3, 15.5, 30.1 etc, I always assumed Price = Round(Price,2) is actually rounding a figure into a whole number or putting 32.30 etc.
So how do you exactly round the figure to whole number or put a zero at the end of it. I was thinking of formatNumber but I can't remember if there is a function for that?
I looped a record set to display and I found a strnage thing. as
Do While NOT rsBinAct.EOF
l_bin = rsBinAct.Fields("o_bin")
l_niin = rsBinAct.Fields("o_bin_niin")
l_b = LEFT(l_niin, 3)
l_n = RIGHT(l_niin, LEN(l_niin)-3 )
' display l_bin, l_b, l_n in a table-like page
rsBinAct.MoveNext
Loop
If I do not set the l_b and l_n to NULL then if the next l_niin is null value, I will get the l_n value of previous one only, l_b is still null. I wonder why.
I'm using the following:
priceDelivered = Round(((totalMaterialPrice + rateWithHandling) / sqFtAmt),2)
It works great except for when it ends in 0, like $4.80. It only prints $4.8.
How can I make sure that even when these numbers end in 0 it shows 2 decimal places?
i am stuck on rounding i have a variable which holds a number like this
a=234.56789
and i want to display only
234
so i did like this
a=Formatnumber(a)
and output is
234.56
but i only need 234
Good:
246/10 = 24.6
round(24.6) = 25
Bad:
246/100 = 2.46
round(2.46) = 2 (I want 3)
If I have a decimal, I want to round up. Always. How do I achieve this in ASP?
cart_calc_shipping_cost = (Rs.Fields("InitialCost")+(round((Weight/1000)+0.5)-1) * Rs.Fields("AdditionalCost"))
Seems to give me this error:
Microsoft VBScript runtime error '800a005e'
Invalid use of Null: 'round'
I think it is to do with the value of weight, however weight does have to be sometimes 0 so how can i fix this?
Is it possible to loop round all querystring parameters in a web page (i.e. access them without hardcoding them)?
I want to do this because I have a page that has different querystring variables passed into it depending on the content of the calling page.
I recently built a login page and a friend of mine was working on something similar and said that I need to protect the login from SQL injection. I am not really sure what exactly that is. I think I have a rough idea but can someone explain it to me?
In addition, I will need to obviously protect what I built and am not sure how to go about doing that either.
if anybody has a list of dodgy characters that can be used for sql injection attacks so that i can figure out a way to strip them from user inputs?
Also if somebody was filling in a form, that inserts into a "memo" field in access could this be used to launch such an attack or would whatever they type simply be inserted into the field? i hope that bit is clear.
i have a form field "message" which is a multi line text box, if someone typed into that box
DELETE * FROM Messages WHERE MessageID =1205
or some other command would that simply be inserted in to the database or would the server try and execute the command??
I have heard a lot about SQL Injection. I was wondering how does an injector come to know about the table/column name when they cannot see the asp codes in a website?
View Replies View Relatedhow do i test for SQL injection ?
sdo i do a SELECT statement in my username login?
I just wanted to share it with you guys and ask your opinions. Code:
View Replies View Related