How can I make such a bold statement? Two words: Buffer Overflow.
In the very first class I took in programming (those many years ago), we were berated class after class about proper bounds checking to prevent buffer overflows. What this means in simple terms is that every time my program asked the user for input, it had better check to make sure the input fit in the place I reserved for it. If I asked for a ''Y/N'' and I got a ''yes'' or a ''no'', those extra characters had to go somewhere and I had better be prepared for them.
reading the article about protection against sql injections faced that author recommends to
"use bound parameters (the PREPARE statement)"
examples are given in perl and java. Tried to find something for ASP, but did not find anything neither in web, nor w3schools, nor here. Could someone explain what is this and how to use it to prevent SQL injection.
I am currently working my way through a tutorial from my asp.net book and am slowly getting an understanding how this type of coding works. However, I have come to a standstill with the code below. Code:
I have an ASP that retrieves data from a SQL server database. Most of the columns are varchar. Some of the fields are meant to populate input fields. Here is my code.
<input type = "text" name="comments" value =<%= rstSimple.Fields("comments")%>
the value is returned, but only the 1st word. It seems it cannot process a space, but when I add the following to a table;
<td><%= rstSimple.Fields("defects").Value %></td>
the whole value is returned. Is there a limitation to the input field and how can I change it?
I've got a page with a DetailsView. It uses a SqlDataSource which itself uses stored procedures for Select and Update.
I don't want the user to see some of the columns, but if I don't bind them (or if I do bind them but set Visible=False), when the Update procedure is called, the parameters corresponding to the columns that weren't bound to the DetailsView are all null.
This can't be an uncommon scenario, so I guess I have missed something. Any ideas?
A few weeks ago I was told in this forum that ASP would be a great solution to a large web site. I purchased a book about ASP.Net but have also seen info on ASP. Can you please tell me what is the difference between the two?
I don't know computer programming at all. Dreamweaver MX is the program I use. Can ASP be done with a WYSIWYG program? I have set up databases in Access & built web sites with DW MX I am not sure how to tie the two together.
It sounds like you are looking at the properties of the WebSites main branch, when you need to look to the first element under this branch (opening it) to the next "step down", and check the properties of the child element (mine is called "default web site", but yours perhaps has been changed from that).
It also contains an "advanced" button on the Web Site tab (right next to the "IP Address" field) which allows "multiple" identities, which is the part which I couldn't to work with 100% consistency.
i have a browse button on a web form that the user can upload images via ftp. the user clicks on the browse button to browse a file on his computer and the text field displays the path - "mycomputerdesktopmyimage.jpg".
i need to get the name of the image and insert the name into my database. so i need to be able to search the string ("mycomputerdesktopmyimage.jpg") and insert all the characters after the last "" which will give me the image name. ive tried just writing out the string in asp (jscript), but it gives me "mycomputerdesktopmyimage.jpg" without all the backslashes.
how do i get those backslashes back into the string? my second question is how do i search for the characters after the last backslash? i know i can use a substring on this, but how can i use it for the last backslash?
I've done several sites with ASP that use an Access database, and it has worked fine so far. I will be developing a much larger site and I need to know if Access just isn't going to cut it anymore.
Is MSSQL what I should use instead? How much is too much for an Access database? What are the differences in coding for something besides Access? (is it just in the connection string, or what?)
I have a form and if none of the radiobuttons are selecte or any of the txt fields are empty i want it to display an error, also if the entry in a txt field is not numeric i want it to display an error, if there are no errors then i wanted to display a message
i get "system cannot find the file specified" error. iam sure that the path of file iam looking for is true. i guess this is a friendly message thrown. when i turned off the freind messages in IE (client side) i still get the same error. is there any way that i can see the exact error so that i can debug.
anyone has any idea what IMS Package is all about? i read that The IMS Package consists of two major elements: a special XML file describing the content organization and resources in a Package, and the physical files being described by the XML.
The special XML file is named as imsmanifest.XML, together with all resources, when import, will be extracted from a single .zip file.
Does any one know where i can get such kind of .zip files so that i can check what exactly happening inside?
I have this table that has two columns Department and RecId. what I am doing is I need to give access to different people in different departments. So if I am in billing I say billing 76 which is my rec id and than if I also need acess to accounting I say Accounting 76.
So now in my asp page I open this records set to check and see who has access to what departments and give them the access Code:
I want to check whether the value in recordset is "=> 3 ". I try "If rs => '3' then...". But it doesn't seems working. Can I can't check the condition by using the recordset like how i written above? Or do I need get the value in recordset and assign to a variable in order to check the condition. Please advice. Let say my rs now stores a value of "2". Can I check with the following code.
[code] set rs = server.createobject("...") rs.open "Select...", objconn
if rs >=3 then 'THIS LINE DOESN"T SEEMS WORKING .... [code]
I want to do some error checking using on resume next to determine whether to commit an ADO transaction. However we have a custom 500 error page which we use through out the rest of the site. Can I remove the on error resume next after I have rolled back the transaction and raise a normal error.
Is it possible to have an ASP page which checks if a user is in a certain group in Active Directory (AD). For example jbloggs is logged in and belongs to the group "project_allowed". When jbloggs goes to project.asp it will allow him access However when jsmith is logged in and belongs to no groups and tries to access project.asp it will deny him access.
The script is designed as a form validator which checks fields for various criteria and then sends a mail with the form contents. Since 40 different forms will be plugged into this script, there needed to be complete seperation between the two.
I've managed it so far by checking for required fields by putting the word 'required' into the name of the field. The script then sources out any fields which has this text and checks them to see if they are filled out.
The problem I've come across now is that I need to check for field length. My idea was to put the amount of characters needed into the name of the field in the form and then have the script check with a Reg Exp. However, Im not too sure of the regular expression needed to check for this.
Can someone suggest one? The one I have at the moment is [1-14] but say I had a field like this: <input type="text" name="passwordrequired12"> That would match bout for 1 and 12. Any ideas?
How can I check whether a variable is set as a value, integer, etc .. ??? (So that when a user submits a value via a web form and its a letter, i can give them an error note.)
I am writing a script that lets me brows the contents of a web server. The problem is the account that is running ASP does not have permissions to every folder. Don't ask me why ... I have no idea but it can't be changed.
What I would like to do is perform a check for:
Microsoft VBScript runtime error '800a0046':Permission denied
And if this happens display an error message saying they do not have permission to view this directory. Code:
How can I write an asp page, say, CHECKIP.asp that checks the incomin requesting IP address and returns a protected page, based on th checking result? That is, if the IP is a permitted address, the presents a page, say, OK.asp. If the IP is not allowed, then send REJECT.asp. Both OK.asp and REJECT.asp cannot be directly accesse without going through the CHECKIP.asp.
I am a somewhat beginner in ASP. I would like 2 know how do I check whether a recordset, that was fetched from an MS-ACCESS database through a 'SELECT' query, is empty or not?? The scenario is that I m making a form where users can register for my message board. The form will take in all the details and pass on to another asp file which checks whether the username is already in use or not. If its in use then it says that Username in use else the page is displaying error. I m using the following sql. "select * from members where user='" & username & "'"
The error is something like record cannot be found. Either EOF or BOF or the record was deleted.
I got the below code from somewhere ages ago. I have a list of links on my site that link to other sites but I want to check if the link is a valid link automatically and if it fails after x checks (checks every 7 days) then to mark the link as a possible broken link
the below seems to take ages to process and was wondering if there is a better way to do the below. Code:
How to re-write this so it can error check for each individual field. Username, email, password etc.
This is written and validates if the user already has an account in the Database. then it returns the messaage below. But I would like to indentify if it is the username that exist or the email or password. Code:
i wanted some help in the bewlo subject i tried in different code but some time it is showing wrong error.is anybody give me the example or site linke where i can donwload the the password checking script from database. I have pulled data from database and shown those user name in suer tab ( drop dwon box) user need to select the his name and to type password.once user type the password it should check with database . if it exists then it should capture that user name and move on to next page.
I have a simple question. Can you check if a number has been passed through a form? For example I making a website for a property letting company and they upload the property themselves. But if you you put in text into the rent field, it throws up an error when adding to database obviously.I do validate the in put before adding it to the database so was thinking about another IF statement checking that a number was entered before they get as far as adding to the database and throwing up errors
A member logs on and enters a record, if one already exists for that date, then they get a message saying so. If not the record is added and some text is displayed. But it still allows me to enter records even if one already exists! is it because I am storing my dates as strings? Code:
How do i check the format of the field I am reading from a Excel table. I'm using a adodb connection to query an EXCEL/ACCESS table and display it on browser. Is there any way to check the format of a particular field that is bieng read.
For example how do i check whether a field that is read is in date format...?