?
Solved

How to save ASP forms to your database

Posted on 2003-02-24
9
Medium Priority
?
198 Views
Last Modified: 2010-04-06
how do you save your ASP Form to your database ?

I`ve got like this:(I know it`s dutch...)
(the file is called project_edit.asp)

if someone renames the project_naam (project_name) I want it to update the database with that name.

<!-- #include file = inc/basicFunctions.asp -->

<%
dim project_id

project_id = request("project_id")

mySQL = "SELECT project_id, project_naam, opdracht, toepassingen, klant_naam FROM tbl_project P LEFT JOIN tbl_klant K on K.klant_id=P.klant_id WHERE project_ID = '" & project_ID & "'"
set myRecSet = conn.execute(mySQL)

%>

<form name="edit" method="post" "project_edit.asp">

<input type="text" name="project" value="<%=myrecSet(1)%>"><P>

<textarea cols="70" rows="10" name="opdracht"><%=myrecSet(2)%>
0
Comment
Question by:cleany
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
9 Comments
 

Author Comment

by:cleany
ID: 8007211
the rest is...

</textarea><p>
<textarea cols="70" rows="20" name="toepassingen"><%=myrecSet(3)%></textarea><p>
<input type="submit" name="GO!">

</form>
0
 
LVL 2

Accepted Solution

by:
IeuanJ earned 150 total points
ID: 8007545
Add your project_id to the form as a hidden input

<input type="hidden" name="project_id" value="<% project_id & %>">

Then you need to set up the recieving page to do this with code similar to below.

<!-- #include file = inc/basicFunctions.asp -->
<%
dim project_name
dim project_id
project_name = Request.Form("project")
project_id = Request.Form("project_id")
mySQL = "UPDATE tbl_project set project_name = '" & project_name & "' WHERE project_id = '" & project_id & "'"
set myRecSet = conn.execute(mySQL)
%>

I'm sure you can work out how to fit this into your code.
0
 
LVL 4

Expert Comment

by:RanaHossain
ID: 8013509
hold on... hold on... this is very very risky.. and this is why...

think of someone editing the html, and submitting the following....

<input type="hidden" name="project_id" value="1;delete from project WHERE 1=1">

this is one example... one can think of a lot more.... the moral of the story is

NEVER EVER PASS FORM DATA STRAIGHT TO DATABASE WITHOUT CHECKING...................

you can do a quick check like
project_id = Request.Form("project_id")
if isNumeric(project_id) and project_id <> "" then
   if project_id <> "0" then
      ' we have a valid ID here
   end if
end if

check before getting near the database... always.
0
Video: Liquid Web Managed WordPress Comparisons

If you run run a WordPress, you understand the potential headaches you may face when updating your plugins and themes. Do you choose to update on the fly and risk taking down your site; or do you set up a staging, keep it in sync with your live site and use that to test updates?

 
LVL 2

Expert Comment

by:IeuanJ
ID: 8015711
Of course you should always run as many checks and security features as you see fit, but that was not the question asked Rana.
0
 

Author Comment

by:cleany
ID: 8015953
thanx
0
 

Author Comment

by:cleany
ID: 8015955
the identity was set to yes, so it`s really not a problem, but thanx anyway.
0
 
LVL 4

Expert Comment

by:RanaHossain
ID: 8019644
leauanJ,

no it was not the question, but an implementation. I would never suggest a fix with security flaws to a friend.
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 9115180
This question has been classified abandoned. I will make a recommendation to the
moderators on its resolution in a week or two. I appreciate any comments
that would help me to make a recommendation.

<note>
Unless it is clear to me that the question has been answered I will recommend delete.  It is possible that a Grade less than A will be given if no expert makes a case for an A grade. It is assumed that any participant not responding to this request is no longer interested in its final disposition.
</note>

If the user does not know how to close the question, the options are here:
http://www.experts-exchange.com/help/closing.jsp


Cd&

0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 9306140
It is time to clean this abandoned question up.

I am putting it on a clean up list for CS.

<recommendation>
points to IeaunJ  -- Grade B

</recommendation>

If anyone participating in the Q disagrees with the recommendation,
please leave a comment for the mods.

Cd&

0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface This article introduces an authentication and authorization system for a website.  It is understood by the author and the project contributors that there is no such thing as a "one size fits all" system.  That being said, there is a certa…
This article covers the basics of the Sass, which is a CSS extension language. You will learn about variables, mixins, and nesting.
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question