Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How to save ASP forms to your database

Posted on 2003-02-24
9
Medium Priority
?
200 Views
Last Modified: 2010-04-06
how do you save your ASP Form to your database ?

I`ve got like this:(I know it`s dutch...)
(the file is called project_edit.asp)

if someone renames the project_naam (project_name) I want it to update the database with that name.

<!-- #include file = inc/basicFunctions.asp -->

<%
dim project_id

project_id = request("project_id")

mySQL = "SELECT project_id, project_naam, opdracht, toepassingen, klant_naam FROM tbl_project P LEFT JOIN tbl_klant K on K.klant_id=P.klant_id WHERE project_ID = '" & project_ID & "'"
set myRecSet = conn.execute(mySQL)

%>

<form name="edit" method="post" "project_edit.asp">

<input type="text" name="project" value="<%=myrecSet(1)%>"><P>

<textarea cols="70" rows="10" name="opdracht"><%=myrecSet(2)%>
0
Comment
Question by:cleany
  • 3
  • 2
  • 2
  • +1
9 Comments
 

Author Comment

by:cleany
ID: 8007211
the rest is...

</textarea><p>
<textarea cols="70" rows="20" name="toepassingen"><%=myrecSet(3)%></textarea><p>
<input type="submit" name="GO!">

</form>
0
 
LVL 2

Accepted Solution

by:
IeuanJ earned 150 total points
ID: 8007545
Add your project_id to the form as a hidden input

<input type="hidden" name="project_id" value="<% project_id & %>">

Then you need to set up the recieving page to do this with code similar to below.

<!-- #include file = inc/basicFunctions.asp -->
<%
dim project_name
dim project_id
project_name = Request.Form("project")
project_id = Request.Form("project_id")
mySQL = "UPDATE tbl_project set project_name = '" & project_name & "' WHERE project_id = '" & project_id & "'"
set myRecSet = conn.execute(mySQL)
%>

I'm sure you can work out how to fit this into your code.
0
 
LVL 4

Expert Comment

by:RanaHossain
ID: 8013509
hold on... hold on... this is very very risky.. and this is why...

think of someone editing the html, and submitting the following....

<input type="hidden" name="project_id" value="1;delete from project WHERE 1=1">

this is one example... one can think of a lot more.... the moral of the story is

NEVER EVER PASS FORM DATA STRAIGHT TO DATABASE WITHOUT CHECKING...................

you can do a quick check like
project_id = Request.Form("project_id")
if isNumeric(project_id) and project_id <> "" then
   if project_id <> "0" then
      ' we have a valid ID here
   end if
end if

check before getting near the database... always.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:IeuanJ
ID: 8015711
Of course you should always run as many checks and security features as you see fit, but that was not the question asked Rana.
0
 

Author Comment

by:cleany
ID: 8015953
thanx
0
 

Author Comment

by:cleany
ID: 8015955
the identity was set to yes, so it`s really not a problem, but thanx anyway.
0
 
LVL 4

Expert Comment

by:RanaHossain
ID: 8019644
leauanJ,

no it was not the question, but an implementation. I would never suggest a fix with security flaws to a friend.
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 9115180
This question has been classified abandoned. I will make a recommendation to the
moderators on its resolution in a week or two. I appreciate any comments
that would help me to make a recommendation.

<note>
Unless it is clear to me that the question has been answered I will recommend delete.  It is possible that a Grade less than A will be given if no expert makes a case for an A grade. It is assumed that any participant not responding to this request is no longer interested in its final disposition.
</note>

If the user does not know how to close the question, the options are here:
http://www.experts-exchange.com/help/closing.jsp


Cd&

0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 9306140
It is time to clean this abandoned question up.

I am putting it on a clean up list for CS.

<recommendation>
points to IeaunJ  -- Grade B

</recommendation>

If anyone participating in the Q disagrees with the recommendation,
please leave a comment for the mods.

Cd&

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Since I wrote the original article about Handling Date and Time in PHP and MySQL several years ago, it seemed like now was a good time to update it for object-oriented PHP.  This article does that, replacing as much as possible the pr…
JavaScript has plenty of pieces of code people often just copy/paste from somewhere but never quite fully understand. Self-Executing functions are just one good example that I'll try to demystify here.
Viewers will learn about if statements in Java and their use The if statement: The condition required to create an if statement: Variations of if statements: An example using if statements:
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question