[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1341
  • Last Modified:

Parse querystring in ASP classic

How would I parse a querystring like this:
<a href="details.asp?id=<% response.write device_id %><%=rst.Fields("DEVICE")%>"><%=(rst.Fields("Title").Value)%></a>
0
GDB08
Asked:
GDB08
  • 3
  • 2
  • 2
2 Solutions
 
TimCotteeCommented:
Hello GDB08,

You have no seperator or item for the second bit: rst.Fields("DEVICE")

If you used:

"><%=(rst.Fields("Title").Value)%>

Then you could simply use request.querystring("id") and request.querystring("Device") to get the data out. If you don't then you will either need to have some way of seperating the two elements or if for example the ID is a fixed length you could chop it up that way.
Regards,

TimCottee
0
 
neeraj523Commented:
What do you mean by parsing query string ??

You can retrive querystring like Request.QueryString("ID") or Request("ID")
0
 
TimCotteeCommented:
GDB08,

Of course that got trashed because I didn't put it as a snippet:

TimCottee
<a href="details.asp?id=<% response.write device_id %>&Device=<%=rst.Fields("DEVICE")%>"><%=(rst.Fields("Title").Value)%></a>

Open in new window

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
GDB08Author Commented:
Thanks for the reply.  Do you think I should change my code above could regarding to sql-injection attemtps?
0
 
GDB08Author Commented:
The querystring above works fine.  I'm just concerned that it could be used for sql-injenction attempts so I'm wondering if there is a better way to do this.
0
 
neeraj523Commented:
you can avoid possibilities of SQL injection by validating the querystring values before passing it to the SQL statement..

0
 
neeraj523Commented:
for example, if you are expecting a numeric value in querystring, validate the value if it is numeric else give an error msg ..

in case of expected value is a string value, validate if string is not having SQL keywords like, SELECT, UPDATE, TELETE, TRUNCATE ETC.. (Need to put these fuilters very smartly..).. also u can check the expected length of the input string before processing..

0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now