ASP, Access Database and a Image Carousel

I am using the script from:
I have implemented the use of a Database.
Works GREAT! When all images are being feed into the page.
BUT, when you use a Query against the results, it breaks when the image does not
Start at #1.

I have seen this happen in other scripts that I have worked with, and never found a
Reason, or how to corrent it.

Better to show then to try to explain the unexplainable.

1st link, display it's images related to the Query ID=1
2, 3 & 4 Do Not display their images, but if you view the source
You can see that the images are infact there, it is just not displaying.

Any idea's on correcting this issue?

Thanks All
LVL 31
Wayne BarronAsked:
Who is Participating?
Wayne BarronConnect With a Mentor Author Commented:
Good deal.
Along with your information and mine, this is turning out to be a pretty nifty little project.

Added in a Record Count for the ID=# in the Query.
So, instead of having a lot of dead space in the Carousel, it will only go to the end of the Count.

The count is line: 138
size:              19,
size:              <%=rsMyCount("CountOfID")%>,

Works pretty darn sweet now.

I think that I will accept us both and give you some points.
This project turned out to be pretty nice.

I had implemented it into my project already, but had forgotten about the SQL Injection part.

Do you perhaps have some more information on SQL Injection?
I have searched and found some information on SQL Injection against Username and Password Fields
And was able to test my authentication system, and am pretty secure on that.
But would like to get more information and a better understanding on it.
(So that when I produce code for others, I can protect it as well, makes for better study, like you did here.)

Have a good one Harrison.
The first <LI id="XXXXXXX"> in the carousel must have an id of "mycarousel-item-1" for the script to work - presumably this is so the script knows where the list of images begins - but without full source code I can't be sure of the reason.

When you pull from the database with querystring=2 the id of the first <LI> is "mycarousel-item-5" so the script cannot find the begining of the list.
Wayne BarronAuthor Commented:
I figured I forgot to add in the code

I think that I have figured out how to do it. (This may not be the best way in the world to do it but it works.)

Change the first ID # to something other then [1]
Now, have this
<li id="mycarousel-item-1"></li>
Above the lines of code, so that it does not show up, and wa-la.
All pages work like a charm.

Thanks Harrison for the heads up.
If you can find a better way of doing it, by all means let me know

If you want to test out my theory

Code for both pages are in here

I am going to go on ahead and build upon this latest development
Unless you let me know otherwise.

Have a good one.
7 new features that'll make your work life better

It’s our mission to create a product that solves the huge challenges you face at work every day. In case you missed it, here are 7 delightful things we've added recently to monday to make it even more awesome.

That sound like a good solution.   I would probably have made the code generate the:
<li id="mycarousel-item-1">

in order so that they look like...
<li id="mycarousel-item-1">...............
<li id="mycarousel-item-2">...............
<li id="mycarousel-item-3">...............

but the rest of the li ids don't matter so your implementation is fine.   Incidentally, I can't access the zip files - 404 page not found error.
Wayne BarronAuthor Commented:
It was named wrong, I always name the zip files to the name of the EE Q_#
And I did not do it to this one.

Here it is, working like it is suppose to work

Sorry for all the aggrivation trying to get this code.

R_HarrisonConnect With a Mentor Commented:
OK, I have amended the carousel.asp file to list the LI IDs in order - I have also blocked SQL injection attacks in the code.

The revised zip is at:
No problem.  I knocked up a quick article covering the basics - I will probably add to it later.

As you use ACCESS, to prevent the SQL injectioin you can simply replace any apostrophe in user inputs with 2 apostrophes (not quotation marks but 2 actual apostrophes).   e.g
Str=replace(request("str", "'", "''") and to prevent sql on numeric just use

and to prevent injection on numeric fields....
if isNumeric(supposednumber)=false then supposednumber=0
Wayne BarronAuthor Commented:
great article.
It seems that Access and JET are pretty secure within itself against the SQL Injections.
What about SQL Server?
SQL Server is going to be a HUGE part of the site that I am going now, once the money
Free's up and I can aford to cross over "In-House" (Do not want to share with the data I have)

I will keep your link in my favorites, so that I can keep up to date with new developments as they become available from you.

Thanks for again for your help.
You Rock.

SQL Server does not provide the protection that JET and access does, with SQL server you can append commands - so you can actually add run several SQL statements one after the other using SQL injection - including the more serious and damaging ones like DROP TABLE.   So make sure you protect against SQL injection if you migrate to SQL Server.
Wayne BarronAuthor Commented:
Thanks R_

It is going to be (Depending on Members who sign up on the new site)
Right now, I am using several Access Databases so that they do not get full too quickly.
As they have a 2GB capacity.
Once I hit about 100,000 members, then I am going to have to move over to SQL Server.
So, at that time before the migration, I will be running full test.
To make sure that everything runs accordingly and secure.

The site is also going to be running on a SSL once I go to SQL Server, which I doubt does anything
To hinder to the SQL Injections.

I will be posting several questions once that time comes.
I am hoping before Christmas. But, due to the economy, I am not really sure when..?

Thanks again for your awesome incite.
Have a great weekend.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.