ASP, Access Database and a Image Carousel

OK.
I am using the script from: http://billwscott.com/carousel/
I have implemented the use of a Database.
Works GREAT! When all images are being feed into the page.
BUT, when you use a Query against the results, it breaks when the image does not
Start at #1.

I have seen this happen in other scripts that I have worked with, and never found a
Reason, or how to corrent it.

Anyway.
Better to show then to try to explain the unexplainable.

1st link, display it's images related to the Query ID=1
http://ee.cffcs.com/Q_24443708/carousel.asp?id=1
2, 3 & 4 Do Not display their images, but if you view the source
You can see that the images are infact there, it is just not displaying.
http://ee.cffcs.com/Q_24443708/carousel.asp?id=2
http://ee.cffcs.com/Q_24443708/carousel.asp?id=3
http://ee.cffcs.com/Q_24443708/carousel.asp?id=4

Any idea's on correcting this issue?

Thanks All
Carrzkiss
LVL 31
Wayne BarronAuthor, Web DeveloperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

R_HarrisonCommented:
The first <LI id="XXXXXXX"> in the carousel must have an id of "mycarousel-item-1" for the script to work - presumably this is so the script knows where the list of images begins - but without full source code I can't be sure of the reason.

When you pull from the database with querystring=2 the id of the first <LI> is "mycarousel-item-5" so the script cannot find the begining of the list.
0
Wayne BarronAuthor, Web DeveloperAuthor Commented:
I figured I forgot to add in the code
http://ee.cffcs.com/Q_24443708/Q_24443708.zip

I think that I have figured out how to do it. (This may not be the best way in the world to do it but it works.)

OK.
Change the first ID # to something other then [1]
Now, have this
<li id="mycarousel-item-1"></li>
Above the lines of code, so that it does not show up, and wa-la.
All pages work like a charm.

Thanks Harrison for the heads up.
If you can find a better way of doing it, by all means let me know

If you want to test out my theory
http://ee.cffcs.com/Q_24443708/carousel_1.asp?id=1
http://ee.cffcs.com/Q_24443708/carousel_1.asp?id=2
http://ee.cffcs.com/Q_24443708/carousel_1.asp?id=3
http://ee.cffcs.com/Q_24443708/carousel_1.asp?id=4

Code for both pages are in here
http://ee.cffcs.com/Q_24443708/Q_24443708.zip

I am going to go on ahead and build upon this latest development
Unless you let me know otherwise.

Have a good one.
Carrzkiss
0
R_HarrisonCommented:
That sound like a good solution.   I would probably have made the code generate the:
<li id="mycarousel-item-1">

in order so that they look like...
<li id="mycarousel-item-1">...............
<li id="mycarousel-item-2">...............
<li id="mycarousel-item-3">...............

but the rest of the li ids don't matter so your implementation is fine.   Incidentally, I can't access the zip files - 404 page not found error.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Wayne BarronAuthor, Web DeveloperAuthor Commented:
It was named wrong, I always name the zip files to the name of the EE Q_#
And I did not do it to this one.

Here it is, working like it is suppose to work
http://ee.cffcs.com/Q_24443708/Q_24443708.zip

Sorry for all the aggrivation trying to get this code.

Carrzkiss
0
R_HarrisonCommented:
OK, I have amended the carousel.asp file to list the LI IDs in order - I have also blocked SQL injection attacks in the code.

The revised zip is at:
http://www.associactionenterprises.com/ee/Q_24443708.zip
0
Wayne BarronAuthor, Web DeveloperAuthor Commented:
Good deal.
Along with your information and mine, this is turning out to be a pretty nifty little project.

http://ee.cffcs.com/Q_24443708/carousel.asp?id=1

Added in a Record Count for the ID=# in the Query.
So, instead of having a lot of dead space in the Carousel, it will only go to the end of the Count.
http://ee.cffcs.com/Q_24443708/Q_24443708.zip

The count is line: 138
size:              19,
to
size:              <%=rsMyCount("CountOfID")%>,

Works pretty darn sweet now.

I think that I will accept us both and give you some points.
This project turned out to be pretty nice.

I had implemented it into my project already, but had forgotten about the SQL Injection part.

Do you perhaps have some more information on SQL Injection?
I have searched and found some information on SQL Injection against Username and Password Fields
And was able to test my authentication system, and am pretty secure on that.
But would like to get more information and a better understanding on it.
(So that when I produce code for others, I can protect it as well, makes for better study, like you did here.)

Have a good one Harrison.
Wayne
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
R_HarrisonCommented:
No problem.  I knocked up a quick article covering the basics - I will probably add to it later.
http://www.associactionenterprises.com/EE/SQLInjection/

As you use ACCESS, to prevent the SQL injectioin you can simply replace any apostrophe in user inputs with 2 apostrophes (not quotation marks but 2 actual apostrophes).   e.g
Str=replace(request("str", "'", "''") and to prevent sql on numeric just use

and to prevent injection on numeric fields....
supposednumber=request("supposednumber")
if isNumeric(supposednumber)=false then supposednumber=0
0
Wayne BarronAuthor, Web DeveloperAuthor Commented:
great article.
It seems that Access and JET are pretty secure within itself against the SQL Injections.
What about SQL Server?
SQL Server is going to be a HUGE part of the site that I am going now, once the money
Free's up and I can aford to cross over "In-House" (Do not want to share with the data I have)

I will keep your link in my favorites, so that I can keep up to date with new developments as they become available from you.

Thanks for again for your help.
You Rock.

Carrzkiss
0
R_HarrisonCommented:
SQL Server does not provide the protection that JET and access does, with SQL server you can append commands - so you can actually add run several SQL statements one after the other using SQL injection - including the more serious and damaging ones like DROP TABLE.   So make sure you protect against SQL injection if you migrate to SQL Server.
0
Wayne BarronAuthor, Web DeveloperAuthor Commented:
Thanks R_

It is going to be (Depending on Members who sign up on the new site)
Right now, I am using several Access Databases so that they do not get full too quickly.
As they have a 2GB capacity.
Once I hit about 100,000 members, then I am going to have to move over to SQL Server.
So, at that time before the migration, I will be running full test.
To make sure that everything runs accordingly and secure.

The site is also going to be running on a SSL once I go to SQL Server, which I doubt does anything
To hinder to the SQL Injections.

I will be posting several questions once that time comes.
I am hoping before Christmas. But, due to the economy, I am not really sure when..?

Thanks again for your awesome incite.
Have a great weekend.

Carrzkiss
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP

From novice to tech pro — start learning today.