I need to iterate through a submitted form, inserting data on each pass. In
the past, I have always used form elements that were named with numbers at
the end, like this,
name1 relationship1
name2 relationship2
name3 relationship3
With the above formatting, I could write a For... Next loop to insert all
the data into my database,
For i = 1 to 3
If Request.Form("n ame" & i) <> "" Then
sql = INSERT INTO Table (Name, Relationship)
sql = sql & " VALUES"
sql = sql & "('" Request.Form("n ame" & i) "',"
sql = sql & "('" Request.Form("r elationship" & i) "')"
'Execute SQL
End If
Next
Now I am working on a new loop, but do not want to go back and change the
way the submitting page works. I saw on while researching that I can use a
For each item in Request.Form, but tried this and it throws off my SQL
statement. It adds all of the request.form values to the sql statement,
which then fails.
How can I make this loop?
Thanks,
Drew
Jan 24 '06
14 19950
Drew wrote on 24 jan 2006 in microsoft.publi c.inetserver.as p.general: "Evertjan." <ex************ **@interxnl.net > wrote in message news:Xn******** ************@19 4.109.133.242.. . Drew wrote on 24 jan 2006 in microsoft.publi c.inetserver.as p.general:
For Each item In Request.Form 'Run Insert Code sql="INSERT INTO People (Name,Relations hip)" sql=sql & " VALUES " sql=sql & "('" & Request.Form("N ame") & "'," sql=sql & "'" & Request.Form("R elationship") & "')"
I don't think this will work.
Do you expect multiple Request.Form("N ame") and Request.Form("R elationship") groups that will listen to "Each item In Request.Form" ???
[please do not toppost on usenet]
Yep... as I say, I have never used the "For each item in Request.Form", I thought it would iterate through each form element, instead it just comma delimits them and that is it. I guess I will have to build an array in the For... Next loop and insert the array values?
No, no array.
Just have individual numbered names for the form values,
the below works for any number of entries:
<input name='Name1'> <input name='Relations hip1'><br>
<input name='Name2'> <input name='Relations hip2'><br>
<input name='Name3'> <input name='Relations hip3'><br>
............... ..
=============== =============== =====
debug = true
' debug = false
n=1
while Request.Form("N ame" & n) <> ""
sql = "INSERT INTO People (Name,Relations hip) VALUES "&_
"('" & Request.Form("N ame" & n) & "','" &_
Request.Form("R elationship" & n) & "')"
if debug then
response.write sql & "<br>"
else
CONN.execute(sq l)
end if
n=n+1
wend
if debug then response.end
.....
=============== =============== ======
not tested.
btw: You will have to do proper validation against hacker injection,
if this is an open internet job!!!!
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Drew wrote: If Request.Form("S ubmitted") = "Yes" Then 'Start Loop For Each item In Request.Form 'Run Insert Code sql="INSERT INTO People (Name,Relations hip)" sql=sql & " VALUES " sql=sql & "('" & Request.Form("N ame") & "'," sql=sql & "'" & Request.Form("R elationship") & "')"
'execute the insert to SQL Server Set MM_editCmd = Server.CreateOb ject("ADODB.Com mand") MM_editCmd.Acti veConnection = MM_lcnn_STRING MM_editCmd.Comm andText = sql Response.Write( sql) MM_editCmd.Exec ute MM_editCmd.Acti veConnection.Cl ose Next End If
I would rather use an ado.recordset object, which will handle the
possible SQL injection attacks.
For example, let's say each form name you want to save into the
database begins with name_ and relationship_
so
name_1, relationship_1
name_2, relationship_2
etc.
for each item in request.form
if left(item,5)="n ame_" then
itemcount=right (item,len(item)-5)
rs.addnew
rs("name")=requ est.form(item)
rs("relationshi p")=request.for m("relationship _" & itemcount)
rs.update
end if
next
Thanks for all the replies. I finally got this fixed by just renaming the
form elements to name1, name2, name3, relationship1, etc... SQL injection is
not one of my worries, since these apps reside on an intranet. If someone
does do a injection attack, we will know who it was, take administrative
action and restore our data from the tapes...
It would be better to prevent them in the first place, but then how do you
take administrative action? We want to get any employee who is trying to
damage our network/database out of this organization.
Thanks,
Drew
"Larry Bud" <la**********@y ahoo.com> wrote in message
news:11******** **************@ f14g2000cwb.goo glegroups.com.. . Drew wrote: If Request.Form("S ubmitted") = "Yes" Then 'Start Loop For Each item In Request.Form 'Run Insert Code sql="INSERT INTO People (Name,Relations hip)" sql=sql & " VALUES " sql=sql & "('" & Request.Form("N ame") & "'," sql=sql & "'" & Request.Form("R elationship") & "')"
'execute the insert to SQL Server Set MM_editCmd = Server.CreateOb ject("ADODB.Com mand") MM_editCmd.Acti veConnection = MM_lcnn_STRING MM_editCmd.Comm andText = sql Response.Write( sql) MM_editCmd.Exec ute MM_editCmd.Acti veConnection.Cl ose Next End If
I would rather use an ado.recordset object, which will handle the possible SQL injection attacks.
For example, let's say each form name you want to save into the database begins with name_ and relationship_
so name_1, relationship_1 name_2, relationship_2
etc.
for each item in request.form if left(item,5)="n ame_" then itemcount=right (item,len(item)-5) rs.addnew rs("name")=requ est.form(item) rs("relationshi p")=request.for m("relationship _" & itemcount) rs.update end if next
Drew wrote: Thanks for all the replies. I finally got this fixed by just renaming the form elements to name1, name2, name3, relationship1, etc... SQL injection is not one of my worries, since these apps reside on an intranet.
A majority of hacks are done by disgruntled employees
If someone does do a injection attack, we will know who it was, take administrative action and restore our data from the tapes... It would be better to prevent them in the first place, but then how do you take administrative action?
Validate the data in server-side code before using it, logging the
suspicious data and the user's name.
SAL Injection is not the only reason to avoid dynamic sql. It's a powerful
reason, but not the only one. Performance and code maintainability also
enter into the equation.
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Larry Bud wrote: I would rather use an ado.recordset object, which will handle the possible SQL injection attacks.
But that adds its own overhead. Cursors are very inefficient when it comes
to maintaining data. It is much better to use DML, and SQL Injection is
easily prevented by the use of parameters as I illustrated in my two posts.
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM" This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Christopher Brandsdal |
last post by:
Hi!
I get an error when I run my code
Is there any other way to get te information from my form?
Heres the error I get and the code beneath.
Line 120 is market with ''''''''''''Line 120'''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
|
by: Laurent Bertin |
last post by:
Hi i got a strange problem but it's true i don't make thing like anyone...
First Config:
+ IIS5.0 SP2 (yes i know...)
WebSite Security
Root : Digest Authentication, NT Authenticated
SubFolders : Anonymous Login
Anonymous login is set to use a domain user to enable a sql server
authenticated connection. Permissions are based on Page/action/user Membership
|
by: Dan |
last post by:
I am trying to use
Request.Form("__EVENTTARGET") to get the name of the control that caused a post back. It keeps returning "".
I am not really sure why, this happens for all of my controls that invoke are invoking a post back.
I've never used this type of method before, but I need to get the name of the control doing the postback in the Form Load event, and cannot wait until the event of the target control that runs due to the...
|
by: Mr Newbie |
last post by:
DropDown lists and Listboxes do not appear in the list of controls and
values passed back to the server on PostBack in Request.Form object. Can
someone confirm this to be correct and possibly answer why ?
The impact of this is that values added via javascript will never make it
back to the server side code unless one does some jiggery pokery with hidden
fields etc. If this is true, then I would like to understand the reason
behind the...
|
by: abcd |
last post by:
I can get the value on the form at the server side by using
Request.form("max")
when max field is disabled I dont get value. For GUI and business logic
purpose I have disabled some fields with the values, but when I update
Request.form does not return me anything for disabled fields.
How to read disabled fields at the server side
| |
by: Michael Kujawa |
last post by:
I am using the following to create an SQL statement
using the names and values from request.form.
The loop goes through each item in request.form
The issue comes in having an additional "and" at the end
of the loop and the value of x3 as not all options may be selected
from the form yet the loop goes through the entire request.form list
I have to add addtional code to strip off the last "and"
and was wondering if there is a way to...
|
by: Jeremy Fourman |
last post by:
Hello,
I am in need of parsing a page with a few text boxes and an option list. The current state of the input fields are <input type="text"> there are no id or name attributes, however the option list does have a name value. When I run this:
For Each Item in Request.Form
Response.Write(Item & "=" & Request.Form(Item) )
Next
I recieve only the option list name and selected option value. Is there a way to parse an input that...
|
by: =?Utf-8?B?QVRT?= |
last post by:
PRB JavaScript in ASP with Request.Form
Please help,
I'm having a problem with JavaScript in ASP, where the ASP page crashes when
I try to determine if data was posted from a FORM or through a QueryString.
Where, if the data came through via a FORM, I want to use it 1st, but if not,
to then try using it from the QueryString. Basically, the problem boils down
to using "toString()" on Request.Form("NAME") and Request.QueryString("NAME")...
|
by: =?Utf-8?B?QVRT?= |
last post by:
HOWTO Make CStr for JavaScript on ASP w/ Request.Form and QueryString
In ASP, Request.Form and Request.QueryString return objects that do not
support "toString", or any JavaScript string operation on parameters not
passed.
Example: Make a TST.asp and post to it as TST.asp?STATE=TEST
<%@ Language=JavaScript %>
<%
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |