Hi all,
I was at http://aspfaq.com/show.asp?id=2120, read all techniques.
I choose the fasted one - it is the last "SP ROW COUNT".
SP looks like:
CREATE PROCEDURE SampleCDs_Paging_Rowcount
@pagenum INT = 1,
@perpage INT = 50
AS
The problem is, I want dynamically change SQL select (because I want
filter output by something - name, author, year, order and so on).
So I thought, it could be nice idea to call stored procedure with
added 3 SQL SELECTS as arguments. So it should look like:
CREATE PROCEDURE SampleCDs_Paging_Rowcount -- change name
@pagenum INT = 1,
@perpage INT = 50,
@SQL1 nvarchar(1000),
@SQL2 nvarchar(1000),
@SQL3 nvarchar(1000)
AS
What do you think about that ? 3 1579
Ing. Branislav Gerzo wrote: Hi all,
I was at http://aspfaq.com/show.asp?id=2120, read all techniques. I choose the fasted one - it is the last "SP ROW COUNT". SP looks like: CREATE PROCEDURE SampleCDs_Paging_Rowcount @pagenum INT = 1, @perpage INT = 50 AS
The problem is, I want dynamically change SQL select (because I want filter output by something - name, author, year, order and so on). So I thought, it could be nice idea to call stored procedure with added 3 SQL SELECTS as arguments. So it should look like: CREATE PROCEDURE SampleCDs_Paging_Rowcount -- change name @pagenum INT = 1, @perpage INT = 50, @SQL1 nvarchar(1000), @SQL2 nvarchar(1000), @SQL3 nvarchar(1000) AS
What do you think about that ?
Hackers will love it. Read these articles about SQL Injection: http://mvp.unixwiz.net/techtips/sql-injection.html http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23 http://www.nextgenss.com/papers/adva..._injection.pdf http://www.nextgenss.com/papers/more..._injection.pdf
Read this article by Erland Sommerskag for ideas about dynamic search
conditions: http://www.sommarskog.se/dyn-search.html. While you're there,
browse through the rest of the articles on his site, they are extremely
worthwhile.
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Ing. Branislav Gerzo wrote: Bob Barrows [MVP] [BB], on Friday, June 24, 2005 at 08:39 (-0400) thinks about:
Hackers will love it. Read these articles about SQL Injection:
yes, I know. So I change all the design and switched to Recordset.Move() in ASP, no more SP.
Then you may still be vulnerable to sql injection if you are using user
input to build dynamic sql statements. Make sure you read those articles.
For an safe alternative to dynamic sql that does not require a stored
procedure, read: http://groups-beta.google.com/group/...e36562fee7804e
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM" This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Dima |
last post by:
Does anybody know where can i get a sample on how to do recordset paging between two frames or between page an iframe that is within.
-----------------------------
This message is posted by...
|
by: Bruno Alexandre |
last post by:
Hi guys,
withou using SP, I want to be able to add a Parameter to the SQL Query and
retrive the Recordset so I can use the Paging property under the recorset
object.... how can I do this?
I'm...
|
by: Li |
last post by:
Hi, guys,
I got a problem when trying to paging the recordset. the problem is
even I set the pagesize but the first page will always show all the
records and the number of records that shown on...
|
by: sara |
last post by:
Hi all,
I have a strange problem. I have a page where I am
creating a recordset that can handle paging and the query
for it was originally selecting from only one table. This
was all working...
|
by: Johnfli |
last post by:
ADODB.Recordset error '800a0cb3'
Current Recordset does not support bookmarks. This may be a limitation of
the provider or of the selected cursortype.
I am moving my webserver from NT4 using SQL...
|
by: Jeff Gardner |
last post by:
Greetings:
I've a script written for paging through a given recordset with page
links, etc. I want to be able to limit the number of page numbers
displayed as a large query may result in 100 or...
|
by: David |
last post by:
Hi,
I have always wanted to get the following working, but have never yet
mastered it :-(
I have an asp page which displays a list of records depending on what
was selected via another form....
|
by: Simon Harris |
last post by:
Hi All,
As you may have seen from my earlier post, I am trying to setup paging on an
ASP application, I *think* this is 99% there.
The only problem I have left, is when I get to the last page,...
|
by: wallconor |
last post by:
Hi,
I am having a problem using Dreamweaver CS3 standard recordset paging behavior. It doesn’t seem to work when I pass parameter values from a FORM on my search page, to the recordset on my...
|
by: Yosi |
last post by:
Hi all,
I have access database file with 2 tables,
the tables have the same columns but with different data,
and I have 2 asp files that show the content of each table with paging
recordset,...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |