473,320 Members | 2,048 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Submitting a form that checks entyered data is not in an exclusion list

I have an ASP form that users enter a number into. The form then posts
the number with a hidden login and password to a web address which
opens in a new window. However, I want make sure that the number they
enter is not one of the numbers I have in an Access database table that
contains a list of numbers they are not allowed to enter. How can I do
this?

Mar 7 '06 #1
3 1122

mp*******@policecredit.com.au wrote:
I have an ASP form that users enter a number into. The form then posts
the number with a hidden login and password to a web address which
opens in a new window. However, I want make sure that the number they
enter is not one of the numbers I have in an Access database table that
contains a list of numbers they are not allowed to enter. How can I do
this?


set rs = conn.execute("SELECT restrictedNumber FROM table WHERE
restrictedNumber = " & Request.Form("inputNumber"))
if not rs.eof then
'user can't proceed because there is a match
else
'user can
end if

--
Mike Brind

Mar 7 '06 #2
Mike Brind wrote:
mp*******@policecredit.com.au wrote:
I have an ASP form that users enter a number into. The form then
posts the number with a hidden login and password to a web address
which opens in a new window. However, I want make sure that the
number they enter is not one of the numbers I have in an Access
database table that contains a list of numbers they are not allowed
to enter. How can I do this?


set rs = conn.execute("SELECT restrictedNumber FROM table WHERE
restrictedNumber = " & Request.Form("inputNumber"))


This is the correct solution, as far as it goes. however, don't forget your
server-side validation. This technique is susceptible to sql injection.
http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23

Far better is to:

1. validate user inputs in server-side code (e.g., make sure numbers contain
only numbers)
2. use parameters instead of dynamic sql.
http://groups-beta.google.com/group/...e36562fee7804e

Better yet, use saved parameter queries:
http://groups-beta.google.com/group/...d322b882a604bd

--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Mar 7 '06 #3
Thanks for your help I will give it a go and see if I can get it to
work.

Mal

Mar 8 '06 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Sean Abrahams | last post by:
The following is a reprint of a message I sent to the tutor list a long time ago, that I haven't gotten around to discussing with anyone else and failed to hear a reply on the tutor list. Hoping...
1
by: Display Name | last post by:
the customer I'm developing a site for uses a canned form-parsing page that allows her to have an email subscription opt-in page add emails to a list she can manage using a link that you point your...
5
by: Don | last post by:
I have a need to submit a form, but don't need the user to click on a button. How do I do this? Is there some way, using JavaScript, to setup a <form> tag to do this? Thanks, Don ----==...
4
by: Rick | last post by:
Hello, I'm having trouble with submitting my form when checking to see if data is present in the user-inputted fields. What I want to happen is for the user to input various pieces of data,...
78
by: wkehowski | last post by:
The python code below generates a cartesian product subject to any logical combination of wildcard exclusions. For example, suppose I want to generate a cartesian product S^n, n>=3, of that...
2
by: Cerebral Believer | last post by:
Hi folks, Can anyone help me with this form: http://futurebydesign-music.com/_member/club_fbd_reg.php I have followed to coding instructions aas closely as I can, but I am getting errors...
5
by: Advo | last post by:
Basically, im redesigning a form page on our website. Currently the user submits the form, it does a few javascript checks and either submits to the "processstuff.php" page, or gives the user a...
4
by: Super Steve | last post by:
I'm trying to write a little script that disables the submit button on a form, changes the text of the button, and then submits the form. Can anyone tell me why this works ok: <input...
2
by: Mtek | last post by:
Hi, I have a generic routine that is called by many forms, and probably by many browsers. The javascript performs some validation on the form passed in and then issues the command 'submit()'. ...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.