473,320 Members | 1,846 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Assistance with ASP Redirect

Hello,

The database I'm working with has these 2 fields:

- "CD", which stands for "Consolidated Design Number" (not Compact
DISC)

and

- "URL", which is the full URL (http://...)

Users need to be able to type a CD number into a form text box and,
upon submission, be redirected to a non-database-driven html index
(home page) for all the info associated with that paricular CD. A
drop-down might be simpler, but it would be way too long since there
are many, many numbers.

Here's what I have. Can't seem to get it to work.

Any assistance would be very much appreciated. Thanks!

<%
sDSN = "Driver={Microsoft Access Driver
(*.mdb)};Dbq=path-to-my-db.mdb;"
%>
<%
set ac = CreateObject("ADODB.Connection")
set ar = CreateObject("ADODB.Recordset")
ac.Open sDSN '"DSN=my-db","myuser","mypass"
sSQL = "SELECT URL FROM mytable WHERE CD=" & Request.Form("CD")
set ar = ac.Execute(sSQL)
if NOT ar.EOF then
URL = ar("URL")
Response.Redirect url
else
' new customer or bad ID
End If
%>
Jul 19 '05 #1
3 1819
Endora wrote on 12 aug 2004 in microsoft.public.inetserver.asp.general:
Any assistance would be very much appreciated. Thanks!

<%
sDSN = "Driver={Microsoft Access Driver
(*.mdb)};Dbq=path-to-my-db.mdb;"
%>
<%
set ac = CreateObject("ADODB.Connection")
set ar = CreateObject("ADODB.Recordset")
ac.Open sDSN '"DSN=my-db","myuser","mypass"
sSQL = "SELECT URL FROM mytable WHERE CD=" & Request.Form("CD")
set ar = ac.Execute(sSQL)
if NOT ar.EOF then
URL = ar("URL")
Response.Redirect url
else
' new customer or bad ID
End If
%>


Do use the Jet engine driver.
You do not use and need a recordset here.
The permissions for the database path must be OK.

<%
set CONNECT = server.CreateObject("ADODB.Connection")
CONNECT.Open "PROVIDER=Microsoft.Jet.OLEDB.4.0;DATA SOURCE="_
& Server.MapPath("/db/your.mdb") & ";"

sSQL = "SELECT URL FROM mytable WHERE CD=" & Request.Form("CD")
set dat=CONNECT.Execute(sSQL)
if not dat.eof then Response.Redirect dat("URL")

response.write "Something is very wrong here"
%>

The above using of Request.Form("CD") directly in an SQL string is
dangeroes, because a hacker can get entry in your database by injection.
Validate the result first as an integer number!

If there is more than one record with the same CD, only one is used.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Jul 19 '05 #2
This worked beautifully, thank you, Evertjan!

One note: "CD number" is a bit of a misnomer. My fault, I didn't
explain properly. It should probably just be called "CD Value", but
the misleading name is beyond my control...

At any rate, in the DB it is not an integer, so I actually ended up
with:

sSQL = "SELECT URL FROM mytable WHERE CD='" &
Request.QueryString("CD") & "'"

Again, much appreciated. It is up and running.
Jul 19 '05 #3
Endora wrote on 13 aug 2004 in microsoft.public.inetserver.asp.general:
sSQL = "SELECT URL FROM mytable WHERE CD='" &
Request.QueryString("CD") & "'"


It is very dangerous to put a clientside string like
Request.QueryString("CD")
directly in the SQL.

Hackers can easily construct a string for http://mysite,com/db.asp?CD=...
that alters or deletes part of your database!

So again always validate the querystring first.

See: What is SQL Injection?
<http://www.4guysfromrolla.com/webtech/061902-1.shtml> and more

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Jul 19 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

10
by: Bob Garbados | last post by:
forgive my ignorance, as I'm new to php coming from a ms background... If I create a page named redirect.php and it's only content is: <?php header("Location: http://www.google.com"); ?>...
7
by: Donna Hawkins | last post by:
I want to use javascript to redirect to a URL which has been passed as a variable (in php). I have searched but cannot find any solution. I think this code is a basic redirect: <script...
0
by: Jawahar | last post by:
All I had posted this in the remote assistance group and could not get any replies so I thought that I could try in the developer group Thanks One of the issues we face when helping our remote...
6
by: Peter Row | last post by:
Hi, I am writing a DLL in VB.NET that implements IHttpHandler.ProcessRequest. This code calls a sub and I need to know if that sub did a response redirect or not. Specifically I need to know...
4
by: Sugartonic | last post by:
I have been reading for about three days now on how to use a drop down menu with options to write to my database but still haven't been successful, Basically I made a drop down menu for age. made a...
5
by: venner | last post by:
I'm having an issue with an ASP.NET website after upgrading to ASP.NET 2.0. The website makes use of a central authentication service (CAS) provided at the university I work for. Each page checks...
10
by: Eirik Eldorsen | last post by:
How can I 301 redirect www.example.com/default.aspx to www.example.com without using ISAPI filters?
1
by: cottcody | last post by:
Hello. I'm attempting to write a form for a web page which is using the formmail.pl script. The form works fine and all but it its the script in which i am having troubles. What I would like it to do...
3
by: gaurav92K | last post by:
sir i am working in a company . there are many pc. i want to use remote assistance. i configure all group policy which are related remote assistance.and i enable service through remote in system...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.