I get an incorrect syntax error pointing to the semicolon when I run
this sql statement with a dynamic querystring (geid is primary key
integer datatype):
sql="SELECT firstname,lastname from general where geid = " &
request.QueryString("id") & ";"
...i've tried every possible combination, obviously breaking syntax
rules, and keep getting the error pointing to either the ; or the =
???????
netsports
9  2203 
".Net Sports" <ba********@cox.netwrote in message
news:11**********************@p10g2000cwp.googlegr oups.com...
>I get an incorrect syntax error pointing to the semicolon when I run
this sql statement with a dynamic querystring (geid is primary key
integer datatype):
sql="SELECT firstname,lastname from general where geid = " &
request.QueryString("id") & ";"
..i've tried every possible combination, obviously breaking syntax
rules, and keep getting the error pointing to either the ; or the =
???????
netsports
Have you established that Request.QueryString("id") holds a valid value?
<%
sql="SELECT firstname,lastname from general where geid = " &
request.QueryString("id") & ";"
Response.Write sql
Response.End
%>
--
Mike Brind
On Feb 8, 11:10 pm, ".Net Sports" <ballz2w...@cox.netwrote:
I get an incorrect syntax error pointing to the semicolon when I run
this sql statement with a dynamic querystring (geid is primary key
integer datatype):
sql="SELECT firstname,lastname from general where geid = " &
request.QueryString("id") & ";"
..i've tried every possible combination, obviously breaking syntax
rules, and keep getting the error pointing to either the ; or the =
???????
netsports
Can you use it like this
Dim sID
sID=request.QueryString("id")
sql="SELECT firstname,lastname from general where geid = ' "&sID&" '
". <Remove space between double quote and single quote>
Pav wrote on 08 feb 2007 in microsoft.public.inetserver.asp.general:
On Feb 8, 11:10 pm, ".Net Sports" <ballz2w...@cox.netwrote:
>I get an incorrect syntax error pointing to the semicolon when I run
this sql statement with a dynamic querystring (geid is primary key
integer datatype):
sql="SELECT firstname,lastname from general where geid = " &
request.QueryString("id") & ";"
..i've tried every possible combination, obviously breaking syntax
rules, and keep getting the error pointing to either the ; or the =
???????
netsports
Can you use it like this
Dim sID
sID=request.QueryString("id")
sql="SELECT firstname,lastname from general where geid = ' "&sID&" '
". <Remove space between double quote and single quote>
.... and just when it works this is so VERY DANGEROUS,
as putting a request.QueryString() value directly into a SQL string
without thorough validation, is inviting being severely hacked by sql-
injection, puting your whole database for the hacking world to duplicate,
change and destroy. And sometimes even to allow the hacker to insert a
shell command in the string and opening your HD drives to him.
[.. or her. Are there female hackers btw?]
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Why don't you just leave off the ; ?
Bob Lehmann
".Net Sports" <ba********@cox.netwrote in message
news:11**********************@p10g2000cwp.googlegr oups.com...
I get an incorrect syntax error pointing to the semicolon when I run
this sql statement with a dynamic querystring (geid is primary key
integer datatype):
sql="SELECT firstname,lastname from general where geid = " &
request.QueryString("id") & ";"
..i've tried every possible combination, obviously breaking syntax
rules, and keep getting the error pointing to either the ; or the =
???????
netsports
"Evertjan." <ex**************@interxnl.netwrote in message
news:Xn********************@194.109.133.242...
[.. or her. Are there female hackers btw?]
No. Only wives and girlfriends of hackers who can often be heard asking,
"When are you going to get off that
@#$% COMPUTER?"
--
Roland Hall
Roland Hall wrote on 12 feb 2007 in
"Evertjan." <ex**************@interxnl.netwrote in message
>[.. or her. Are there female hackers btw?]
No. Only wives and girlfriends of hackers who can often be heard
asking, "When are you going to get off that
@#$% COMPUTER?"
Evidently from personal experience, Roland.
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
"Roland Hall" <nobody@nowherewrote in message
news:%2****************@TK2MSFTNGP04.phx.gbl...
"Evertjan." <ex**************@interxnl.netwrote in message
news:Xn********************@194.109.133.242...
>[.. or her. Are there female hackers btw?]
No. Only wives and girlfriends of hackers who can often be heard asking,
"When are you going to get off that
@#$% COMPUTER?"
Sorry. I do not believe that for one second.
There is absolutely NO WAY that any half decent hacker would leave their
computer long enough to expose themselves to the possibility of meeting
someone of the opposite sex.
You are mistaking hackers for developers, I reckon.
"Evertjan." <ex**************@interxnl.netwrote in message
news:Xn********************@194.109.133.242...
Roland Hall wrote on 12 feb 2007 in
>"Evertjan." <ex**************@interxnl.netwrote in message
>>[.. or her. Are there female hackers btw?]
No. Only wives and girlfriends of hackers who can often be heard
asking, "When are you going to get off that
@#$% COMPUTER?"
Evidently from personal experience, Roland.
Evidently, although my hat is gray! (O;=
--
Roland Hall
"Mike Brind" <du***@newsgroups.comwrote in message
news:u2**************@TK2MSFTNGP02.phx.gbl...
>
"Roland Hall" <nobody@nowherewrote in message
news:%2****************@TK2MSFTNGP04.phx.gbl...
>"Evertjan." <ex**************@interxnl.netwrote in message
news:Xn********************@194.109.133.242...
>>[.. or her. Are there female hackers btw?]
No. Only wives and girlfriends of hackers who can often be heard asking,
"When are you going to get off that
@#$% COMPUTER?"
Sorry. I do not believe that for one second.
There is absolutely NO WAY that any half decent hacker would leave their
computer long enough to expose themselves to the possibility of meeting
someone of the opposite sex.
You are mistaking hackers for developers, I reckon.
Pr( * Y * )n & h3x1n g0 2g3th3r
--
Roland Hall This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Chris Connett |
last post by:
I have an interesting problem with eval().
---Background Info---
The program I'm working on launches a separate process with a popen to
do some highly specialized processing of input, then this...
|
by: Jim Hill |
last post by:
I've done some Googling around on this and it seems like creating a here
document is a bit tricky with Python. Trivial via triple-quoted strings
if there's no need for variable interpolation but...
|
by: Bryan Olson |
last post by:
The Python slice type has one method 'indices', and reportedly:
This method takes a single integer argument /length/ and
computes information about the extended slice that the slice
object would...
|
by: krzychu |
last post by:
Hi,
I have installed brand new platform - Zope-2-7-6, Python 2.4.1, Plone
2.0.5, OS Debian 1:3.3.6-2.
After import a old Plone site from the following platform
Zope-2-7-4, Python 2.3.3, Plone...
|
by: headware |
last post by:
I know that you can call the method of one from from inside another
form by doing something like this
Forms("MyForm").MyFunction(12, 34)
However, you have to know that MyForm has a function...
|
by: al |
last post by:
char s = "This string literal";
or
char *s= "This string literal";
Both define a string literal. Both suppose to be read-only and not to be
modified according to Standard. And both have...
|
by: Aaron Queenan |
last post by:
I have the following in the idl for a COM collection:
HRESULT
Item( VARIANT* Index, LPDISPATCH* punk);
This allows VBA to access objects in the collection using the syntax
collection("key")...
|
by: Tom Larard |
last post by:
Hi,
We have an app which uses the latest version of perl DBI and DBD::Pg to
execute a query, using placeholders. It fails to cast the float I send
into a number and generates the following...
|
by: raylopez99 |
last post by:
Inspired by Chapter 8 of Albahari's excellent C#3.0 in a Nutshell
(this book is amazing, you must get it if you have to buy but one C#
book) as well as Appendix A of Jon Skeet's book, I am going...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
