Hi everybody I have got the following PHP code which I am trying to convert to
ASP any help will be appreciated...I have done most of it but I cant find a
replace function for Unset in asp which will discard the variable alltogether...
if ($categoryid == "all")
{
$sql = "SELECT * FROM products where shopinspection= $shopinspection ";
unset($HTTP_POS T_VARS['categoryid']);
unset($HTTP_POS T_VARS['shopinspection ']);
}
else
{
$sql = "SELECT * FROM products where categoryid = $categoryid";
unset($HTTP_POS T_VARS['categoryid']);
}
unset($HTTP_POS T_VARS['Submit']);
while (list($key, $value) = each($HTTP_POST _VARS))
{
if ($value != "" )
{
$sql = $sql .=" AND $key=$value";
//$sql = $sql .=" AND solesource = $solesource";
//echo "<strong>$value </strong>";
}
} 7 1850
I take it you are talking about ASP.Net...you won't be able to unset
Request.Param values in ASP.Net since these values are in a readonly
collection. From the brief code you've shown, I take it you want to
"unset" these values because you are looping through the collection and
don't want them to show up in your dump. You'll have to create an string[]
of keys you don't want and as you are looping through the collection, make
sure the key isn't in your string[].
Karl
--
MY ASP.Net tutorials http://www.openmymind.net/
<fa*****@yahoo. com> wrote in message news:cl******** *@drn.newsguy.c om... Hi everybody I have got the following PHP code which I am trying to
convert to ASP any help will be appreciated...I have done most of it but I cant find
a replace function for Unset in asp which will discard the variable
alltogether...
if ($categoryid == "all") { $sql = "SELECT * FROM products where shopinspection= $shopinspection "; unset($HTTP_POS T_VARS['categoryid']); unset($HTTP_POS T_VARS['shopinspection ']); } else { $sql = "SELECT * FROM products where categoryid = $categoryid"; unset($HTTP_POS T_VARS['categoryid']); } unset($HTTP_POS T_VARS['Submit']); while (list($key, $value) = each($HTTP_POST _VARS)) { if ($value != "" ) { $sql = $sql .=" AND $key=$value"; //$sql = $sql .=" AND solesource = $solesource"; //echo "<strong>$value </strong>"; } }
thanks Karl but can you give me an example on how to do it I am including my asp
code which I somehow made it but it is not working....than ks again for your
help...
if categoryid = "all" Then
sql = "SELECT * FROM products where shopinspection= "& shopinspection &""
Else
sql = "SELECT * FROM products where "
End If
For x = 1 To (formcount - 1)
If Request.Form.it em(x) <> "" Then
sql = sql & Request.Form.Ke y(x) &"="& Request.Form.It em(x) &""
sql = sql & " And "
End If
Next
In article <#n************ **@TK2MSFTNGP09 .phx.gbl>, Karl Seguin says... I take it you are talking about ASP.Net...you won't be able to unset Request.Para m values in ASP.Net since these values are in a readonly collection. From the brief code you've shown, I take it you want to "unset" these values because you are looping through the collection and don't want them to show up in your dump. You'll have to create an string[] of keys you don't want and as you are looping through the collection, make sure the key isn't in your string[].
Karl
-- MY ASP.Net tutorials http://www.openmymind.net/
<fa*****@yahoo .com> wrote in message news:cl******** *@drn.newsguy.c om... Hi everybody I have got the following PHP code which I am trying to convert to ASP any help will be appreciated...I have done most of it but I cant find a replace function for Unset in asp which will discard the variable alltogether. ..
if ($categoryid == "all") { $sql = "SELECT * FROM products where shopinspection= $shopinspection "; unset($HTTP_POS T_VARS['categoryid']); unset($HTTP_POS T_VARS['shopinspection ']); } else { $sql = "SELECT * FROM products where categoryid = $categoryid"; unset($HTTP_POS T_VARS['categoryid']); } unset($HTTP_POS T_VARS['Submit']); while (list($key, $value) = each($HTTP_POST _VARS)) { if ($value != "" ) { $sql = $sql .=" AND $key=$value"; //$sql = $sql .=" AND solesource = $solesource"; //echo "<strong>$value </strong>"; } }
I'm considered that you are talking about ASP and not ASP.Net (even though
you posted to the ASP.Net newgroup). Anyways, you'll want to do something
like:
Dim exclude() As String = {"categoryid ", "shopinspection ", "Submit"}
For i As Integer = 0 To Request.Form.Co unt
Dim key As String = Request.Form.Ge tKey(i)
If Not ItemExistsInArr ay(key, exclude) Then
sql = sql & key & "=" & Request.Form(i) & ""
sql = sql & " And "
End If
Next
Private Function ItemExistsInArr ay(ByVal item As String, ByVal array() As
String) As Boolean
For i As Integer = 0 To array.Length - 1
If String.Compare( item, array(0), True) = 0 Then
Return True
End If
Next
Return False
End Function
If this is ASP.Net, you will need to add items to the exclude array, such as
__VIEWSTATE and the other hidden fields asp.net adds.
Karl
--
MY ASP.Net tutorials http://www.openmymind.net/
<fa*****@yahoo. com> wrote in message news:cl******** @drn.newsguy.co m... thanks Karl but can you give me an example on how to do it I am including
my asp code which I somehow made it but it is not working....than ks again for
your help...
if categoryid = "all" Then sql = "SELECT * FROM products where shopinspection= "& shopinspection
&"" Else sql = "SELECT * FROM products where " End If
For x = 1 To (formcount - 1) If Request.Form.it em(x) <> "" Then sql = sql & Request.Form.Ke y(x) &"="& Request.Form.It em(x) &"" sql = sql & " And " End If Next
In article <#n************ **@TK2MSFTNGP09 .phx.gbl>, Karl Seguin says... I take it you are talking about ASP.Net...you won't be able to unset Request.Para m values in ASP.Net since these values are in a readonly collection. From the brief code you've shown, I take it you want to "unset" these values because you are looping through the collection and don't want them to show up in your dump. You'll have to create an
string[]of keys you don't want and as you are looping through the collection,
makesure the key isn't in your string[].
Karl
-- MY ASP.Net tutorials http://www.openmymind.net/
<fa*****@yahoo .com> wrote in message news:cl******** *@drn.newsguy.c om... Hi everybody I have got the following PHP code which I am trying to convert to ASP any help will be appreciated...I have done most of it but I cant
finda replace function for Unset in asp which will discard the variable alltogether. ..
if ($categoryid == "all") { $sql = "SELECT * FROM products where
shopinspection= $shopinspection "; unset($HTTP_POS T_VARS['categoryid']); unset($HTTP_POS T_VARS['shopinspection ']); } else { $sql = "SELECT * FROM products where categoryid = $categoryid"; unset($HTTP_POS T_VARS['categoryid']); } unset($HTTP_POS T_VARS['Submit']); while (list($key, $value) = each($HTTP_POST _VARS)) { if ($value != "" ) { $sql = $sql .=" AND $key=$value"; //$sql = $sql .=" AND solesource = $solesource"; //echo "<strong>$value </strong>"; } }
If this php code is production code you need to immediately fix a HUGE
security hole in it! NEVER, EVER, EVER blindly take user input and create
dynamic sql with it! Look up sql injection attacks for more information on
this. The short story is that I can send you a parameter like " 1; DROP
TABLE someTable -- ". This makes your sql look like "SELECT * FROM products
where shopinspection= 1; DROP TABLE someTable --and foo=bar" the -- at the
end comments everything else out so that no errors are even thrown. You need
to fix this immediately. Also, it's considered bad form to just loop through
every parameter passed in, you should only read parameters you are expecting.
Scott Simons wrote: If this php code is production code you need to immediately fix a HUGE security hole in it! NEVER, EVER, EVER blindly take user input and create dynamic sql with it! Look up sql injection attacks for more information on this. The short story is that I can send you a parameter like " 1; DROP TABLE someTable -- ". This makes your sql look like "SELECT * FROM products where shopinspection= 1; DROP TABLE someTable --and foo=bar" the -- at the end comments everything else out so that no errors are even thrown. You need to fix this immediately. Also, it's considered bad form to just loop through every parameter passed in, you should only read parameters you are expecting.
Scott, PHP has by default "magic quoting" which automagically escapes
strings in request variables. So it's safe, to some extent.
Sorry to disappoint!
This is still something that they need to look at if they are porting to asp
or asp.net. Also, that's still pretty stupid to just blindly loop through
the query string and tack it onto a sql query.
Scott Simons wrote: This is still something that they need to look at if they are porting to asp or asp.net. Also, that's still pretty stupid to just blindly loop through the query string and tack it onto a sql query.
I don't dispute that. I don't like magic_quotes either but it's the way
life is. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: leegold2 |
last post by:
Is there a way I can "dispose" of an array. For example I need to use an
array for short time in a script. After I've used that data structure I
want to dispose of it to free-up resources. Is there a way? Thanks, Lee G.
|
by: Kai Grossjohann |
last post by:
On unload of a page, I store the current scrollbar position (ie,
window.pageXOffset and window.pageYOffset) into a cookie. On load of
that same page, I fetch the information from that cookie and scroll
the window accordingly.
I used the name "remember_scrolling" for the function doing the store,
and "recall_scrolling" for the function doing the fetch. (There is
also a function which deletes the cookie. It is named
"forget_scrolling".)
|
by: fasanay |
last post by:
Hi everybody I have got the following PHP code which I am trying to convert to
ASP any help will be appreciated...I have done most of it but I cant find a
replace function for Unset in asp which will discard the variable alltogether...
if ($categoryid == "all")
{
$sql = "SELECT * FROM products where shopinspection=$shopinspection";
unset($HTTP_POST_VARS);
unset($HTTP_POST_VARS);
|
by: juglesh |
last post by:
"$string = isset($xyz) ? $xyz : "something else";"
Hello, someone gave code like this in another thread. I understand (by
inference) what it does, but have not found any documentation on this
type of syntax.
Any one have links to this shortuct(?) syntax and other types of
syntax?
thanks
|
by: royaltiger |
last post by:
I am trying to copy the inventory database in Building Access Applications
by John L Viescas but when i try to run the database i get an error in the
orders form when i click on the allocate button "Unexpected Error":3251
operation is not supported for this type of object.The demo cd has two
databases, one is called inventory and the other just has the tables for the
design called inventory data. When you run inventory the database works...
| |
by: laredotornado |
last post by:
Hi,
I'm using PHP 4.4.4 on Apache 2 on Fedora Core 5. PHP was installed
using Apache's apxs and the php library was installed to
/usr/local/php. However, when I set my "error_reporting" setting to be
"E_ALL", notices are still not getting reported. The perms on my file
are 664, with owner root and group root. The php.ini file is located
at /usr/local/lib/php/php.ini. Any ideas why the setting does not seem
to be having an effect? ...
|
by: Brian Kendig |
last post by:
How do I take an index of a literal array, instead of a variable?
That is, say I want to get the short name of a month. Can I do
something like:
$monthname = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug",
"Sep", "Oct", "Nov", "Dec");
or do I always have to do:
|
by: eragon |
last post by:
I wrote this function to create a new file when the user posts in my forums, and its not creating a new file, can you help me? this script is not copyrighted as the last one.
function createNewFile($name,$mail,$subject,$comments,$count,$date,$other="",$up="0") {
global $settings;
$header=implode('',file('header.txt'));
$footer=implode('',file('footer.txt'));
$content='
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">...
|
by: mantrid |
last post by:
I was thinking along these lines initially but didnt know much about arrays.
So thought the easiest way was to use two separate fields. However the two
fields match, in that the commar separated numbers in one field match the
commar separated numbers in the other.
Ive used
$percentarray = explode(",", $brpercentgroup);
to create two separate keyed arrays for each field.
If I combined the fields (easy at this stage as the table has only...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
| |
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |