Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > Assistance with ASP Redirect

Reply
Thread Tools

Assistance with ASP Redirect

 
 
Endora
Guest
Posts: n/a
 
      08-12-2004
Hello,

The database I'm working with has these 2 fields:

- "CD", which stands for "Consolidated Design Number" (not Compact
DISC)

and

- "URL", which is the full URL (http://...)

Users need to be able to type a CD number into a form text box and,
upon submission, be redirected to a non-database-driven html index
(home page) for all the info associated with that paricular CD. A
drop-down might be simpler, but it would be way too long since there
are many, many numbers.

Here's what I have. Can't seem to get it to work.

Any assistance would be very much appreciated. Thanks!

<%
sDSN = "Driver={Microsoft Access Driver
(*.mdb)};Dbq=path-to-my-db.mdb;"
%>
<%
set ac = CreateObject("ADODB.Connection")
set ar = CreateObject("ADODB.Recordset")
ac.Open sDSN '"DSN=my-db","myuser","mypass"
sSQL = "SELECT URL FROM mytable WHERE CD=" & Request.Form("CD")
set ar = ac.Execute(sSQL)
if NOT ar.EOF then
URL = ar("URL")
Response.Redirect url
else
' new customer or bad ID
End If
%>
 
Reply With Quote
 
 
 
 
Evertjan.
Guest
Posts: n/a
 
      08-12-2004
Endora wrote on 12 aug 2004 in microsoft.public.inetserver.asp.general:

> Any assistance would be very much appreciated. Thanks!
>
> <%
> sDSN = "Driver={Microsoft Access Driver
> (*.mdb)};Dbq=path-to-my-db.mdb;"
> %>
> <%
> set ac = CreateObject("ADODB.Connection")
> set ar = CreateObject("ADODB.Recordset")
> ac.Open sDSN '"DSN=my-db","myuser","mypass"
> sSQL = "SELECT URL FROM mytable WHERE CD=" & Request.Form("CD")
> set ar = ac.Execute(sSQL)
> if NOT ar.EOF then
> URL = ar("URL")
> Response.Redirect url
> else
> ' new customer or bad ID
> End If
> %>
>


Do use the Jet engine driver.
You do not use and need a recordset here.
The permissions for the database path must be OK.

<%
set CONNECT = server.CreateObject("ADODB.Connection")
CONNECT.Open "PROVIDER=Microsoft.Jet.OLEDB.4.0;DATA SOURCE="_
& Server.MapPath("/db/your.mdb") & ";"

sSQL = "SELECT URL FROM mytable WHERE CD=" & Request.Form("CD")
set dat=CONNECT.Execute(sSQL)
if not dat.eof then Response.Redirect dat("URL")

response.write "Something is very wrong here"
%>

The above using of Request.Form("CD") directly in an SQL string is
dangeroes, because a hacker can get entry in your database by injection.
Validate the result first as an integer number!

If there is more than one record with the same CD, only one is used.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
 
Reply With Quote
 
 
 
 
Endora
Guest
Posts: n/a
 
      08-13-2004
This worked beautifully, thank you, Evertjan!

One note: "CD number" is a bit of a misnomer. My fault, I didn't
explain properly. It should probably just be called "CD Value", but
the misleading name is beyond my control...

At any rate, in the DB it is not an integer, so I actually ended up
with:

sSQL = "SELECT URL FROM mytable WHERE CD='" &
Request.QueryString("CD") & "'"

Again, much appreciated. It is up and running.
 
Reply With Quote
 
Evertjan.
Guest
Posts: n/a
 
      08-13-2004
Endora wrote on 13 aug 2004 in microsoft.public.inetserver.asp.general:
> sSQL = "SELECT URL FROM mytable WHERE CD='" &
> Request.QueryString("CD") & "'"


It is very dangerous to put a clientside string like
Request.QueryString("CD")
directly in the SQL.

Hackers can easily construct a string for http://mysite,com/db.asp?CD=...
that alters or deletes part of your database!

So again always validate the querystring first.

See: What is SQL Injection?
<http://www.4guysfromrolla.com/webtech/061902-1.shtml> and more

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Response.redirect does not redirect from .aspx page =?Utf-8?B?VHJveQ==?= ASP .Net 3 10-15-2008 09:07 PM
global filter to redirect asp (old asp!) pages on asp.net site Daves ASP .Net 2 05-31-2006 08:33 AM
Need Assistance: session state error - ASP v1.1 vs ASP v2.0 =?Utf-8?B?bWFzdGVybWluZA==?= ASP .Net 0 12-07-2005 04:30 PM
Redirect to secure FTP site via response.redirect Ron Howard ASP General 2 08-11-2004 07:40 PM
Basic Q - Response.Redirect, all redirect to first Response.Redirect statement Sal ASP .Net Web Controls 1 05-15-2004 03:46 PM



Advertisments