Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > include virtual ------ variable

Reply
Thread Tools

include virtual ------ variable

 
 
rd
Guest
Posts: n/a
 
      08-26-2004
I wanted to do this:
<!-- #include virtual = <%=request("page")%> -->

But, that's doesn't work. Help?!

I have a static "container" asp page. Based on a querystring variable, I
want the container page to include the appropriate content from another file
in my web space.

Static includes are cake:
<!-- #include virtual="filename.htm" -->
What if I want "filename" to be a variable, read from querystring?


 
Reply With Quote
 
 
 
 
Evertjan.
Guest
Posts: n/a
 
      08-26-2004
rd wrote on 26 aug 2004 in microsoft.public.inetserver.asp.general:

> Static includes are cake:
> <!-- #include virtual="filename.htm" -->
> What if I want "filename" to be a variable, read from querystring?
>


You cannot, because #include is executed [read 'included'] before(!!!) the
asp interpreting.

Try:

<%
Server.execute request.querystring("blah.asp")
%>

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress,
but let us keep the discussions in the newsgroup)

 
Reply With Quote
 
 
 
 
rd
Guest
Posts: n/a
 
      08-26-2004
Thank you! I figured the order of execution was the reason. Didn't know
about server.execute.

This works:
server.execute(request("pg"))

When I refer to mypage.asp?pg=whatever.htm, it includes whatever.htm the way
I wanted.

Thanks again.

-rd



"Evertjan." <(E-Mail Removed)> wrote in message
news:Xns9551EFF30A355eejj99@194.109.133.29...
> rd wrote on 26 aug 2004 in microsoft.public.inetserver.asp.general:
>
> > Static includes are cake:
> > <!-- #include virtual="filename.htm" -->
> > What if I want "filename" to be a variable, read from querystring?
> >

>
> You cannot, because #include is executed [read 'included'] before(!!!) the
> asp interpreting.
>
> Try:
>
> <%
> Server.execute request.querystring("blah.asp")
> %>
>
> --
> Evertjan.
> The Netherlands.
> (Please change the x'es to dots in my emailaddress,
> but let us keep the discussions in the newsgroup)
>



 
Reply With Quote
 
Evertjan.
Guest
Posts: n/a
 
      08-27-2004
rd wrote on 26 aug 2004 in microsoft.public.inetserver.asp.general:

> Thank you! I figured the order of execution was the reason. Didn't
> know about server.execute.
>
> This works:
> server.execute(request("pg"))
>
> When I refer to mypage.asp?pg=whatever.htm, it includes whatever.htm
> the way I wanted.


Beware, this will not always execute the file you wanted.

The joy of serversidedness [like singlemindedness ] is that you have
perfect control without the client interfering.

And now you give away the key of your include back to the client, so any
hacker can include another file of yours, possibly even opening a way to
sql-injection and corrupting your database, if you are using databases.

Furthermore [if you are stil determined to do it this way] always use:
request.querystring("pg")), otherwise if the querystring 'pg' is not
found, a cookie or any other request variable could be read.

So why not restrict the choices to the ones you think are safe:

r = request.querystring("pg")
if r="whatever.htm" or r="whateverelse.htm" then
server.execute(r)
else
response.write "Hacker !":response.end
end if

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress,
but let us keep the discussions in the newsgroup)

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
include virtual in virtual directory? rockdale ASP General 3 09-04-2008 02:36 PM
/* #include <someyhing.h> */ => include it or do not include it?That is the question .... Andreas Bogenberger C Programming 3 02-22-2008 10:53 AM
Re: the use of #include <a_file.h> v/s #include"a_file.cpp" Elie Nader C++ 1 11-28-2003 03:12 PM
Re: the use of #include <a_file.h> v/s #include"a_file.cpp" Rolf Magnus C++ 2 11-28-2003 12:26 PM
#include "bar" negates #include <string> ; how to fix? Danny Anderson C++ 5 08-15-2003 06:38 PM



Advertisments