Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9

Thread: Store sql Query

  1. #1
    New Coder
    Join Date
    Aug 2005
    Posts
    52
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Store sql Query

    I get an "pkgtype" from previous page base on the user selection then only go to a page consist below sql statement,

    Code:
    sql= "select * from tblFiles where Pkgtype like '%"&request.form("Pkgtype")&"' order by  WorkWeek DESC"
    My question is how can I store the '%"&request.form("Pkgtype")&"' so that when the user refresh or click on next page it still giving the same sql query statement.
    Appreciated & all advise are welcome.Tks

  • #2
    Senior Coder Spudhead's Avatar
    Join Date
    Jun 2002
    Location
    London, UK
    Posts
    1,856
    Thanks
    8
    Thanked 110 Times in 109 Posts
    Two ways I can think of. One is to put the value in a session variable; that way any page can access it. The other is to pass the value as querystring data rather than in the form itself. Then you can drop the same querystring into any href's you need to create.

  • #3
    Regular Coder
    Join Date
    Sep 2004
    Posts
    152
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Assuming that you are using a link to go to the next page, you could do this.

    First, change the sql statement to this:
    Code:
    sql= "select * from tblFiles where Pkgtype like '%" & request("Pkgtype") & "' order by  WorkWeek DESC"
    Next, for your link to the next page just add this:
    Code:
    ...?Pkgtype=<%=request("Pkgtype")%>...
    While it is a good idea to use Request.Form when you know that a request variable is/was posted, you can use a generic Request to capture post or get variables. The only time you will get into trouble with this is if you post and get a variable with the same name.

  • #4
    New Coder
    Join Date
    Aug 2005
    Posts
    52
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Spudhead
    Two ways I can think of. One is to put the value in a session variable; that way any page can access it. The other is to pass the value as querystring data rather than in the form itself. Then you can drop the same querystring into any href's you need to create.
    How can I do in session variable and also querystring data? Pls explain in more detail tks.

  • #5
    New Coder
    Join Date
    Aug 2005
    Posts
    52
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by neocool00
    Assuming that you are using a link to go to the next page, you could do this.

    First, change the sql statement to this:
    Code:
    sql= "select * from tblFiles where Pkgtype like '%" & request("Pkgtype") & "' order by  WorkWeek DESC"
    Next, for your link to the next page just add this:
    Code:
    ...?Pkgtype=<%=request("Pkgtype")%>...
    While it is a good idea to use Request.Form when you know that a request variable is/was posted, you can use a generic Request to capture post or get variables. The only time you will get into trouble with this is if you post and get a variable with the same name.
    My Code:
    Code:
    pagelink = "browsebypkg.asp?"
    firstpage = pagelink & "&page=1"
    prevpage = pagelink & "&page=" & (page-1)
    nextpage = pagelink & "&page=" & (page+1)
    lastpage = pagelink & "&page=" & FinalPage
    Where Can I insert this into my code?
    Code:
    ...?Pkgtype=<%=request("Pkgtype")%>...
    Tks
    for help

  • #6
    New Coder
    Join Date
    Aug 2005
    Posts
    25
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I know it's a little off your topic, but you REALLY should not pass an un-checked QueryString parm directly into your SQL. You will leave yourself wide open to SQL injection attacks that can gain access to your data, even delete it.

    Do a google on "SQL Injection Attacks" and learn more...
    Robert
    Gee! Web Tools
    Web Content Management / Internet Marketing modules including:
    Page Editor - Calendar Manager - News Editor - Contact Organizer - Mail Wizard

  • #7
    Regular Coder
    Join Date
    Sep 2004
    Posts
    152
    Thanks
    0
    Thanked 0 Times in 0 Posts
    @cs168
    Code:
    pagelink = "browsebypkg.asp?Pkgtype=<%=request("Pkgtype")%>"
    firstpage = pagelink & "&page=1"
    prevpage = pagelink & "&page=" & (page-1)
    nextpage = pagelink & "&page=" & (page+1)
    lastpage = pagelink & "&page=" & FinalPage
    @rrhodes,
    Code:
    sql= "select * from tblFiles where Pkgtype like '%" & Replace(request("Pkgtype"), "'", "''") & "' order by  WorkWeek DESC"

  • #8
    New Coder
    Join Date
    Aug 2005
    Posts
    52
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Msg Deleted
    Last edited by cs168; 09-03-2005 at 06:50 PM.

  • #9
    New Coder
    Join Date
    Aug 2005
    Posts
    52
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi Neocool00,
    How can I add another variable after the pkgtype? for example request "sww"

    Code:
    pagelink = "browsebypkg.asp? Pkgtype="&request("Pkgtype") 
    firstpage = pagelink & "&page=1"
    prevpage = pagelink & "&page=" & (page-1)
    nextpage = pagelink & "&page=" & (page+1)
    lastpage = pagelink & "&page=" & FinalPage
    Last edited by cs168; 09-03-2005 at 06:57 PM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •