ASP query string placed in Javascript [Archive]

View Full Version : ASP query string placed in Javascript

dude9er

07-26-2008, 12:34 AM

I have a query string which I'm requesting via this code:

cityList = request.querystring("cityList")

I need to place the value of this parameter into this Javascript and am not sure how to do it. The result goes in the bold cityList value. Can someone help me out?

callSearch('05664621','','Y','N','N','MEX','',cityList,'JFK','','#F5F5F5');

THANKS

chud_wallice

07-26-2008, 01:40 PM

callSearch('05664621','','Y','N','N','MEX','','<%=cityList%>','JFK','','#F5F5F5');

how does that work for you?

dude9er

07-26-2008, 07:20 PM

thanks chud, worked great.

Spudhead

07-30-2008, 04:36 PM

You should potentially be aware that:
yourpage.asp?cityList=');alert('pwned')//
will result in your page not behaving as it should. There are nastier things that people can do than popup an alert, too. Always clean your input before using it. :thumbsup:

brazenskies

07-30-2008, 05:15 PM

always use replace function.

cityList = replace(request.querystring("cityList"),"'","''")