...

View Full Version : Store sql Query



cs168
09-01-2005, 03:08 PM
I get an "pkgtype" from previous page base on the user selection then only go to a page consist below sql statement,



sql= "select * from tblFiles where Pkgtype like '%"&request.form("Pkgtype")&"' order by WorkWeek DESC"


My question is how can I store the '%"&request.form("Pkgtype")&"' so that when the user refresh or click on next page it still giving the same sql query statement.
Appreciated & all advise are welcome.Tks

Spudhead
09-01-2005, 03:13 PM
Two ways I can think of. One is to put the value in a session variable; that way any page can access it. The other is to pass the value as querystring data rather than in the form itself. Then you can drop the same querystring into any href's you need to create.

neocool00
09-01-2005, 03:17 PM
Assuming that you are using a link to go to the next page, you could do this.

First, change the sql statement to this:

sql= "select * from tblFiles where Pkgtype like '%" & request("Pkgtype") & "' order by WorkWeek DESC"
Next, for your link to the next page just add this:

...?Pkgtype=<%=request("Pkgtype")%>...
While it is a good idea to use Request.Form when you know that a request variable is/was posted, you can use a generic Request to capture post or get variables. The only time you will get into trouble with this is if you post and get a variable with the same name.

cs168
09-01-2005, 03:40 PM
Two ways I can think of. One is to put the value in a session variable; that way any page can access it. The other is to pass the value as querystring data rather than in the form itself. Then you can drop the same querystring into any href's you need to create.
How can I do in session variable and also querystring data? Pls explain in more detail tks.

cs168
09-01-2005, 03:47 PM
Assuming that you are using a link to go to the next page, you could do this.

First, change the sql statement to this:

sql= "select * from tblFiles where Pkgtype like '%" & request("Pkgtype") & "' order by WorkWeek DESC"
Next, for your link to the next page just add this:

...?Pkgtype=<%=request("Pkgtype")%>...
While it is a good idea to use Request.Form when you know that a request variable is/was posted, you can use a generic Request to capture post or get variables. The only time you will get into trouble with this is if you post and get a variable with the same name.
My Code:


pagelink = "browsebypkg.asp?"
firstpage = pagelink & "&page=1"
prevpage = pagelink & "&page=" & (page-1)
nextpage = pagelink & "&page=" & (page+1)
lastpage = pagelink & "&page=" & FinalPage
Where Can I insert this into my code?

...?Pkgtype=<%=request("Pkgtype")%>...

Tks
for help

rrhodes
09-02-2005, 05:56 AM
I know it's a little off your topic, but you REALLY should not pass an un-checked QueryString parm directly into your SQL. You will leave yourself wide open to SQL injection attacks that can gain access to your data, even delete it.

Do a google on "SQL Injection Attacks" and learn more...

neocool00
09-02-2005, 02:58 PM
@cs168

pagelink = "browsebypkg.asp?Pkgtype=<%=request("Pkgtype")%>"
firstpage = pagelink & "&page=1"
prevpage = pagelink & "&page=" & (page-1)
nextpage = pagelink & "&page=" & (page+1)
lastpage = pagelink & "&page=" & FinalPage
@rrhodes,

sql= "select * from tblFiles where Pkgtype like '%" & Replace(request("Pkgtype"), "'", "''") & "' order by WorkWeek DESC"

cs168
09-02-2005, 05:45 PM
Msg Deleted

cs168
09-02-2005, 05:56 PM
Hi Neocool00,
How can I add another variable after the pkgtype? for example request "sww"



pagelink = "browsebypkg.asp? Pkgtype="&request("Pkgtype")
firstpage = pagelink & "&page=1"
prevpage = pagelink & "&page=" & (page-1)
nextpage = pagelink & "&page=" & (page+1)
lastpage = pagelink & "&page=" & FinalPage



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum