Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 14 of 14
  1. #1
    Regular Coder
    Join Date
    Aug 2008
    Posts
    133
    Thanks
    14
    Thanked 0 Times in 0 Posts

    Passing multiple parameters in a URL?

    I have the following URL:

    http://mysite.uk/ysgol/Schools/Schoo...chool_type=pru

    I want to bring back results where schools type is both "pru" and "S". How do I do this?

    I thought I could say

    http://mysite.uk/ysgol/Schools/Schoo...ool_type=pru&S

    or

    http://mysite.uk/ysgol/Schools/Schoo...&School_type=S

    but neither of these work.


    Thanks.

  • #2
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,020
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    Depends *ENTIRELY* on the page you are hitting!

    *PROBABLY* if it is an ASP page you would do the last of those.

    But if that page was not set up to allow multiple values, then NOTHING you can pass it in the QS will work.

    Show the ASP code and maybe we can help.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #3
    Regular Coder
    Join Date
    Aug 2008
    Posts
    133
    Thanks
    14
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Old Pedant View Post
    Depends *ENTIRELY* on the page you are hitting!

    *PROBABLY* if it is an ASP page you would do the last of those.

    But if that page was not set up to allow multiple values, then NOTHING you can pass it in the QS will work.

    Show the ASP code and maybe we can help.
    Hi,

    It is an ASP page. Have tried the last of those but it only brings back results containing the first parameter.

    The whole script is huge but the querystring part if as below. I've edited it a bit to try to work with multiple variables (from a tutorial) but still no luck -- it's just ignoring the second parameter.

    Code:
    for i=1 to Request.QueryString("School_type").Count
      Response.Write(Request.QueryString("School_type")(i) & "<br />")
    SchoolType = Request.QueryString("School_type")
    next
    Thanks.

  • #4
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,020
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    Have to show more code than that.

    Have to show where it is building up the SQL query.

    That code is simply picking the *last* School_Type found, by the way.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #5
    Regular Coder
    Join Date
    Aug 2008
    Posts
    133
    Thanks
    14
    Thanked 0 Times in 0 Posts
    Hi, I know this is an old post now but any help would be much appreciated. It's not a script I wrote myself and I'm stuck with how to edit it so that I can link to it with two values for 'school type'. Posted the whole thing as I'm not sure which part is most relevant. Thanks.


    Code:
    <!-- #include virtual = "/ssi/_newcmsinetheader.asp" -->
    <%call pageheader_div("School Search Facility","","","", "ENG")%>
    
    
    
    		<div style="left: 62px; top: 0px; position: absolute;">
    			<div class="topnav"><a href="javascript:history.go(-1)" title="Previous Page">Previous Page</a>
    		    	</div>
    		</div>
    	
    
    <%
    
    'See if this page has been requested in Welsh!
    Language = request.querystring("Language")
    
    
    for i=1 to Request.QueryString("School_type").Count
      Response.Write(Request.QueryString("School_type")(i) & "<br />")
    SchoolType = Request.QueryString("School_type")
    next
    
    
    	
    	  if isnull(SchoolType) or SchoolType = "" then 
    	  
    
    	
    	  	
    
    'Collect the Search terms from the form plus strip some characters!
    
    sname = request.form("name")
    
    
    
    sarea = request.form("area")
    
    
    stype = request.form("School_type")
    
    
    scontrol = request.form("control")
    
    
    smedium = request.form("medium") 
    
    
    sward = request.form("ward")
    
    
    shead = request.form("head")
    
    
    
    
    'This tells us where the user come from so we can redirect them after they have filled in the form!
    strRefer = Request.ServerVariables("HTTP_REFERER")	
    
    
    'Puts this value into a hidden field to pass onto the next page!!
    
    %>
    
    <%
    Set objRS = Server.CreateObject("ADODB.Recordset")
    
    	
    if sname = "" and sarea = "" and stype = "%" and scontrol = "%" and smedium = "%" and sward = "%" and shead = "" then
    
    	
    	strSQL= "SELECT BASE_ID, BASE_NAME, MEDIUM, TELEPHONE, TELE_EXTRA, FAX, EMAIL_ADDR, address1, address2, town, postcode, HEADTEACHER  FROM base_web_info 
    
    ORDER BY BASE_NAME"
    
    
    
    	elseif stype = "sf" then 'User has selected a sixth form school
    		strSQL= "SELECT BASE_ID, BASE_NAME, MEDIUM, TELEPHONE, TELE_EXTRA, FAX, EMAIL_ADDR, address1, address2, town, postcode, HEADTEACHER  FROM 
    
    base_web_info WHERE sixth_form = 'Y'  AND (address1 LIKE '%" & sarea & "%' OR address2 LIKE '%" & sarea & "%') AND BASE_NAME LIKE '%" & sname & "%' AND Control 
    
    LIKE '" & scontrol & "' AND HEADTEACHER LIKE '%" & shead & "%' AND MEDIUM LIKE '%" & smedium & "%' AND WARD LIKE '" & sward & "'  ORDER BY BASE_NAME"
    
    	elseif stype = "N" then 'User has selected a Nursery school
    		strSQL= "SELECT BASE_ID, BASE_NAME, MEDIUM, TELEPHONE, TELE_EXTRA, FAX, EMAIL_ADDR, address1, address2, town, postcode, HEADTEACHER  FROM 
    
    base_web_info WHERE Nursery_Unit = 'Y' AND (address1 LIKE '%" & sarea & "%' OR address2 LIKE '%" & sarea & "%') AND BASE_NAME LIKE '%" & sname & "%' AND Control 
    
    LIKE '" & scontrol & "' AND HEADTEACHER LIKE '" & shead & "%' AND MEDIUM LIKE '" & smedium & "' AND WARD LIKE '" & sward & "'  ORDER BY BASE_NAME"
    
    	elseif stype <> "" then 'User has Selected All School Types!!
    		strSQL= "SELECT BASE_ID, BASE_NAME, MEDIUM, TELEPHONE, TELE_EXTRA, FAX, EMAIL_ADDR, address1, address2, town, postcode, HEADTEACHER  FROM 
    
    base_web_info WHERE TYPE_ID LIKE '" & stype & "' AND (address1 LIKE '%" & sarea & "%' OR address2 LIKE '%" & sarea & "%') AND BASE_NAME LIKE '%" & sname & "%' 
    
    AND Control LIKE '" & scontrol & "' AND HEADTEACHER LIKE '%" & shead & "%' AND MEDIUM LIKE '" & smedium & "' AND WARD LIKE '" & sward & "'  ORDER BY BASE_NAME"
    
    	else
    		strSQL= "SELECT BASE_ID, BASE_NAME, MEDIUM, TELEPHONE, TELE_EXTRA, FAX, EMAIL_ADDR, address1, address2, town, postcode, HEADTEACHER  FROM 
    
    base_web_info WHERE TYPE_ID LIKE '" & stype & "' AND (address1 LIKE '%" & sarea & "%' OR address2 LIKE '%" & sarea & "%') AND BASE_NAME LIKE '%" & sname & "%' 
    
    AND Control LIKE '" & scontrol & "' AND HEADTEACHER LIKE '%" & shead & "%' AND MEDIUM LIKE '" & smedium & "' AND WARD LIKE '" & sward & "'  ORDER BY BASE_NAME"
    	end if
    
    else
    
    Set objRS = Server.CreateObject("ADODB.Recordset")
    		strSQL= "SELECT BASE_ID, BASE_NAME, MEDIUM, TELEPHONE, TELE_EXTRA, FAX, EMAIL_ADDR, address1, address2, town, postcode, HEADTEACHER  FROM 
    
    base_web_info WHERE TYPE_ID LIKE '" & SchoolType & "' ORDER BY BASE_NAME"
    
    end if
    objRS.Open strSQL, strConnection 
    
    
    
    '*********Now we need to change output depending on Language selected!!***************
    
    if Language = "CYM" then
    	'************Welsh Version *****************************
    
    	'************************ This section informs the user if no records are found *************
    	'*********************** If records are found then the table is written to the browser ******
    	
    		If objrs.BOF _
    		And objrs.EOF Then 'BOF & EOF indicates an empty recordset
    
    		
    		%>
    		
    		<div style="left: 62px; top: 0px; position: absolute;">
    			<div class="topnav"><a href="/Schools/SchoolSearch/SchoolSearch.asp" title="English Language Version of Page">English</a>
    		    	</div>
    </div>
    		
    		<div style="width: 100%; left: 0px; top: 150px; position: absolute;">
    		
    		<table width="90%" border="0" cellspacing="0" cellpadding="0" align="center">
    			<caption>
    				<b>Canlyniadau’r Chwilio</b>
    			</caption>
    		  	
    		  	<tr align="center">  
    		    		<td>
    				No records found to match your search
    				<br><a href="http://" title="No matches Found please try again"> please try again:</a>
    		     		</td>
    		  	</tr>
    		</table>
    		</div>
    		<%
    		Else 'We have some records returned so we must now display them!
    
    '********************************Else Section!!!*********************************************************
    
    	'Count number of schools found in search.
    
    	while not objRS.EOF
    		schoolcount = schoolcount+1
    		objRS.MoveNext
    	wend
    
    'move back to start of recorset to display results
    'close and reopen recordset to move to start as .movefirst gives an error!
    objRS.Close
    objRS.Open strSQL,strConnection
    
    
    	%>
    
    <div style="width: 100%; left: 0px; top: 150px; position: absolute; font-size: 12px">
    
    <table width="90%" border="0" cellspacing="0" cellpadding="0" align="center">
    	<caption>
    		<b>Canlyniadau’r Chwilio</b>
    	</caption>
      	
      	<tr align="center">  
        		<td>
        		Am wybodaeth bellach ynglyn ag unrhyw un o’r<font color="#b40000"> <%=schoolcount%></font> 
        		ysgolion, cliciwch ar y botwm gwybodaeth <img src="/ysgol/images/info.gif" width="13" height="13" align="bottom" alt="information button image"> 
    
    os gwelwch yn dda
         		</td>
      	</tr>
    </table>
    </div>
    
    
    	<div style="width: 100%; left: 0px; top: 200px; position: absolute; font-size: 12px">
    
    <table width="95%" border="0" cellpadding="0" bgcolor="#008080" align="center" cellspacing="2">
    	<caption>
    	<b>Manylion yr Ysgol</b>
    	</caption>
      <tr bgcolor="#008080">
        <td width="46%"><b><font color="#FFFFFF">Ysgol</font></b></td>
        <td width="19%"><b><font color="#FFFFFF">Cyswllt yr Ysgol</font></b></td>
        <td width="21%"><b><font color="#FFFFFF">Pennaeth</font></b></td>
        <td width="12%"><b><font color="#FFFFFF">Iaith</font></b></td>
      </tr>
    
    </div>	
    
    
    
    
    
    <%
    'Loop through results
    while not objRS.EOF
    %>	
    
    
    <table width="95%" border="0" cellpadding="0" align="center" cellspacing="2">
      <tr>
        <td width="2%"><a href="SchoolDetail.asp?id=<%= objrs("BASE_ID")%>"><img src="/ysgol/images/info.gif" width="13" height="13" alt="More Information about 
    
    <%=Cstr(objrs("BASE_NAME"))%>" border="0"></a></td>
        <td width="46%"><b><font color="#000000"><a href="SchoolDetail.asp?id=<%=objrs("BASE_ID")%>" title="More Information about 
    
    <%=Cstr(objrs("BASE_NAME"))%>"><%=Cstr(objrs("BASE_NAME"))%></a></font></b></td>
        <td colspan="4" valign="bottom">
       
    
        </td>
      </tr>
      <tr>
        <td width="2%" height="17">&nbsp;</td>
        <td width="46%" height="17"><font color="#000000"><%=objrs("address1")%>, <%=objrs("address2")%>, <%=objrs("town")%>, <%=objrs("postcode")%></font></td>
        <td width="19%" valign="bottom"><font color="#000000"><%=objrs("TELEPHONE")%></font></td>
        <td width="21%" valign="bottom"><font color="#000000"><%=objrs("HEADTEACHER")%></font></td>
        <td width="12%" valign="bottom"><font color="#000000"><%=objrs("MEDIUM")%></font> </td>
      </tr>
    </table>
    </table>
    
    
    	
    <%
    
    objRS.MoveNext
    wend
    end if
    
    '************************end of Welsh Version!*********************
    
    else
    
    '***********************English Version!***************************
    
    		If objrs.BOF _
    		And objrs.EOF Then 'BOF & EOF indicates an empty recordset
    
    		
    		%>
    		
    		<div style="width: 100%; left: 0px; top: 150px; position: absolute;">
    		
    		<table width="90%" border="0" cellspacing="0" cellpadding="0" align="center">
    			<caption>
    				<b>School Search Results</b>
    			</caption>
    		  	
    		  	<tr align="center">  
    		    		<td>
    				No records found to match your search
    				<br><a href="http://" title="Sorry No Records Found Please Try Again"> please try again:</a>
    		     		</td>
    		  	</tr>
    		</table>
    		</div>
    		<%
    		Else 'We have some records returned so we must now display them!
    
    '********************************Else Section!!!*********************************************************
    
    	'Count number of schools found in search.
    
    	while not objRS.EOF
    		schoolcount = schoolcount+1
    		objRS.MoveNext
    	wend
    
    'move back to start of recorset to display results
    'close and reopen recordset to move to start as .movefirst gives an error!
    objRS.Close
    objRS.Open strSQL,strConnection
    
    %>
    
    
    <div style="width: 100%; left: 0px; top: 150px; position: absolute; font-size: 12px">
    
    <table width="90%" border="0" cellspacing="0" cellpadding="0" align="center">
    	<caption>
    		<b>School Search Results</b>
    	</caption>
      	
      	<tr align="center">  
        		<td>
        		For further information relating to any of the<font color="#b40000"> <%=schoolcount%></font> 
        		schools please click on the info <img src="/ysgol/images/info.gif" width="13" height="13" align="bottom" alt="information button image">
          button.
         		</td>
      	</tr>
    </table>
    </div>
    
    
    	<div style="width: 100%; left: 0px; top: 200px; position: absolute; font-size: 12px">
    
    <table width="95%" border="0" cellpadding="0" bgcolor="#008080" align="center" cellspacing="2">
    	<caption>
    	<b>School Details</b>
    	</caption>
      <tr bgcolor="#008080">
        <td width="46%"><b><font color="#FFFFFF">School</font></b></td>
        <td width="19%"><b><font color="#FFFFFF">School Contact</font></b></td>
        <td width="21%"><b><font color="#FFFFFF">Headteacher</font></b></td>
        <td width="12%"><b><font color="#FFFFFF">Language</font></b></td>
      </tr>
    
    </div>	
    
    
    
    
    
    <%
    'Loop through results
    while not objRS.EOF
    %>	
    
    
    <table width="95%" border="0" cellpadding="0" align="center" cellspacing="2">
      <tr>
        <td width="2%"><a href="SchoolDetail.asp?id=<%= objrs("BASE_ID")%>"><img src="images/info.gif" width="13" height="13" alt="More Information about 
    
    <%=Cstr(objrs("BASE_NAME"))%>" border="0"></a></td>
        <td width="46%"><b><font color="#000000"><a href="SchoolDetail.asp?id=<%=objrs("BASE_ID")%>" title="More Information about 
    
    <%=Cstr(objrs("BASE_NAME"))%>"><%=Cstr(objrs("BASE_NAME"))%></a></font></b></td>
        <td colspan="4" valign="bottom">
        
    
        </td>
      </tr>
      <tr>
        <td width="2%" height="17">&nbsp;</td>
        <td width="46%" height="17"><font color="#000000"><%=objrs("address1")%>, <%=objrs("address2")%>, <%=objrs("town")%>, <%=objrs("postcode")%></font></td>
        <td width="19%" valign="bottom"><font color="#000000"><%=objrs("TELEPHONE")%></font></td>
        <td width="21%" valign="bottom"><font color="#000000"><%=objrs("HEADTEACHER")%></font></td>
        <td width="12%" valign="bottom"><font color="#000000"><%=objrs("MEDIUM")%></font> </td>
      </tr>
    </table>
    </table>
    
    
    <%
    
    
    objRS.MoveNext
    wend
    end if
    
    '*********************End of English Version***********************
    end if
    %>
    
    
    <div style="width: 200px; left: 0px; top: 80px; position: relative;">
    
    
     			<a href="http://jigsaw.w3.org/css-validator/">
      			<img style="border:0;width:88px;height:31px"
           			src="http://jigsaw.w3.org/css-validator/images/vcss" 
           			alt="Valid CSS!">
     			</a>
    		
    
    
    
    <div style="width: 600px; left: 180px; top: 0px; position: absolute; font-size: 12px">
    	<table width="90%" border="0" cellspacing="0" cellpadding="0" align="center" summary="This table holds
    	the information showing when the web page was last updated.">
    			<caption>
    			<b>Last Modified</b>
    			</caption>
      	
      			<tr align="center">
        				<td>
        				<%=(FormatDateTime(FileLastMod(), 1))%> 
      				Council 2007
         				</td>  
    </table>
    </div>
    </div>
    </body>
    <!--#include virtual ="/ysgol/Connections/Footer.asp"-->
    </html>

  • #6
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,020
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    Looking at that, it depends on what *OTHER* values are being passed.

    But there's a lot in there that doesn't make sense.

    Such as this:
    Code:
    SchoolType = Request.QueryString("School_type")
    ...
    stype = request.form("School_type")
    That *SEEMS* to be saying that you will be passing School_Type *BOTH* in the querystring *AND* in the <FORM METHOD="POST">.

    So which is it????
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #7
    Regular Coder
    Join Date
    Aug 2008
    Posts
    133
    Thanks
    14
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Old Pedant View Post
    Looking at that, it depends on what *OTHER* values are being passed.

    But there's a lot in there that doesn't make sense.

    Such as this:
    Code:
    SchoolType = Request.QueryString("School_type")
    ...
    stype = request.form("School_type")
    That *SEEMS* to be saying that you will be passing School_Type *BOTH* in the querystring *AND* in the <FORM METHOD="POST">.

    So which is it????
    I think it's because users can either use a form to search for schools by type, name, age range etc or they can just click a link directly to show search results of all secondary schools for example.

    What do you mean by *other* types?

    Basically I just want them to be able to link to search results showing schools of two different types.

  • #8
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,020
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    Not other TYPES. Other VALUES.

    Look here:
    Code:
    'Collect the Search terms from the form plus strip some characters!
    sname = request.form("name")
    sarea = request.form("area")
    stype = request.form("School_type")
    scontrol = request.form("control")
    smedium = request.form("medium") 
    sward = request.form("ward")
    shead = request.form("head")
    If some or all of those are passed, that tremendously affects the query that is used, as you can see in the code.

    Now, if you *know* that none of those will be passed when a list of School_Type will appear in the query string, then it's much simpler.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #9
    Regular Coder
    Join Date
    Aug 2008
    Posts
    133
    Thanks
    14
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Old Pedant View Post
    Not other TYPES. Other VALUES.

    Look here:
    Code:
    'Collect the Search terms from the form plus strip some characters!
    sname = request.form("name")
    sarea = request.form("area")
    stype = request.form("School_type")
    scontrol = request.form("control")
    smedium = request.form("medium") 
    sward = request.form("ward")
    shead = request.form("head")
    If some or all of those are passed, that tremendously affects the query that is used, as you can see in the code.

    Now, if you *know* that none of those will be passed when a list of School_Type will appear in the query string, then it's much simpler.
    I don't know if it helps but after each 'request.form' I took out all the code which deals with preventing against sql injection attacks.

    The difficulty I'm having is that this script was written by someone else and it has a form part and then can be linked to directly. My understanding is not good enough yet to know how a standard html link like "http://mysite.uk/ysgol/Schools/Schoo...chool_type=pru" passes the values to the code and then how to make it so that multiple values can be passed. Are you saying that it's going to be difficult to ammend the existing code? Any idea of where I can find a tutorial on this - what I've seen so far hasn't helped but that's probably because I'm not sure what I'm looking for and most information now is about asp.net.

    cheers.

  • #10
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,020
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    I took out all the code which deals with preventing against sql injection attacks
    WHY would you EVER do that??????

    Is this only for an inTRAnet site? Even so, if you remove that kind of code, your users won't be able to enter values that contain apostrophes.

    ************

    Okay, I give up. Here's an answer. I have no idea if it is going to help you enough or not.

    Fundamentally, you need to pass the query string as something like:
    Code:
    xxxx.asp?School_type=xyz&School_type=abc&School_type=123
    And then the query will end up being something like this:
    Code:
    strSQL= "SELECT BASE_ID, BASE_NAME, MEDIUM, TELEPHONE, TELE_EXTRA, FAX, " _
           &        "EMAIL_ADDR, address1, address2, town, postcode, HEADTEACHER  " _
           & " FROM base_web_info " _
           & " WHERE TYPE_ID IN ('" & Replace(Request("School_type"),", ","','") & "') " _
           & " ORDER BY BASE_NAME"
    If you care why, here's an FAQ I wrote many many years ago:
    http://www.aspfaqs.com/aspfaqs/ShowFAQ.asp?FAQID=153
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #11
    Regular Coder
    Join Date
    Aug 2008
    Posts
    133
    Thanks
    14
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Old Pedant View Post
    WHY would you EVER do that??????

    Is this only for an inTRAnet site? Even so, if you remove that kind of code, your users won't be able to enter values that contain apostrophes.
    I only took it out of what I posted here to save you having to read through huge lists of characters. The script is still intact.

    ************
    Quote Originally Posted by Old Pedant View Post
    Okay, I give up. Here's an answer. I have no idea if it is going to help you enough or not.

    Fundamentally, you need to pass the query string as something like:
    Code:
    xxxx.asp?School_type=xyz&School_type=abc&School_type=123
    And then the query will end up being something like this:
    Code:
    strSQL= "SELECT BASE_ID, BASE_NAME, MEDIUM, TELEPHONE, TELE_EXTRA, FAX, " _
           &        "EMAIL_ADDR, address1, address2, town, postcode, HEADTEACHER  " _
           & " FROM base_web_info " _
           & " WHERE TYPE_ID IN ('" & Replace(Request("School_type"),", ","','") & "') " _
           & " ORDER BY BASE_NAME"
    If you care why, here's an FAQ I wrote many many years ago:
    http://www.aspfaqs.com/aspfaqs/ShowFAQ.asp?FAQID=153

    Ok Thanks. Have tried replacing what seem to me to be the relevant current queries with what you've given me but just like before I'm getting no search results returned if I try searching for two values with this link:

    http://DoSearch.asp?School_type=sp&School_type=pru

    Could it be because of the sql injection code for school_type which replaces 'where' with "" or does that not apply when the query is in a URL?

    Code:
    <!-- #include virtual = "/ssi/_newcmsinetheader.asp" -->
    <%call pageheader_div("School Search","","","", "ENG")%>
    
    		<div style="left: 62px; top: 0px; position: absolute;">
    			<div class="topnav"><a href="javascript:history.go(-1)" title="Previous Page">Previous Page</a>
    		    	</div>
    		</div>
    	
    <%
    
    'See if this page has been requested in Welsh!
    Language = request.querystring("Language")
    
    
    for i=1 to Request.QueryString("School_type").Count
      Response.Write(Request.QueryString("School_type")(i) & "<br />")
    SchoolType = Request.QueryString("School_type")
    next
    
    
    	
    SchoolType = replace(SchoolType,"/","")
    SchoolType = replace(SchoolType,"'","")
    SchoolType = replace(SchoolType,"`","")
    SchoolType = replace(SchoolType,"¬","")
    SchoolType = replace(SchoolType,"\","")
    SchoolType = replace(SchoolType,"|","")
    SchoolType = replace(SchoolType,"*","")
    SchoolType = replace(SchoolType,"{","")
    SchoolType = replace(SchoolType,"}","")
    SchoolType = replace(SchoolType,"[","")
    SchoolType = replace(SchoolType,"]","")
    SchoolType = replace(SchoolType,".","")
    SchoolType = replace(SchoolType,":","")
    SchoolType = replace(SchoolType,"@","")
    SchoolType = replace(SchoolType,";","")
    SchoolType = replace(SchoolType,"?","")
    SchoolType = replace(SchoolType,">","")
    SchoolType = replace(SchoolType,"<","")
    SchoolType = replace(SchoolType,"#","")
    SchoolType = replace(SchoolType,"~","")
    SchoolType = replace(SchoolType,"(","%")
    SchoolType = replace(SchoolType,")","%")
    SchoolType = replace(SchoolType,"select","")
    SchoolType = replace(SchoolType,"insert","")
    SchoolType = replace(SchoolType,"drop","")
    SchoolType = replace(SchoolType,"from","")
    SchoolType = replace(SchoolType,"where","")
    SchoolType = replace(SchoolType,"=","")
    SchoolType = replace(SchoolType,"delete","")
    SchoolType = replace(SchoolType,"truncate","")
    SchoolType = replace(SchoolType,"SchoolType","")
    
    	
    	  if isnull(SchoolType) or SchoolType = "" then 
    	  
    	  	
    
    'Collect the Search terms from the form plus strip some characters!
    
    sname = request.form("name")
    sarea = request.form("area")
    stype = request.form("School_type") 
    scontrol = request.form("control") 
    smedium = request.form("medium") 
    sward = request.form("ward") 
    shead = request.form("head")
    
    'This tells us where the user come from so we can redirect them after they have filled in the form!
    strRefer = Request.ServerVariables("HTTP_REFERER")	
    
    
    'Puts this value into a hidden field to pass onto the next page!!
    
    %>
    
    <%
    Set objRS = Server.CreateObject("ADODB.Recordset")
    
    	
    if sname = "" and sarea = "" and stype = "%" and scontrol = "%" and smedium = "%" and sward = "%" and shead = "" then
    	
    
    strSQL= "SELECT BASE_ID, BASE_NAME, MEDIUM, TELEPHONE, TELE_EXTRA, FAX, " _
           &        "EMAIL_ADDR, address1, address2, town, postcode, HEADTEACHER  " _
           & " FROM base_web_info " _
           & " WHERE TYPE_ID IN ('" & Replace(Request("School_type"),", ","','") & "') " _
           & " ORDER BY BASE_NAME"
    
    
    
    
    	elseif stype = "sf" then 'User has selected a sixth form school
    		strSQL= "SELECT BASE_ID, BASE_NAME, MEDIUM, TELEPHONE, TELE_EXTRA, FAX, EMAIL_ADDR, address1, address2, town, postcode, HEADTEACHER  FROM 
    
    base_web_info WHERE sixth_form = 'Y'  AND (address1 LIKE '%" & sarea & "%' OR address2 LIKE '%" & sarea & "%') AND BASE_NAME LIKE '%" & sname & "%' AND Control 
    
    LIKE '" & scontrol & "' AND HEADTEACHER LIKE '%" & shead & "%' AND MEDIUM LIKE '%" & smedium & "%' AND WARD LIKE '" & sward & "'  ORDER BY BASE_NAME"
    
    	elseif stype = "N" then 'User has selected a Nursery school
    		strSQL= "SELECT BASE_ID, BASE_NAME, MEDIUM, TELEPHONE, TELE_EXTRA, FAX, EMAIL_ADDR, address1, address2, town, postcode, HEADTEACHER  FROM 
    
    base_web_info WHERE Nursery_Unit = 'Y' AND (address1 LIKE '%" & sarea & "%' OR address2 LIKE '%" & sarea & "%') AND BASE_NAME LIKE '%" & sname & "%' AND Control 
    
    LIKE '" & scontrol & "' AND HEADTEACHER LIKE '" & shead & "%' AND MEDIUM LIKE '" & smedium & "' AND WARD LIKE '" & sward & "'  ORDER BY BASE_NAME"
    
    	elseif stype <> "" then 'User has Selected All School Types!!
    		strSQL= "SELECT BASE_ID, BASE_NAME, MEDIUM, TELEPHONE, TELE_EXTRA, FAX, EMAIL_ADDR, address1, address2, town, postcode, HEADTEACHER  FROM 
    
    base_web_info WHERE TYPE_ID LIKE '" & stype & "' AND (address1 LIKE '%" & sarea & "%' OR address2 LIKE '%" & sarea & "%') AND BASE_NAME LIKE '%" & sname & "%' 
    
    AND Control LIKE '" & scontrol & "' AND HEADTEACHER LIKE '%" & shead & "%' AND MEDIUM LIKE '" & smedium & "' AND WARD LIKE '" & sward & "'  ORDER BY BASE_NAME"
    
    	else
    		strSQL= "SELECT BASE_ID, BASE_NAME, MEDIUM, TELEPHONE, TELE_EXTRA, FAX, EMAIL_ADDR, address1, address2, town, postcode, HEADTEACHER  FROM 
    
    base_web_info WHERE TYPE_ID LIKE '" & stype & "' AND (address1 LIKE '%" & sarea & "%' OR address2 LIKE '%" & sarea & "%') AND BASE_NAME LIKE '%" & sname & "%' 
    
    AND Control LIKE '" & scontrol & "' AND HEADTEACHER LIKE '%" & shead & "%' AND MEDIUM LIKE '" & smedium & "' AND WARD LIKE '" & sward & "'  ORDER BY BASE_NAME"
    	end if
    
    else
    
    Set objRS = Server.CreateObject("ADODB.Recordset")
    
    strSQL= "SELECT BASE_ID, BASE_NAME, MEDIUM, TELEPHONE, TELE_EXTRA, FAX, " _
           &        "EMAIL_ADDR, address1, address2, town, postcode, HEADTEACHER  " _
           & " FROM base_web_info " _
           & " WHERE TYPE_ID IN ('" & Replace(Request("School_type"),", ","','") & "') " _
           & " ORDER BY BASE_NAME
    
    end if
    objRS.Open strSQL, strConnection 
    
    
    
    '*********Now we need to change output depending on Language selected!!***************
    
    if Language = "CYM" then
    	'************Welsh Version *****************************
    
    	'************************ This section informs the user if no records are found *************
    	'*********************** If records are found then the table is written to the browser ******
    	
    		If objrs.BOF _
    		And objrs.EOF Then 'BOF & EOF indicates an empty recordset
    
    		
    		%>
    		
    		<div style="left: 62px; top: 0px; position: absolute;">
    			<div class="topnav"><a href="Schools/SchoolSearch/SchoolSearch.asp" title="English Language Version of Page">English</a>
    		    	</div>
    </div>
    		
    		<div style="width: 100%; left: 0px; top: 150px; position: absolute;">
    		
    		<table width="90%" border="0" cellspacing="0" cellpadding="0" align="center">
    			<caption>
    				<b>Canlyniadau’r Chwilio</b>
    			</caption>
    		  	
    		  	<tr align="center">  
    		    		<td>
    				No records found to match your search
    				<br><a href="Schools/SchoolSearch/SchoolSearch.asp?Language=CYM" title="No matches Found please 
    
    try again"> please try again:</a>
    		     		</td>
    		  	</tr>
    		</table>
    		</div>
    		<%
    		Else 'We have some records returned so we must now display them!
    
    '********************************Else Section!!!*********************************************************
    
    	'Count number of schools found in search.
    
    	while not objRS.EOF
    		schoolcount = schoolcount+1
    		objRS.MoveNext
    	wend
    
    'move back to start of recorset to display results
    'close and reopen recordset to move to start as .movefirst gives an error!
    objRS.Close
    objRS.Open strSQL,strConnection
    
    
    	%>
    
    <div style="width: 100%; left: 0px; top: 150px; position: absolute; font-size: 12px">
    
    <table width="90%" border="0" cellspacing="0" cellpadding="0" align="center">
    	<caption>
    		<b>Canlyniadau’r Chwilio</b>
    	</caption>
      	
      	<tr align="center">  
        		<td>
        		Am wybodaeth bellach ynglyn ag unrhyw un o’r<font color="#b40000"> <%=schoolcount%></font> 
     <img src="/ysgol/images/info.gif" width="13" height="13" align="bottom" alt="information button image"> 
    
    
         		</td>
      	</tr>
    </table>
    </div>
    
    
    	<div style="width: 100%; left: 0px; top: 200px; position: absolute; font-size: 12px">
    
    <table width="95%" border="0" cellpadding="0" bgcolor="#008080" align="center" cellspacing="2">
    	<caption>
    	<b>Manylion yr</b>
    	</caption>
      <tr bgcolor="#008080">
        <td width="46%"><b><font color="#FFFFFF">Ysgol</font></b></td>
        <td width="19%"><b><font color="#FFFFFF">Cyswllt yr Ysgol</font></b></td>
        <td width="21%"><b><font color="#FFFFFF">Pennaeth</font></b></td>
        <td width="12%"><b><font color="#FFFFFF">Iaith</font></b></td>
      </tr>
    
    </div>	
    
    
    
    
    
    <%
    'Loop through results
    while not objRS.EOF
    %>	
    
    
    <table width="95%" border="0" cellpadding="0" align="center" cellspacing="2">
      <tr>
        <td width="2%"><a href="SchoolDetail.asp?id=<%= objrs("BASE_ID")%>"><img src="images/info.gif" width="13" height="13" alt="More Information about 
    
    <%=Cstr(objrs("BASE_NAME"))%>" border="0"></a></td>
        <td width="46%"><b><font color="#000000"><a href="SchoolDetail.asp?id=<%=objrs("BASE_ID")%>" title="More Information about 
    
    <%=Cstr(objrs("BASE_NAME"))%>"><%=Cstr(objrs("BASE_NAME"))%></a></font></b></td>
        <td colspan="4" valign="bottom">
       
    
        </td>
      </tr>
      <tr>
        <td width="2%" height="17">&nbsp;</td>
        <td width="46%" height="17"><font color="#000000"><%=objrs("address1")%>, <%=objrs("address2")%>, <%=objrs("town")%>, <%=objrs("postcode")%></font></td>
        <td width="19%" valign="bottom"><font color="#000000"><%=objrs("TELEPHONE")%></font></td>
        <td width="21%" valign="bottom"><font color="#000000"><%=objrs("HEADTEACHER")%></font></td>
        <td width="12%" valign="bottom"><font color="#000000"><%=objrs("MEDIUM")%></font> </td>
      </tr>
    </table>
    </table>
    
    
    	
    <%
    
    objRS.MoveNext
    wend
    end if
    
    '************************end of Welsh Version!*********************
    
    else
    
    '***********************English Version!***************************
    
    		If objrs.BOF _
    		And objrs.EOF Then 'BOF & EOF indicates an empty recordset
    
    		
    		%>
    		
    		<div style="width: 100%; left: 0px; top: 150px; position: absolute;">
    		
    		<table width="90%" border="0" cellspacing="0" cellpadding="0" align="center">
    			<caption>
    				<b>School Search Results</b>
    			</caption>
    		  	
    		  	<tr align="center">  
    		    		<td>
    				No records found to match your search
    				<br><a href="Schools/SchoolSearch/SchoolSearch.asp" title="Sorry No Records Found Please Try 
    
    Again"> please try again:</a>
    		     		</td>
    		  	</tr>
    		</table>
    		</div>
    		<%
    		Else 'We have some records returned so we must now display them!
    
    '********************************Else Section!!!*********************************************************
    
    	'Count number of schools found in search.
    
    	while not objRS.EOF
    		schoolcount = schoolcount+1
    		objRS.MoveNext
    	wend
    
    'move back to start of recorset to display results
    'close and reopen recordset to move to start as .movefirst gives an error!
    objRS.Close
    objRS.Open strSQL,strConnection
    
    %>
    
    
    <div style="width: 100%; left: 0px; top: 150px; position: absolute; font-size: 12px">
    
    <table width="90%" border="0" cellspacing="0" cellpadding="0" align="center">
    	<caption>
    		<b>School Search Results</b>
    	</caption>
      	
      	<tr align="center">  
        		<td>
        		For further information relating to any of the<font color="#b40000"> <%=schoolcount%></font> 
        		schools please click on the info <img src="/ysgol/images/info.gif" width="13" height="13" align="bottom" alt="information button image">
          button.
         		</td>
      	</tr>
    </table>
    </div>
    
    
    	<div style="width: 100%; left: 0px; top: 200px; position: absolute; font-size: 12px">
    
    <table width="95%" border="0" cellpadding="0" bgcolor="#008080" align="center" cellspacing="2">
    	<caption>
    	<b>School Details</b>
    	</caption>
      <tr bgcolor="#008080">
        <td width="46%"><b><font color="#FFFFFF">School</font></b></td>
        <td width="19%"><b><font color="#FFFFFF">School Contact</font></b></td>
        <td width="21%"><b><font color="#FFFFFF">Headteacher</font></b></td>
        <td width="12%"><b><font color="#FFFFFF">Language</font></b></td>
      </tr>
    
    </div>	
    
    
    
    
    
    <%
    'Loop through results
    while not objRS.EOF
    %>	
    
    
    <table width="95%" border="0" cellpadding="0" align="center" cellspacing="2">
      <tr>
        <td width="2%"><a href="SchoolDetail.asp?id=<%= objrs("BASE_ID")%>"><img src="images/info.gif" width="13" height="13" alt="More Information about 
    
    <%=Cstr(objrs("BASE_NAME"))%>" border="0"></a></td>
        <td width="46%"><b><font color="#000000"><a href="SchoolDetail.asp?id=<%=objrs("BASE_ID")%>" title="More Information about 
    
    <%=Cstr(objrs("BASE_NAME"))%>"><%=Cstr(objrs("BASE_NAME"))%></a></font></b></td>
        <td colspan="4" valign="bottom">
        
    
        </td>
      </tr>
      <tr>
        <td width="2%" height="17">&nbsp;</td>
        <td width="46%" height="17"><font color="#000000"><%=objrs("address1")%>, <%=objrs("address2")%>, <%=objrs("town")%>, <%=objrs("postcode")%></font></td>
        <td width="19%" valign="bottom"><font color="#000000"><%=objrs("TELEPHONE")%></font></td>
        <td width="21%" valign="bottom"><font color="#000000"><%=objrs("HEADTEACHER")%></font></td>
        <td width="12%" valign="bottom"><font color="#000000"><%=objrs("MEDIUM")%></font> </td>
      </tr>
    </table>
    </table>
    
    
    <%
    
    
    objRS.MoveNext
    wend
    end if
    
    '*********************End of English Version***********************
    end if
    %>
    
    
    <div style="width: 200px; left: 0px; top: 80px; position: relative;">
    
    
     			<a href="http://jigsaw.w3.org/css-validator/">
      			<img style="border:0;width:88px;height:31px"
           			src="http://jigsaw.w3.org/css-validator/images/vcss" 
           			alt="Valid CSS!">
     			</a>
    		
    
    
    
    <div style="width: 600px; left: 180px; top: 0px; position: absolute; font-size: 12px">
    	<table width="90%" border="0" cellspacing="0" cellpadding="0" align="center" summary="This table holds
    	the information showing when the web page was last updated.">
    			<caption>
    			<b>Last Modified</b>
    			</caption>
      	
      			<tr align="center">
        				<td>
        				<%=(FormatDateTime(FileLastMod(), 1))%> 
     
         				</td>  
    </table>
    </div>
    </div>
    </body>
    <!--#include virtual ="Connections/Footer.asp"-->
    </html>

  • #12
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,020
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    This is all *POINTLESS* code:
    Code:
    SchoolType = replace(SchoolType,"/","")
    SchoolType = replace(SchoolType,"'","")
    SchoolType = replace(SchoolType,"`","")
    SchoolType = replace(SchoolType,"¬","")
    SchoolType = replace(SchoolType,"\","")
    SchoolType = replace(SchoolType,"|","")
    SchoolType = replace(SchoolType,"*","")
    SchoolType = replace(SchoolType,"{","")
    SchoolType = replace(SchoolType,"}","")
    SchoolType = replace(SchoolType,"[","")
    SchoolType = replace(SchoolType,"]","")
    SchoolType = replace(SchoolType,".","")
    SchoolType = replace(SchoolType,":","")
    SchoolType = replace(SchoolType,"@","")
    SchoolType = replace(SchoolType,";","")
    SchoolType = replace(SchoolType,"?","")
    SchoolType = replace(SchoolType,">","")
    SchoolType = replace(SchoolType,"<","")
    SchoolType = replace(SchoolType,"#","")
    SchoolType = replace(SchoolType,"~","")
    SchoolType = replace(SchoolType,"(","%")
    SchoolType = replace(SchoolType,")","%")
    SchoolType = replace(SchoolType,"select","")
    SchoolType = replace(SchoolType,"insert","")
    SchoolType = replace(SchoolType,"drop","")
    SchoolType = replace(SchoolType,"from","")
    SchoolType = replace(SchoolType,"where","")
    SchoolType = replace(SchoolType,"=","")
    SchoolType = replace(SchoolType,"delete","")
    SchoolType = replace(SchoolType,"truncate","")
    SchoolType = replace(SchoolType,"SchoolType","")
    Pointless!

    All you need is this:
    Code:
    SchoolType = Replace( SchoolType, "'", "''" )
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #13
    Regular Coder
    Join Date
    Aug 2008
    Posts
    133
    Thanks
    14
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Old Pedant View Post
    This is all *POINTLESS* code:
    Code:
    SchoolType = replace(SchoolType,"/","")
    SchoolType = replace(SchoolType,"'","")
    SchoolType = replace(SchoolType,"`","")
    SchoolType = replace(SchoolType,"¬","")
    SchoolType = replace(SchoolType,"\","")
    SchoolType = replace(SchoolType,"|","")
    SchoolType = replace(SchoolType,"*","")
    SchoolType = replace(SchoolType,"{","")
    SchoolType = replace(SchoolType,"}","")
    SchoolType = replace(SchoolType,"[","")
    SchoolType = replace(SchoolType,"]","")
    SchoolType = replace(SchoolType,".","")
    SchoolType = replace(SchoolType,":","")
    SchoolType = replace(SchoolType,"@","")
    SchoolType = replace(SchoolType,";","")
    SchoolType = replace(SchoolType,"?","")
    SchoolType = replace(SchoolType,">","")
    SchoolType = replace(SchoolType,"<","")
    SchoolType = replace(SchoolType,"#","")
    SchoolType = replace(SchoolType,"~","")
    SchoolType = replace(SchoolType,"(","%")
    SchoolType = replace(SchoolType,")","%")
    SchoolType = replace(SchoolType,"select","")
    SchoolType = replace(SchoolType,"insert","")
    SchoolType = replace(SchoolType,"drop","")
    SchoolType = replace(SchoolType,"from","")
    SchoolType = replace(SchoolType,"where","")
    SchoolType = replace(SchoolType,"=","")
    SchoolType = replace(SchoolType,"delete","")
    SchoolType = replace(SchoolType,"truncate","")
    SchoolType = replace(SchoolType,"SchoolType","")
    Pointless!

    All you need is this:
    Code:
    SchoolType = Replace( SchoolType, "'", "''" )
    Ok, I'll change it...like I said it wasn't written by me - It was done about 6 years ago by someone else and I've ben unfortunate enough to inherit it.

    Do you think that could be affecting why the example query code you gave still isn't pulling back multiple values?
    Last edited by gh05; 11-01-2010 at 11:34 AM.

  • #14
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,020
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    Do you think that could be affecting why the example query code you gave still isn't pulling back multiple values?
    Probably not.

    But there is just no way I can figure out what is wrong by looking at it from this distance.

    It needs to have a ton of debug code added, just to find out what code paths are being used.

    It's just that when I see code like that, I tend to wonder whether any of the rest of the code is written correctly.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •