I am wanting to use POST method for an IDENT ID for people to access database stored documents, and then display it on a page using ASP Datagrid's from Visual Studio 2005 out of a SQL Server 2005 database. What I need is to allow that POST variable to be used in the SQL SELECT statement as seen below. (and yes I know the risks of SQL data injection, will be an internal archive and will address the injection problem later)
<%
dim varIDENT
varIDENT = Request.Form("v arIDENT")
If varIDENT <> "" Then
Response.Write( varIDENT)
End If
%>
DataSourceID="S qlDataSource6" EmptyDataText=" There are no data records to display." Border="0" Width="100%">
" SelectCommand=" SELECT [OVERVIEW] FROM [SUDS_TRD] WHERE [IDENT]='"& varIDENT &"'">
Please help thanks! :)
Sincerely,
Jesse Myer
<%
dim varIDENT
varIDENT = Request.Form("v arIDENT")
If varIDENT <> "" Then
Response.Write( varIDENT)
End If
%>
DataSourceID="S qlDataSource6" EmptyDataText=" There are no data records to display." Border="0" Width="100%">
" SelectCommand=" SELECT [OVERVIEW] FROM [SUDS_TRD] WHERE [IDENT]='"& varIDENT &"'">
Please help thanks! :)
Sincerely,
Jesse Myer