Querystring issue

**Evertjan.** · Apr 8 '07, 08:15 PM

Re: Querystring issue

Simon Gare wrote on 08 apr 2007 in
microsoft.publi c.inetserver.as p.general:

Hi all,
>
is there anyway of separating a string by either a space or + sign, I
have an sms.asp page that receives a string in this format below
>

ACOMPANY.CO.UK

http://acompany.co.uk/online/internal/InboundSms.asp?api_id=2920893&fro

Saw.com has successfully helped thousands of buyers acquire the perfect domain name. Interested in ACOMPANY.CO.UK? Let’s get started.

m=447912956700& to=447624813579 ×tamp=2007-04-07+03%3A56%3A42 &text=19%2Bd
avid
>
the last part text= I need to split into 2 parts I need to read the
first part 19 and match that to the db and then deal with the name
David, I have tried everything, is there anyway of doing this even if
the string read text=19+david if there was a way of separating the
two.

============= test.asp =============== =======
<% 'vbscript

if request.queryst ring("text").co unt=1 then
a = split(request.q uerystring("tex t"),"%2B")
response.write a(0) & "<br>"
response.write a(1) & "<br>"
end if

%>

<form method='get'>
<input name='text' value='19%2Bdav id'>
<input type='submit'>
</form>
=============== =============== =============== =

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

**Simon Gare** · Apr 8 '07, 10:35 PM

Re: Querystring issue

Thanks Evertjan,

how would the insert query look, below is what I have now but how would I
split that when entering the data 19 into 1 field and David into another?

Dim api_id
Dim sentfrom
Dim timestamp
Dim text

api_id = ParseString(Req uest.Querystrin g("api_id"))
from = ParseString(Req uest.Querystrin g("from"))
timestamp = Request.Queryst ring("timestamp ")

text = ParseString(Req uest.Querystrin g("text"))

sql = "insert into dbo.SMSAPI (api_id,SentFro m,text,timestam p) values ("&
api_id &","& from &",'"& text &"','"& paxname &"',getdate( ))"

Thanks in Advance

Simon

"Evertjan." <exjxw.hannivoo rt@interxnl.net wrote in message
news:Xns990CE08 4798C9eejj99@19 4.109.133.242.. .

Simon Gare wrote on 08 apr 2007 in
microsoft.publi c.inetserver.as p.general:
>

Hi all,

is there anyway of separating a string by either a space or + sign, I
have an sms.asp page that receives a string in this format below

ACOMPANY.CO.UK

http://acompany.co.uk/online/internal/InboundSms.asp?api_id=2920893&fro

Saw.com has successfully helped thousands of buyers acquire the perfect domain name. Interested in ACOMPANY.CO.UK? Let’s get started.

m=447912956700& to=447624813579 ×tamp=2007-04-07+03%3A56%3A42 &text=19%2Bd
avid

the last part text= I need to split into 2 parts I need to read the
first part 19 and match that to the db and then deal with the name
David, I have tried everything, is there anyway of doing this even if
the string read text=19+david if there was a way of separating the
two.

>
>
============= test.asp =============== =======
<% 'vbscript
>
if request.queryst ring("text").co unt=1 then
a = split(request.q uerystring("tex t"),"%2B")
response.write a(0) & "<br>"
response.write a(1) & "<br>"
end if
>
%>
>
<form method='get'>
<input name='text' value='19%2Bdav id'>
<input type='submit'>
</form>
=============== =============== =============== =
>
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

**Evertjan.** · Apr 9 '07, 11:25 AM

Re: Querystring issue

Simon Gare wrote on 09 apr 2007 in
microsoft.publi c.inetserver.as p.general:

Thanks Evertjan,

[Please do not toppost on usenet]

>
how would the insert query look, below is what I have now but how
would I split that when entering the data 19 into 1 field and David
into another?
>
Dim api_id
Dim sentfrom
Dim timestamp
Dim text
>
>
api_id = ParseString(Req uest.Querystrin g("api_id"))

What is ParseString() ?????????

from = ParseString(Req uest.Querystrin g("from"))
timestamp = Request.Queryst ring("timestamp ")
>
text = ParseString(Req uest.Querystrin g("text"))
>
>
sql = "insert into dbo.SMSAPI (api_id,SentFro m,text,timestam p) values
("& api_id &","& from &",'"& text &"','"& paxname &"',getdate( ))"

DANGEROUS! entering querystring strings directly in a SQL
is asking for SQL Injection/Insertion Attacks.
[read up on Insertion Attacks on the web!]

Do as I showed you extracting the two strings:

a = split(request.q uerystring("tex t"),"%2B")

Then test the resulting strings for Insertion Attack characters,
and if all is well set them into the SQL strings as you do above with
"from" etc.

Thanks in Advance
>
Simon
>
>
"Evertjan." <exjxw.hannivoo rt@interxnl.net wrote in message
news:Xns990CE08 4798C9eejj99@19 4.109.133.242.. .

>Simon Gare wrote on 08 apr 2007 in
>microsoft.publ ic.inetserver.a sp.general:
>>

Hi all,
>
is there anyway of separating a string by either a space or + sign,
I have an sms.asp page that receives a string in this format below
>

ACOMPANY.CO.UK

http://acompany.co.uk/online/internal/InboundSms.asp?api_id=2920893&

Saw.com has successfully helped thousands of buyers acquire the perfect domain name. Interested in ACOMPANY.CO.UK? Let’s get started.

fro
m=447912956700& to=447624813579 ×tamp=2007-04-07+03%3A56%3A42 &text=19%
2Bd avid
>
the last part text= I need to split into 2 parts I need to read the
first part 19 and match that to the db and then deal with the name
David, I have tried everything, is there anyway of doing this even
if the string read text=19+david if there was a way of separating
the two.

>>
>>
>============ = test.asp =============== =======
><% 'vbscript
>>
>if request.queryst ring("text").co unt=1 then
>a = split(request.q uerystring("tex t"),"%2B")
>response.wri te a(0) & "<br>"
>response.wri te a(1) & "<br>"
>end if
>>
>%>
>>
><form method='get'>
><input name='text' value='19%2Bdav id'>
><input type='submit'>
></form>
>============== =============== =============== ==
>>
>--
>Evertjan.
>The Netherlands.
>(Please change the x'es to dots in my emailaddress)

>
>
>

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

**Simon Gare** · Apr 9 '07, 10:15 PM

Re: Querystring issue

Sorry Evertjan its not working, need to match the first part of the
querystring against one table i.e. 19 and enter the second part i.e. David
into another table along with other info.

Sorry to be a pain but cannot separate the 2 apart even with your solution,
more assistance would be greatly appreciated.

Regards
Simon
"Evertjan." <exjxw.hannivoo rt@interxnl.net wrote in message
news:Xns990D877 AD995Deejj99@19 4.109.133.242.. .

Simon Gare wrote on 09 apr 2007 in
microsoft.publi c.inetserver.as p.general:
>

Thanks Evertjan,

>
[Please do not toppost on usenet]
>

how would the insert query look, below is what I have now but how
would I split that when entering the data 19 into 1 field and David
into another?

Dim api_id
Dim sentfrom
Dim timestamp
Dim text

api_id = ParseString(Req uest.Querystrin g("api_id"))

>
What is ParseString() ?????????
>

from = ParseString(Req uest.Querystrin g("from"))
timestamp = Request.Queryst ring("timestamp ")

text = ParseString(Req uest.Querystrin g("text"))

sql = "insert into dbo.SMSAPI (api_id,SentFro m,text,timestam p) values
("& api_id &","& from &",'"& text &"','"& paxname &"',getdate( ))"

>
DANGEROUS! entering querystring strings directly in a SQL
is asking for SQL Injection/Insertion Attacks.
[read up on Insertion Attacks on the web!]
>
Do as I showed you extracting the two strings:
>
a = split(request.q uerystring("tex t"),"%2B")
>
Then test the resulting strings for Insertion Attack characters,
and if all is well set them into the SQL strings as you do above with
"from" etc.
>
>
>

Thanks in Advance

Simon

"Evertjan." <exjxw.hannivoo rt@interxnl.net wrote in message
news:Xns990CE08 4798C9eejj99@19 4.109.133.242.. .

Simon Gare wrote on 08 apr 2007 in
microsoft.publi c.inetserver.as p.general:
>
Hi all,

is there anyway of separating a string by either a space or + sign,
I have an sms.asp page that receives a string in this format below

ACOMPANY.CO.UK

http://acompany.co.uk/online/internal/InboundSms.asp?api_id=2920893&

Saw.com has successfully helped thousands of buyers acquire the perfect domain name. Interested in ACOMPANY.CO.UK? Let’s get started.

fro
m=447912956700& to=447624813579 ×tamp=2007-04-07+03%3A56%3A42 &text=19%
2Bd avid

the last part text= I need to split into 2 parts I need to read the
first part 19 and match that to the db and then deal with the name
David, I have tried everything, is there anyway of doing this even
if the string read text=19+david if there was a way of separating
the two.
>
>
============= test.asp =============== =======
<% 'vbscript
>
if request.queryst ring("text").co unt=1 then
a = split(request.q uerystring("tex t"),"%2B")
response.write a(0) & "<br>"
response.write a(1) & "<br>"
end if
>
%>
>
<form method='get'>
<input name='text' value='19%2Bdav id'>
<input type='submit'>
</form>
=============== =============== =============== =
>
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

>
>
>
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

**Evertjan.** · Apr 9 '07, 10:45 PM

Re: Querystring issue

Simon Gare wrote on 10 apr 2007 in
microsoft.publi c.inetserver.as p.general:

Sorry Evertjan its not working, need to match the first part of the
querystring against one table i.e. 19 and enter the second part i.e.
David into another table along with other info.
>
Sorry to be a pain but cannot separate the 2 apart even with your
solution, more assistance would be greatly appreciated.
>
Regards
Simon
"Evertjan." <exjxw.hannivoo rt@interxnl.net wrote in message
news:Xns990D877 AD995Deejj99@19 4.109.133.242.. .

>Simon Gare wrote on 09 apr 2007 in
>microsoft.publ ic.inetserver.a sp.general:
>>

Thanks Evertjan,

>>
>[Please do not toppost on usenet]

If you keep on toposting I will not go on with this thread.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

**Anthony Jones** · Apr 10 '07, 01:35 PM

Re: Querystring issue

"Simon Gare" <simon@simongar e.comwrote in message
news:uhD%236ahe HHA.5044@TK2MSF TNGP06.phx.gbl. ..

Hi all,
>
is there anyway of separating a string by either a space or + sign, I have
an sms.asp page that receives a string in this format below
>
>

http://acompany.co.uk/online/interna...ext=19%2Bdavid

>
the last part text= I need to split into 2 parts I need to read the first
part 19 and match that to the db and then deal with the name David, I have
tried everything, is there anyway of doing this even if the string read
text=19+david if there was a way of separating the two.
>
Thanks in advance.
>
Regards
Simon Gare
The Gare Group Limited
>
website: www.thegaregroup.co.uk
website: www.privatehiresolutions.co.uk
>
>

aText = Split(Request.Q ueryString("tex t"), "+")

aText(0) will be "19" and aText(1) will be "david"

The %2B is an escape code for + because + is used converted to space by some
url encoders.

I think what you really need to do is make sure the code that generated the
URL in the first place does so in a consitent manner.

Querystring issue

Querystring issue

Comment

Comment

Comment

Comment

Comment

Comment