I get an incorrect syntax error pointing to the semicolon when I run
this sql statement with a dynamic querystring (geid is primary key
integer datatype):
sql="SELECT firstname,lastname from general where geid = " &
request.QueryString("id") & ";"
...i've tried every possible combination, obviously breaking syntax
rules, and keep getting the error pointing to either the ; or the =
???????
netsports
".Net Sports"
news:1170958216.684030.229800@p10g2000cwp.googlegroups.com.. .
>I get an incorrect syntax error pointing to the semicolon when I run
> this sql statement with a dynamic querystring (geid is primary key
> integer datatype):
>
> sql="SELECT firstname,lastname from general where geid = " &
> request.QueryString("id") & ";"
>
>
> ..i've tried every possible combination, obviously breaking syntax
> rules, and keep getting the error pointing to either the ; or the =
>
> ???????
> netsports
>
Have you established that Request.QueryString("id") holds a valid value?
<%
sql="SELECT firstname,lastname from general where geid = " &
request.QueryString("id") & ";"
Response.Write sql
Response.End
%>
--
Mike Brind
On Feb 8, 11:10 pm, ".Net Sports"
> I get an incorrect syntax error pointing to the semicolon when I run
> this sql statement with a dynamic querystring (geid is primary key
> integer datatype):
>
> sql="SELECT firstname,lastname from general where geid = " &
> request.QueryString("id") & ";"
>
> ..i've tried every possible combination, obviously breaking syntax
> rules, and keep getting the error pointing to either the ; or the =
>
> ???????
> netsports
Can you use it like this
Dim sID
sID=request.QueryString("id")
sql="SELECT firstname,lastname from general where geid = ' "&sID&" '
".
Pav wrote on 08 feb 2007 in microsoft.public.inetserver.asp.general:
> On Feb 8, 11:10 pm, ".Net Sports"
>> I get an incorrect syntax error pointing to the semicolon when I run
>> this sql statement with a dynamic querystring (geid is primary key
>> integer datatype):
>>
>> sql="SELECT firstname,lastname from general where geid = " &
>> request.QueryString("id") & ";"
>>
>> ..i've tried every possible combination, obviously breaking syntax
>> rules, and keep getting the error pointing to either the ; or the =
>>
>> ???????
>> netsports
>
> Can you use it like this
>
> Dim sID
> sID=request.QueryString("id")
>
> sql="SELECT firstname,lastname from general where geid = ' "&sID&" '
> ".
.... and just when it works this is so VERY DANGEROUS,
as putting a request.QueryString() value directly into a SQL string
without thorough validation, is inviting being severely hacked by sql-
injection, puting your whole database for the hacking world to duplicate,
change and destroy. And sometimes even to allow the hacker to insert a
shell command in the string and opening your HD drives to him.
[.. or her. Are there female hackers btw?]
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Why don't you just leave off the ; ?
Bob Lehmann
".Net Sports"
news:1170958216.684030.229800@p10g2000cwp.googlegroups.com.. .
> I get an incorrect syntax error pointing to the semicolon when I run
> this sql statement with a dynamic querystring (geid is primary key
> integer datatype):
>
> sql="SELECT firstname,lastname from general where geid = " &
> request.QueryString("id") & ";"
>
>
> ..i've tried every possible combination, obviously breaking syntax
> rules, and keep getting the error pointing to either the ; or the =
>
> ???????
> netsports
>
"Evertjan."
news:Xns98D1D6DA35E47eejj99@194.109.133.242...
> [.. or her. Are there female hackers btw?]
No. Only wives and girlfriends of hackers who can often be heard asking,
"When are you going to get off that
@#$% COMPUTER?"
--
Roland Hall
Roland Hall wrote on 12 feb 2007 in
> "Evertjan."
>> [.. or her. Are there female hackers btw?]
>
> No. Only wives and girlfriends of hackers who can often be heard
> asking, "When are you going to get off that
> @#$% COMPUTER?"
Evidently from personal experience, Roland.
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
"Roland Hall"
news:%23SgF6smTHHA.1200@TK2MSFTNGP04.phx.gbl...
> "Evertjan."
> news:Xns98D1D6DA35E47eejj99@194.109.133.242...
>> [.. or her. Are there female hackers btw?]
>
> No. Only wives and girlfriends of hackers who can often be heard asking,
> "When are you going to get off that
> @#$% COMPUTER?"
Sorry. I do not believe that for one second.
There is absolutely NO WAY that any half decent hacker would leave their
computer long enough to expose themselves to the possibility of meeting
someone of the opposite sex.
You are mistaking hackers for developers, I reckon.
"Evertjan."
news:Xns98D560E1CCFB1eejj99@194.109.133.242...
> Roland Hall wrote on 12 feb 2007 in
>> "Evertjan."
>
>>> [.. or her. Are there female hackers btw?]
>>
>> No. Only wives and girlfriends of hackers who can often be heard
>> asking, "When are you going to get off that
>> @#$% COMPUTER?"
>
> Evidently from personal experience, Roland.
Evidently, although my hat is gray! (O;=
--
Roland Hall
"Mike Brind"
news:u2U5FnqTHHA.4276@TK2MSFTNGP02.phx.gbl...
>
> "Roland Hall"
> news:%23SgF6smTHHA.1200@TK2MSFTNGP04.phx.gbl...
>> "Evertjan."
>> news:Xns98D1D6DA35E47eejj99@194.109.133.242...
>>> [.. or her. Are there female hackers btw?]
>>
>> No. Only wives and girlfriends of hackers who can often be heard asking,
>> "When are you going to get off that
>> @#$% COMPUTER?"
>
> Sorry. I do not believe that for one second.
>
> There is absolutely NO WAY that any half decent hacker would leave their
> computer long enough to expose themselves to the possibility of meeting
> someone of the opposite sex.
>
> You are mistaking hackers for developers, I reckon.
Pr( * Y * )n & h3x1n g0 2g3th3r
--
Roland Hall