Creating a String based upon textbox value

Discussion in 'ASP General' started by andym, Feb 8, 2006.

  1. andym

    andym Guest

    Dear All,

    I wish to have an ASP page that displays a predetermined date in the
    middle of a string. I wish this date to be set in a seperate control
    panel type page. I am hoping somebody could help me.

    eg ...

    A page called "Confirm.asp" has text ... "These prices are valid until
    28th Feb 2006". I currently have to go and hard code the date in
    whenever there is a need to change it.

    I would like to be able to set this date from another page (eg
    "SetDate.asp"), where I type the date in a textbox, click on an "OK"
    button, then whenever "Confirm.asp" is opened in the future it picks up
    the entered date.

    Most form type of code I have found seems to want to email the value in
    the textbox somewhere ... which is obviously not what I am after.

    Many Thanks...


    andym
     
    andym, Feb 8, 2006
    #1
    1. Advertising

  2. andym

    Griff Guest

    I assume from what you've written that this is not a rolling date (i.e.
    today plus X days), or even the last day of this month? If so, then these
    should both be calculatable in VBScript within the ASP code.

    If it's a non-calculatable value then it strikes me that this needs to be
    durable data held ideally in a database.

    If you don't have access to a database then I guess you could write the
    value entered in setDate.asp to a text file (beware file security
    permissions - you don't want to open your file system up to ALL your
    guests). The "Confirm.asp" file could first check to see if it's cached
    this value in (say) the application cache, otherwise it would have to
    retrieve it from the text file.
     
    Griff, Feb 8, 2006
    #2
    1. Advertising

  3. andym

    andym Guest

    Griff,

    thanks for your reply.

    To answer your questions, there is no rolling date, it doesn't have to
    be the end of the month - it is non-calculatable, and will be business
    decision driven.

    I don't have a database to work with. I just need that value stored so
    it can be used as a point of reference when the "Confirm.asp" page is
    opened.

    I am guessing as it will be just a date then security is not an issue?
    I no gripe if anybody wants to hack into the system and find a date.

    Regards,

    andym
     
    andym, Feb 8, 2006
    #3
  4. andym

    Griff Guest


    > I am guessing as it will be just a date then security is not an issue?
    > I no gripe if anybody wants to hack into the system and find a date.


    What I meant here is that if you start allowing the internet guest account
    write permissions to the file system then make sure you control it.
    Otherwise it's very easy for someone to write an ASP code file with
    malicious code in it and run it....
     
    Griff, Feb 8, 2006
    #4
  5. andym

    andym Guest

    Thanks Griff..

    The date will be added from an area of the website where you need a
    password to access it. Hopefully that will limit it to only the two
    people who do have access.

    Any tips on how to knck this ting off? Any tuts on the net that would
    help me?

    Regards,

    andym
     
    andym, Feb 9, 2006
    #5
  6. andym

    Evertjan. Guest

    andym wrote on 09 feb 2006 in microsoft.public.inetserver.asp.general:

    > he date will be added from an area of the website where you need a
    > password to access it. Hopefully that will limit it to only the two
    > people who do have access.
    >
    > Any tips on how to knck this ting off? Any tuts on the net that would
    > help me?
    >


    Please quote what you are replying to.

    If you want to post a followup via groups.google.com, don't use the
    "Reply" link at the bottom of the article. Click on "show options" at the
    top of the article, then click on the "Reply" at the bottom of the article
    headers. <http://www.safalra.com/special/googlegroupsreply/>

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
     
    Evertjan., Feb 9, 2006
    #6
  7. "andym" <> wrote in message
    news:...
    > Thanks Griff..
    >
    > The date will be added from an area of the website where you need a
    > password to access it. Hopefully that will limit it to only the two
    > people who do have access.
    >
    > Any tips on how to knck this ting off? Any tuts on the net that would
    > help me?


    Here's a really simple way to implement abstracted storage of text:

    <!-- begin displayexternaldate.asp -->
    <html>
    <body>
    <span>
    The externally stored date value (actually, just text) is:
    <!-- #include file="datestorage.asp" -->. All this text
    will be displayed inline, because HTML ignores white space.
    </span>
    </body>
    </html>

    <!-- end displayexternaldate.asp -->

    The referenced file datestorage.asp contains only the date string.

    Then overwrite the file datestorage.asp using an ASP page similar the
    example I've included below.

    Note that if the people authorized to use the overwrite.asp page have NT
    accounts on the server (that are permitted to write files to the web
    directory), you can set NTFS permissions on the overwrite.asp file that deny
    access to the anonymous user, and will thus both force HTTP Auth, and run in
    the context of the user that logs in. That would be the icing on your
    security cake.

    Otherwise the anonymous user will need NTFS permissions to create and change
    files (not to be confused with IIS permissions to write to the directory,
    which are unnecessary in this case.) If you're stuck with that, I would
    suggest creating a separate directory for the date storage file, and grant
    appropriate NTFS permissions to that directory, rather than your web app
    directory, just to limit damage potential as much as possible. (Adjust path
    values in examples as necessary.)

    Hope this helps...

    -Mark


    <!-- begin overwrite.asp -->
    <%
    Dim NewDate
    NewDate = Request.Form("NewDate")

    ' rudimentary protection against use of this to create executable
    ' code on the server
    '
    NewDate = Replace(NewDate, "<", "&gt;")

    If Len(NewDate) > 0 then
    ' another rudimentary security/validity check
    If Not IsDate(NewDate) Then
    Response.Write "Invalid input: '" & NewDate & "' not a recognizable date."
    Response.End
    End If

    Dim fso, oFile
    Set fso = CreateObject("Scripting.FileSystemObject")
    Set oFile = fso.CreateTextFile(Server.MapPath("datestorage.asp"), True)
    oFile.WriteLine(NewDate)
    oFile.Close

    Response.Write "Date file has been rewritten."
    Response.End
    End If

    %>
    <html>
    <body>
    <form action=# method=POST>
    Enter a date: <input type=text name=NewDate /><br>
    <input type=submit />
    </form>
    </body>
    </html>
    <!-- end overwrite.asp -->







    > Regards,
    >
    > andym
    >
     
    Mark J. McGinty, Feb 11, 2006
    #7
  8. andym

    andym Guest

    Mark J. McGinty wrote:
    > "andym" <> wrote in message
    > news:...
    > > Thanks Griff..
    > >
    > > The date will be added from an area of the website where you need a
    > > password to access it. Hopefully that will limit it to only the two
    > > people who do have access.
    > >
    > > Any tips on how to knck this ting off? Any tuts on the net that would
    > > help me?

    >
    > Here's a really simple way to implement abstracted storage of text:
    >
    > <!-- begin displayexternaldate.asp -->
    > <html>
    > <body>
    > <span>
    > The externally stored date value (actually, just text) is:
    > <!-- #include file="datestorage.asp" -->. All this text
    > will be displayed inline, because HTML ignores white space.
    > </span>
    > </body>
    > </html>
    >
    > <!-- end displayexternaldate.asp -->
    >
    > The referenced file datestorage.asp contains only the date string.
    >
    > Then overwrite the file datestorage.asp using an ASP page similar the
    > example I've included below.
    >
    > Note that if the people authorized to use the overwrite.asp page have NT
    > accounts on the server (that are permitted to write files to the web
    > directory), you can set NTFS permissions on the overwrite.asp file that deny
    > access to the anonymous user, and will thus both force HTTP Auth, and run in
    > the context of the user that logs in. That would be the icing on your
    > security cake.
    >
    > Otherwise the anonymous user will need NTFS permissions to create and change
    > files (not to be confused with IIS permissions to write to the directory,
    > which are unnecessary in this case.) If you're stuck with that, I would
    > suggest creating a separate directory for the date storage file, and grant
    > appropriate NTFS permissions to that directory, rather than your web app
    > directory, just to limit damage potential as much as possible. (Adjust path
    > values in examples as necessary.)
    >
    > Hope this helps...
    >
    > -Mark
    >
    >
    > <!-- begin overwrite.asp -->
    > <%
    > Dim NewDate
    > NewDate = Request.Form("NewDate")
    >
    > ' rudimentary protection against use of this to create executable
    > ' code on the server
    > '
    > NewDate = Replace(NewDate, "<", "&gt;")
    >
    > If Len(NewDate) > 0 then
    > ' another rudimentary security/validity check
    > If Not IsDate(NewDate) Then
    > Response.Write "Invalid input: '" & NewDate & "' not a recognizable date."
    > Response.End
    > End If
    >
    > Dim fso, oFile
    > Set fso = CreateObject("Scripting.FileSystemObject")
    > Set oFile = fso.CreateTextFile(Server.MapPath("datestorage.asp"), True)
    > oFile.WriteLine(NewDate)
    > oFile.Close
    >
    > Response.Write "Date file has been rewritten."
    > Response.End
    > End If
    >
    > %>
    > <html>
    > <body>
    > <form action=# method=POST>
    > Enter a date: <input type=text name=NewDate /><br>
    > <input type=submit />
    > </form>
    > </body>
    > </html>
    > <!-- end overwrite.asp -->
    >
    >
    >
    >
    >
    >
    >
    > > Regards,
    > >
    > > andym
    > >


    Mark,

    many thanks for your reply and your example...

    I shall put your advice into practise over the next couple of days.

    Most appreciated,

    Regards,

    andym
     
    andym, Feb 13, 2006
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ashish

    textbox value lost upon postback

    Ashish, Feb 17, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    10,011
    Ashish
    Feb 17, 2004
  2. Ashish
    Replies:
    0
    Views:
    369
    Ashish
    Feb 17, 2004
  3. Ashish

    textbox value lost upon postback

    Ashish, Feb 17, 2004, in forum: ASP .Net Building Controls
    Replies:
    2
    Views:
    133
    Teemu Keiski
    Feb 19, 2004
  4. Balaji
    Replies:
    0
    Views:
    483
    Balaji
    Jul 7, 2003
  5. news
    Replies:
    1
    Views:
    113
    Mike Brind
    Apr 5, 2006
Loading...

Share This Page