Easy string problem: invalid syntax????

N

.Net Sports

I get an incorrect syntax error pointing to the semicolon when I run
this sql statement with a dynamic querystring (geid is primary key
integer datatype):

sql="SELECT firstname,lastname from general where geid = " &
request.QueryString("id") & ";"


...i've tried every possible combination, obviously breaking syntax
rules, and keep getting the error pointing to either the ; or the =

???????
netsports
 
M

Mike Brind

.Net Sports said:
I get an incorrect syntax error pointing to the semicolon when I run
this sql statement with a dynamic querystring (geid is primary key
integer datatype):

sql="SELECT firstname,lastname from general where geid = " &
request.QueryString("id") & ";"


..i've tried every possible combination, obviously breaking syntax
rules, and keep getting the error pointing to either the ; or the =

???????
netsports

Have you established that Request.QueryString("id") holds a valid value?
<%
sql="SELECT firstname,lastname from general where geid = " &
request.QueryString("id") & ";"
Response.Write sql
Response.End
%>
 
P

Pav

I get an incorrect syntax error pointing to the semicolon when I run
this sql statement with a dynamic querystring (geid is primary key
integer datatype):

sql="SELECT firstname,lastname from general where geid = " &
request.QueryString("id") & ";"

..i've tried every possible combination, obviously breaking syntax
rules, and keep getting the error pointing to either the ; or the =

???????
netsports

Can you use it like this

Dim sID
sID=request.QueryString("id")

sql="SELECT firstname,lastname from general where geid = ' "&sID&" '
". <Remove space between double quote and single quote>
 
E

Evertjan.

Pav wrote on 08 feb 2007 in microsoft.public.inetserver.asp.general:
Can you use it like this

Dim sID
sID=request.QueryString("id")

sql="SELECT firstname,lastname from general where geid = ' "&sID&" '
". <Remove space between double quote and single quote>

.... and just when it works this is so VERY DANGEROUS,
as putting a request.QueryString() value directly into a SQL string
without thorough validation, is inviting being severely hacked by sql-
injection, puting your whole database for the hacking world to duplicate,
change and destroy. And sometimes even to allow the hacker to insert a
shell command in the string and opening your HD drives to him.
[.. or her. Are there female hackers btw?]
 
R

Roland Hall

Evertjan. said:
[.. or her. Are there female hackers btw?]

No. Only wives and girlfriends of hackers who can often be heard asking,
"When are you going to get off that
@#$% COMPUTER?"
 
E

Evertjan.

Roland Hall wrote on 12 feb 2007 in
[.. or her. Are there female hackers btw?]

No. Only wives and girlfriends of hackers who can often be heard
asking, "When are you going to get off that
@#$% COMPUTER?"

Evidently from personal experience, Roland.
 
M

Mike Brind

Roland Hall said:
Evertjan. said:
[.. or her. Are there female hackers btw?]

No. Only wives and girlfriends of hackers who can often be heard asking,
"When are you going to get off that
@#$% COMPUTER?"

Sorry. I do not believe that for one second.

There is absolutely NO WAY that any half decent hacker would leave their
computer long enough to expose themselves to the possibility of meeting
someone of the opposite sex.

You are mistaking hackers for developers, I reckon.
 
R

Roland Hall

Evertjan. said:
Roland Hall wrote on 12 feb 2007 in
[.. or her. Are there female hackers btw?]

No. Only wives and girlfriends of hackers who can often be heard
asking, "When are you going to get off that
@#$% COMPUTER?"

Evidently from personal experience, Roland.

Evidently, although my hat is gray! (O;=
 
R

Roland Hall

Mike Brind said:
Roland Hall said:
Evertjan. said:
[.. or her. Are there female hackers btw?]

No. Only wives and girlfriends of hackers who can often be heard asking,
"When are you going to get off that
@#$% COMPUTER?"

Sorry. I do not believe that for one second.

There is absolutely NO WAY that any half decent hacker would leave their
computer long enough to expose themselves to the possibility of meeting
someone of the opposite sex.

You are mistaking hackers for developers, I reckon.

Pr( * Y * )n & h3x1n g0 2g3th3r
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top