include virtual ------ variable

Discussion in 'ASP General' started by rd, Aug 26, 2004.

  1. rd

    rd Guest

    I wanted to do this:
    <!-- #include virtual = <%=request("page")%> -->

    But, that's doesn't work. Help?!

    I have a static "container" asp page. Based on a querystring variable, I
    want the container page to include the appropriate content from another file
    in my web space.

    Static includes are cake:
    <!-- #include virtual="filename.htm" -->
    What if I want "filename" to be a variable, read from querystring?
     
    rd, Aug 26, 2004
    #1
    1. Advertising

  2. rd

    Evertjan. Guest

    rd wrote on 26 aug 2004 in microsoft.public.inetserver.asp.general:

    > Static includes are cake:
    > <!-- #include virtual="filename.htm" -->
    > What if I want "filename" to be a variable, read from querystring?
    >


    You cannot, because #include is executed [read 'included'] before(!!!) the
    asp interpreting.

    Try:

    <%
    Server.execute request.querystring("blah.asp")
    %>

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress,
    but let us keep the discussions in the newsgroup)
     
    Evertjan., Aug 26, 2004
    #2
    1. Advertising

  3. rd

    rd Guest

    Thank you! I figured the order of execution was the reason. Didn't know
    about server.execute.

    This works:
    server.execute(request("pg"))

    When I refer to mypage.asp?pg=whatever.htm, it includes whatever.htm the way
    I wanted.

    Thanks again.

    -rd



    "Evertjan." <> wrote in message
    news:Xns9551EFF30A355eejj99@194.109.133.29...
    > rd wrote on 26 aug 2004 in microsoft.public.inetserver.asp.general:
    >
    > > Static includes are cake:
    > > <!-- #include virtual="filename.htm" -->
    > > What if I want "filename" to be a variable, read from querystring?
    > >

    >
    > You cannot, because #include is executed [read 'included'] before(!!!) the
    > asp interpreting.
    >
    > Try:
    >
    > <%
    > Server.execute request.querystring("blah.asp")
    > %>
    >
    > --
    > Evertjan.
    > The Netherlands.
    > (Please change the x'es to dots in my emailaddress,
    > but let us keep the discussions in the newsgroup)
    >
     
    rd, Aug 26, 2004
    #3
  4. rd

    Evertjan. Guest

    rd wrote on 26 aug 2004 in microsoft.public.inetserver.asp.general:

    > Thank you! I figured the order of execution was the reason. Didn't
    > know about server.execute.
    >
    > This works:
    > server.execute(request("pg"))
    >
    > When I refer to mypage.asp?pg=whatever.htm, it includes whatever.htm
    > the way I wanted.


    Beware, this will not always execute the file you wanted.

    The joy of serversidedness [like singlemindedness ;-) ] is that you have
    perfect control without the client interfering.

    And now you give away the key of your include back to the client, so any
    hacker can include another file of yours, possibly even opening a way to
    sql-injection and corrupting your database, if you are using databases.

    Furthermore [if you are stil determined to do it this way] always use:
    request.querystring("pg")), otherwise if the querystring 'pg' is not
    found, a cookie or any other request variable could be read.

    So why not restrict the choices to the ones you think are safe:

    r = request.querystring("pg")
    if r="whatever.htm" or r="whateverelse.htm" then
    server.execute(r)
    else
    response.write "Hacker !":response.end
    end if

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress,
    but let us keep the discussions in the newsgroup)
     
    Evertjan., Aug 27, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Danny Anderson
    Replies:
    5
    Views:
    517
    Victor Bazarov
    Aug 15, 2003
  2. Rolf Magnus
    Replies:
    2
    Views:
    617
    Karl Heinz Buchegger
    Nov 28, 2003
  3. Elie Nader
    Replies:
    1
    Views:
    651
  4. Andreas Bogenberger
    Replies:
    3
    Views:
    959
    Andreas Bogenberger
    Feb 22, 2008
  5. rockdale

    include virtual in virtual directory?

    rockdale, Sep 3, 2008, in forum: ASP General
    Replies:
    3
    Views:
    458
    rockdale
    Sep 4, 2008
Loading...

Share This Page