Querystring issue

Discussion in 'ASP General' started by Simon Gare, Apr 8, 2007.

  1. Simon Gare

    Simon Gare Guest

    Hi all,

    is there anyway of separating a string by either a space or + sign, I have
    an sms.asp page that receives a string in this format below

    http://acompany.co.uk/online/intern...813579×tamp=2007-04-07 03:56:42&text=19+david

    the last part text= I need to split into 2 parts I need to read the first
    part 19 and match that to the db and then deal with the name David, I have
    tried everything, is there anyway of doing this even if the string read
    text=19+david if there was a way of separating the two.

    Thanks in advance.

    Regards
    Simon Gare
    The Gare Group Limited

    website: www.thegaregroup.co.uk
    website: www.privatehiresolutions.co.uk
     
    Simon Gare, Apr 8, 2007
    #1
    1. Advertising

  2. Simon Gare

    Evertjan. Guest

    Simon Gare wrote on 08 apr 2007 in
    microsoft.public.inetserver.asp.general:

    > Hi all,
    >
    > is there anyway of separating a string by either a space or + sign, I
    > have an sms.asp page that receives a string in this format below
    >
    > http://acompany.co.uk/online/internal/InboundSms.asp?api_id=2920893&fro
    > m=447912956700&to=447624813579×tamp=2007-04-07+03%3A56%3A42&text=19%2Bd
    > avid
    >
    > the last part text= I need to split into 2 parts I need to read the
    > first part 19 and match that to the db and then deal with the name
    > David, I have tried everything, is there anyway of doing this even if
    > the string read text=19+david if there was a way of separating the
    > two.



    ============= test.asp ======================
    <% 'vbscript

    if request.querystring("text").count=1 then
    a = split(request.querystring("text"),"%2B")
    response.write a(0) & "<br>"
    response.write a(1) & "<br>"
    end if

    %>

    <form method='get'>
    <input name='text' value='19%2Bdavid'>
    <input type='submit'>
    </form>
    ==============================================

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
     
    Evertjan., Apr 8, 2007
    #2
    1. Advertising

  3. Simon Gare

    Simon Gare Guest

    Thanks Evertjan,

    how would the insert query look, below is what I have now but how would I
    split that when entering the data 19 into 1 field and David into another?

    Dim api_id
    Dim sentfrom
    Dim timestamp
    Dim text


    api_id = ParseString(Request.Querystring("api_id"))
    from = ParseString(Request.Querystring("from"))
    timestamp = Request.Querystring("timestamp")

    text = ParseString(Request.Querystring("text"))


    sql = "insert into dbo.SMSAPI (api_id,SentFrom,text,timestamp) values ("&
    api_id &","& from &",'"& text &"','"& paxname &"',getdate())"


    Thanks in Advance

    Simon


    "Evertjan." <> wrote in message
    news:Xns990CE084798C9eejj99@194.109.133.242...
    > Simon Gare wrote on 08 apr 2007 in
    > microsoft.public.inetserver.asp.general:
    >
    > > Hi all,
    > >
    > > is there anyway of separating a string by either a space or + sign, I
    > > have an sms.asp page that receives a string in this format below
    > >
    > > http://acompany.co.uk/online/internal/InboundSms.asp?api_id=2920893&fro
    > > m=447912956700&to=447624813579×tamp=2007-04-07+03%3A56%3A42&text=19%2Bd
    > > avid
    > >
    > > the last part text= I need to split into 2 parts I need to read the
    > > first part 19 and match that to the db and then deal with the name
    > > David, I have tried everything, is there anyway of doing this even if
    > > the string read text=19+david if there was a way of separating the
    > > two.

    >
    >
    > ============= test.asp ======================
    > <% 'vbscript
    >
    > if request.querystring("text").count=1 then
    > a = split(request.querystring("text"),"%2B")
    > response.write a(0) & "<br>"
    > response.write a(1) & "<br>"
    > end if
    >
    > %>
    >
    > <form method='get'>
    > <input name='text' value='19%2Bdavid'>
    > <input type='submit'>
    > </form>
    > ==============================================
    >
    > --
    > Evertjan.
    > The Netherlands.
    > (Please change the x'es to dots in my emailaddress)
     
    Simon Gare, Apr 8, 2007
    #3
  4. Simon Gare

    Evertjan. Guest

    Simon Gare wrote on 09 apr 2007 in
    microsoft.public.inetserver.asp.general:

    > Thanks Evertjan,


    [Please do not toppost on usenet]

    >
    > how would the insert query look, below is what I have now but how
    > would I split that when entering the data 19 into 1 field and David
    > into another?
    >
    > Dim api_id
    > Dim sentfrom
    > Dim timestamp
    > Dim text
    >
    >
    > api_id = ParseString(Request.Querystring("api_id"))


    What is ParseString() ?????????

    > from = ParseString(Request.Querystring("from"))
    > timestamp = Request.Querystring("timestamp")
    >
    > text = ParseString(Request.Querystring("text"))
    >
    >
    > sql = "insert into dbo.SMSAPI (api_id,SentFrom,text,timestamp) values
    > ("& api_id &","& from &",'"& text &"','"& paxname &"',getdate())"


    DANGEROUS! entering querystring strings directly in a SQL
    is asking for SQL Injection/Insertion Attacks.
    [read up on Insertion Attacks on the web!]

    Do as I showed you extracting the two strings:

    a = split(request.querystring("text"),"%2B")

    Then test the resulting strings for Insertion Attack characters,
    and if all is well set them into the SQL strings as you do above with
    "from" etc.



    > Thanks in Advance
    >
    > Simon
    >
    >
    > "Evertjan." <> wrote in message
    > news:Xns990CE084798C9eejj99@194.109.133.242...
    >> Simon Gare wrote on 08 apr 2007 in
    >> microsoft.public.inetserver.asp.general:
    >>
    >> > Hi all,
    >> >
    >> > is there anyway of separating a string by either a space or + sign,
    >> > I have an sms.asp page that receives a string in this format below
    >> >
    >> > http://acompany.co.uk/online/internal/InboundSms.asp?api_id=2920893&
    >> > fro
    >> > m=447912956700&to=447624813579×tamp=2007-04-07+03%3A56%3A42&text=19%
    >> > 2Bd avid
    >> >
    >> > the last part text= I need to split into 2 parts I need to read the
    >> > first part 19 and match that to the db and then deal with the name
    >> > David, I have tried everything, is there anyway of doing this even
    >> > if the string read text=19+david if there was a way of separating
    >> > the two.

    >>
    >>
    >> ============= test.asp ======================
    >> <% 'vbscript
    >>
    >> if request.querystring("text").count=1 then
    >> a = split(request.querystring("text"),"%2B")
    >> response.write a(0) & "<br>"
    >> response.write a(1) & "<br>"
    >> end if
    >>
    >> %>
    >>
    >> <form method='get'>
    >> <input name='text' value='19%2Bdavid'>
    >> <input type='submit'>
    >> </form>
    >> ==============================================
    >>
    >> --
    >> Evertjan.
    >> The Netherlands.
    >> (Please change the x'es to dots in my emailaddress)

    >
    >
    >




    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
     
    Evertjan., Apr 9, 2007
    #4
  5. Simon Gare

    Simon Gare Guest

    Sorry Evertjan its not working, need to match the first part of the
    querystring against one table i.e. 19 and enter the second part i.e. David
    into another table along with other info.

    Sorry to be a pain but cannot separate the 2 apart even with your solution,
    more assistance would be greatly appreciated.

    Regards
    Simon
    "Evertjan." <> wrote in message
    news:Xns990D877AD995Deejj99@194.109.133.242...
    > Simon Gare wrote on 09 apr 2007 in
    > microsoft.public.inetserver.asp.general:
    >
    > > Thanks Evertjan,

    >
    > [Please do not toppost on usenet]
    >
    > >
    > > how would the insert query look, below is what I have now but how
    > > would I split that when entering the data 19 into 1 field and David
    > > into another?
    > >
    > > Dim api_id
    > > Dim sentfrom
    > > Dim timestamp
    > > Dim text
    > >
    > >
    > > api_id = ParseString(Request.Querystring("api_id"))

    >
    > What is ParseString() ?????????
    >
    > > from = ParseString(Request.Querystring("from"))
    > > timestamp = Request.Querystring("timestamp")
    > >
    > > text = ParseString(Request.Querystring("text"))
    > >
    > >
    > > sql = "insert into dbo.SMSAPI (api_id,SentFrom,text,timestamp) values
    > > ("& api_id &","& from &",'"& text &"','"& paxname &"',getdate())"

    >
    > DANGEROUS! entering querystring strings directly in a SQL
    > is asking for SQL Injection/Insertion Attacks.
    > [read up on Insertion Attacks on the web!]
    >
    > Do as I showed you extracting the two strings:
    >
    > a = split(request.querystring("text"),"%2B")
    >
    > Then test the resulting strings for Insertion Attack characters,
    > and if all is well set them into the SQL strings as you do above with
    > "from" etc.
    >
    >
    >
    > > Thanks in Advance
    > >
    > > Simon
    > >
    > >
    > > "Evertjan." <> wrote in message
    > > news:Xns990CE084798C9eejj99@194.109.133.242...
    > >> Simon Gare wrote on 08 apr 2007 in
    > >> microsoft.public.inetserver.asp.general:
    > >>
    > >> > Hi all,
    > >> >
    > >> > is there anyway of separating a string by either a space or + sign,
    > >> > I have an sms.asp page that receives a string in this format below
    > >> >
    > >> > http://acompany.co.uk/online/internal/InboundSms.asp?api_id=2920893&
    > >> > fro
    > >> > m=447912956700&to=447624813579×tamp=2007-04-07+03%3A56%3A42&text=19%
    > >> > 2Bd avid
    > >> >
    > >> > the last part text= I need to split into 2 parts I need to read the
    > >> > first part 19 and match that to the db and then deal with the name
    > >> > David, I have tried everything, is there anyway of doing this even
    > >> > if the string read text=19+david if there was a way of separating
    > >> > the two.
    > >>
    > >>
    > >> ============= test.asp ======================
    > >> <% 'vbscript
    > >>
    > >> if request.querystring("text").count=1 then
    > >> a = split(request.querystring("text"),"%2B")
    > >> response.write a(0) & "<br>"
    > >> response.write a(1) & "<br>"
    > >> end if
    > >>
    > >> %>
    > >>
    > >> <form method='get'>
    > >> <input name='text' value='19%2Bdavid'>
    > >> <input type='submit'>
    > >> </form>
    > >> ==============================================
    > >>
    > >> --
    > >> Evertjan.
    > >> The Netherlands.
    > >> (Please change the x'es to dots in my emailaddress)

    > >
    > >
    > >

    >
    >
    >
    > --
    > Evertjan.
    > The Netherlands.
    > (Please change the x'es to dots in my emailaddress)
     
    Simon Gare, Apr 9, 2007
    #5
  6. Simon Gare

    Evertjan. Guest

    Simon Gare wrote on 10 apr 2007 in
    microsoft.public.inetserver.asp.general:

    > Sorry Evertjan its not working, need to match the first part of the
    > querystring against one table i.e. 19 and enter the second part i.e.
    > David into another table along with other info.
    >
    > Sorry to be a pain but cannot separate the 2 apart even with your
    > solution, more assistance would be greatly appreciated.
    >
    > Regards
    > Simon
    > "Evertjan." <> wrote in message
    > news:Xns990D877AD995Deejj99@194.109.133.242...
    >> Simon Gare wrote on 09 apr 2007 in
    >> microsoft.public.inetserver.asp.general:
    >>
    >> > Thanks Evertjan,

    >>
    >> [Please do not toppost on usenet]


    If you keep on toposting I will not go on with this thread.

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
     
    Evertjan., Apr 9, 2007
    #6
  7. "Simon Gare" <> wrote in message
    news:uhD%...
    > Hi all,
    >
    > is there anyway of separating a string by either a space or + sign, I have
    > an sms.asp page that receives a string in this format below
    >
    >

    http://acompany.co.uk/online/intern...813579×tamp=2007-04-07 03:56:42&text=19+david
    >
    > the last part text= I need to split into 2 parts I need to read the first
    > part 19 and match that to the db and then deal with the name David, I have
    > tried everything, is there anyway of doing this even if the string read
    > text=19+david if there was a way of separating the two.
    >
    > Thanks in advance.
    >
    > Regards
    > Simon Gare
    > The Gare Group Limited
    >
    > website: www.thegaregroup.co.uk
    > website: www.privatehiresolutions.co.uk
    >
    >


    aText = Split(Request.QueryString("text"), "+")

    aText(0) will be "19" and aText(1) will be "david"

    The %2B is an escape code for + because + is used converted to space by some
    url encoders.

    I think what you really need to do is make sure the code that generated the
    URL in the first place does so in a consitent manner.
     
    Anthony Jones, Apr 10, 2007
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mehdi
    Replies:
    6
    Views:
    36,251
    sloan
    Apr 6, 2006
  2. =?Utf-8?B?TWlrZQ==?=

    Querystring Issue - ASP.NET within ASP site's IFRAME

    =?Utf-8?B?TWlrZQ==?=, Jul 12, 2007, in forum: ASP .Net
    Replies:
    2
    Views:
    807
    =?Utf-8?B?TWlrZQ==?=
    Jul 12, 2007
  3. Srini
    Replies:
    11
    Views:
    991
    Arne Vajhøj
    Jun 1, 2008
  4. Adeel Ahmad
    Replies:
    1
    Views:
    583
    Anthony Jones
    Mar 7, 2006
  5. Simon Gare

    Querystring issue with the + sign separator

    Simon Gare, Oct 23, 2007, in forum: ASP General
    Replies:
    2
    Views:
    135
    Simon Gare
    Oct 23, 2007
Loading...

Share This Page