Creating a String based upon textbox value

[andym]

Dear All,

I wish to have an ASP page that displays a predetermined date in the
middle of a string. I wish this date to be set in a seperate control
panel type page. I am hoping somebody could help me.

eg ...

A page called "Confirm.asp" has text ... "These prices are valid until
28th Feb 2006". I currently have to go and hard code the date in
whenever there is a need to change it.

I would like to be able to set this date from another page (eg
"SetDate.asp"), where I type the date in a textbox, click on an "OK"
button, then whenever "Confirm.asp" is opened in the future it picks up
the entered date.

Most form type of code I have found seems to want to email the value in
the textbox somewhere ... which is obviously not what I am after.

Many Thanks...


andym

 

[Griff]

I assume from what you've written that this is not a rolling date (i.e.
today plus X days), or even the last day of this month? If so, then these
should both be calculatable in VBScript within the ASP code.

If it's a non-calculatable value then it strikes me that this needs to be
durable data held ideally in a database.

If you don't have access to a database then I guess you could write the
value entered in setDate.asp to a text file (beware file security
permissions - you don't want to open your file system up to ALL your
guests). The "Confirm.asp" file could first check to see if it's cached
this value in (say) the application cache, otherwise it would have to
retrieve it from the text file.

 

[andym]

Griff,

thanks for your reply.

To answer your questions, there is no rolling date, it doesn't have to
be the end of the month - it is non-calculatable, and will be business
decision driven.

I don't have a database to work with. I just need that value stored so
it can be used as a point of reference when the "Confirm.asp" page is
opened.

I am guessing as it will be just a date then security is not an issue?
I no gripe if anybody wants to hack into the system and find a date.

Regards,

andym

 

[Griff]

I am guessing as it will be just a date then security is not an issue?
I no gripe if anybody wants to hack into the system and find a date.

What I meant here is that if you start allowing the internet guest account
write permissions to the file system then make sure you control it.
Otherwise it's very easy for someone to write an ASP code file with
malicious code in it and run it....

 

[andym]

Thanks Griff..

The date will be added from an area of the website where you need a
password to access it. Hopefully that will limit it to only the two
people who do have access.

Any tips on how to knck this ting off? Any tuts on the net that would
help me?

Regards,

andym

 

[Evertjan.]

andym wrote on 09 feb 2006 in microsoft.public.inetserver.asp.general:

he date will be added from an area of the website where you need a
password to access it. Hopefully that will limit it to only the two
people who do have access.

Any tips on how to knck this ting off? Any tuts on the net that would
help me?

Please quote what you are replying to.

If you want to post a followup via groups.google.com, don't use the
"Reply" link at the bottom of the article. Click on "show options" at the
top of the article, then click on the "Reply" at the bottom of the article
headers. <http://www.safalra.com/special/googlegroupsreply/>

 

[Mark J. McGinty]

Thanks Griff..

The date will be added from an area of the website where you need a
password to access it. Hopefully that will limit it to only the two
people who do have access.

Any tips on how to knck this ting off? Any tuts on the net that would
help me?

Here's a really simple way to implement abstracted storage of text:

<!-- begin displayexternaldate.asp -->
<html>
<body>
<span>
The externally stored date value (actually, just text) is:
<!-- #include file="datestorage.asp" -->. All this text
will be displayed inline, because HTML ignores white space.
</span>
</body>
</html>

<!-- end displayexternaldate.asp -->

The referenced file datestorage.asp contains only the date string.

Then overwrite the file datestorage.asp using an ASP page similar the
example I've included below.

Note that if the people authorized to use the overwrite.asp page have NT
accounts on the server (that are permitted to write files to the web
directory), you can set NTFS permissions on the overwrite.asp file that deny
access to the anonymous user, and will thus both force HTTP Auth, and run in
the context of the user that logs in. That would be the icing on your
security cake.

Otherwise the anonymous user will need NTFS permissions to create and change
files (not to be confused with IIS permissions to write to the directory,
which are unnecessary in this case.) If you're stuck with that, I would
suggest creating a separate directory for the date storage file, and grant
appropriate NTFS permissions to that directory, rather than your web app
directory, just to limit damage potential as much as possible. (Adjust path
values in examples as necessary.)

Hope this helps...

-Mark


<!-- begin overwrite.asp -->
<%
Dim NewDate
NewDate = Request.Form("NewDate")

' rudimentary protection against use of this to create executable
' code on the server
'
NewDate = Replace(NewDate, "<", "&gt;")

If Len(NewDate) > 0 then
' another rudimentary security/validity check
If Not IsDate(NewDate) Then
Response.Write "Invalid input: '" & NewDate & "' not a recognizable date."
Response.End
End If

Dim fso, oFile
Set fso = CreateObject("Scripting.FileSystemObject")
Set oFile = fso.CreateTextFile(Server.MapPath("datestorage.asp"), True)
oFile.WriteLine(NewDate)
oFile.Close

Response.Write "Date file has been rewritten."
Response.End
End If

%>
<html>
<body>
<form action=# method=POST>
Enter a date: <input type=text name=NewDate /><br>
<input type=submit />
</form>
</body>
</html>
<!-- end overwrite.asp -->

 

[andym]

Here's a really simple way to implement abstracted storage of text:

<!-- begin displayexternaldate.asp -->
<html>
<body>
<span>
The externally stored date value (actually, just text) is:
<!-- #include file="datestorage.asp" -->. All this text
will be displayed inline, because HTML ignores white space.
</span>
</body>
</html>

<!-- end displayexternaldate.asp -->

The referenced file datestorage.asp contains only the date string.

Then overwrite the file datestorage.asp using an ASP page similar the
example I've included below.

Note that if the people authorized to use the overwrite.asp page have NT
accounts on the server (that are permitted to write files to the web
directory), you can set NTFS permissions on the overwrite.asp file that deny
access to the anonymous user, and will thus both force HTTP Auth, and run in
the context of the user that logs in. That would be the icing on your
security cake.

Otherwise the anonymous user will need NTFS permissions to create and change
files (not to be confused with IIS permissions to write to the directory,
which are unnecessary in this case.) If you're stuck with that, I would
suggest creating a separate directory for the date storage file, and grant
appropriate NTFS permissions to that directory, rather than your web app
directory, just to limit damage potential as much as possible. (Adjust path
values in examples as necessary.)

Hope this helps...

-Mark


<!-- begin overwrite.asp -->
<%
Dim NewDate
NewDate = Request.Form("NewDate")

' rudimentary protection against use of this to create executable
' code on the server
'
NewDate = Replace(NewDate, "<", "&gt;")

If Len(NewDate) > 0 then
' another rudimentary security/validity check
If Not IsDate(NewDate) Then
Response.Write "Invalid input: '" & NewDate & "' not a recognizable date."
Response.End
End If

Dim fso, oFile
Set fso = CreateObject("Scripting.FileSystemObject")
Set oFile = fso.CreateTextFile(Server.MapPath("datestorage.asp"), True)
oFile.WriteLine(NewDate)
oFile.Close

Response.Write "Date file has been rewritten."
Response.End
End If

%>
<html>
<body>
<form action=# method=POST>
Enter a date: <input type=text name=NewDate /><br>
<input type=submit />
</form>
</body>
</html>
<!-- end overwrite.asp -->

Mark,

many thanks for your reply and your example...

I shall put your advice into practise over the next couple of days.

Most appreciated,

Regards,

andym