Submitting a form that checks entyered data is not in an exclusion list

Discussion in 'ASP General' started by mphillips, Mar 7, 2006.

  1. mphillips

    mphillips Guest

    I have an ASP form that users enter a number into. The form then posts
    the number with a hidden login and password to a web address which
    opens in a new window. However, I want make sure that the number they
    enter is not one of the numbers I have in an Access database table that
    contains a list of numbers they are not allowed to enter. How can I do
    this?
     
    mphillips, Mar 7, 2006
    #1
    1. Advertisements

  2. mphillips

    Mike Brind Guest

    set rs = conn.execute("SELECT restrictedNumber FROM table WHERE
    restrictedNumber = " & Request.Form("inputNumber"))
    if not rs.eof then
    'user can't proceed because there is a match
    else
    'user can
    end if
     
    Mike Brind, Mar 7, 2006
    #2
    1. Advertisements

  3. This is the correct solution, as far as it goes. however, don't forget your
    server-side validation. This technique is susceptible to sql injection.
    http://mvp.unixwiz.net/techtips/sql-injection.html
    http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23

    Far better is to:

    1. validate user inputs in server-side code (e.g., make sure numbers contain
    only numbers)
    2. use parameters instead of dynamic sql.
    http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36562fee7804e

    Better yet, use saved parameter queries:
    http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/b3d322b882a604bd
     
    Bob Barrows [MVP], Mar 7, 2006
    #3
  4. mphillips

    mphillips Guest

    Thanks for your help I will give it a go and see if I can get it to
    work.

    Mal
     
    mphillips, Mar 8, 2006
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.