Comparing Results From 2 Different Arrays (checkboxes)

**jhd1967** · 07-14-2009 03:22 PM

I have two arrays which are values for checkboxes and I need to compare them on the next page when they get submited, The first array I created which is the checkbox values that were selected previously:

1st page:

Code:

<input type='checkbox' name="compare" value="131717"/>

  <input type='checkbox' name="compare"  value="131719"/>

2page.asp?compare=131717&compare=131719

i did try to use this script

Code:

<% Dim Connection, Recordset
Dim sSQL, sConnString, iColumnSpan

sSQL="SELECT *  FROM news WHERE newsid IN (" & Replace( Request.QueryString("compare"), "'", "''") & ")"
sConnString="Provider=SQLOLEDB.1;......."

Set connection = Server.CreateObject("ADODB.Connection")
Set recordset = Server.CreateObject("ADODB.Recordset")

connection.Open sConnString

recordset.Open sSQL,connection
If Recordset.EOF Then
Response.Write("No records returned.")
Else

Response.write "<table width=""100%"" border=""1"">" %>

But i am vulnerable to sql injection using this method.

Any Help Thank you

**yamaharuss** · 07-14-2009 04:22 PM

Why not loop the array rather than using IN().. then clean the string before the query.. or better yet, use a sproc if possible.

**jhd1967** · 07-14-2009 06:57 PM

Thanks for your reply

Not sure how to this can you point me to a tutorial or give more detail how to that.
Thank you

**yamaharuss** · 07-14-2009 08:23 PM

See my post here:

http://www.webdeveloper.com/forum/sh...d.php?t=213019

**jhd1967** · 07-16-2009 10:17 AM

i am still struggling with this.

this is what i have so far:
page2.asp?compare=131717&compare=131719

i did try to use this script

<%
'declare your variables
Dim Connection, Recordset
Dim sSQL, sConnString, iColumnSpan,i,compare
For i=1 To Request.queryString("compare").Count
If Request.queryString("compare")(i)<>"" Then

End If
Next

sSQL="SELECT * FROM news WHERE newsid IN (" & compare& ")"

sConnString="Provider=SQLOLEDB....."

Set connection = Server.CreateObject("ADODB.Connection")
Set recordset = Server.CreateObject("ADODB.Recordset")

connection.Open sConnString

recordset.Open sSQL,connection
If Recordset.EOF Then
Response.Write("No records returned.")
Else

Response.write "<table width=""100%"" border=""1"">"

iColumnSpan=0
response.write "<tr>"
Do While Not recordset.EOF

If iColumnSpan=3 Then
response.write "</tr><tr>"
iColumnSpan=0
End If

response.write "<td>"
response.write recordset("title") & " " & recordset("description")
response.write "</td>"

iColumnSpan=iColumnSpan + 1

Recordset.MoveNext
Loop

response.write "</tr>"
Response.write "</table>"

End If

Recordset.Close
Connection.Close
Set Recordset = Nothing
Set Connection = Nothing
%>
But doesn't work
Any Help Thank you

**yamaharuss** · 07-16-2009 10:46 AM

Of course it won't work. You don't declare your "compare" variable and you're not doing anything at all within the loop.

**criterion9** · 07-16-2009 11:39 AM

page2.asp?compare=131717&compare=131719

This will not work. You need to use two different get variables such as

Code:

page2.asp?compareA=131717&compareB=131719

Otherwise I believe the asp engine parses the second value over top the first one.

Thread: Comparing Results From 2 Different Arrays (checkboxes)

Thread Tools

Display

Comparing Results From 2 Different Arrays (checkboxes)

Comparing Results From 2 Different Arrays (checkboxes)

Thread Information

Users Browsing this Thread

Bookmarks

Bookmarks

Posting Permissions