www.webdeveloper.com
Results 1 to 7 of 7

Thread: Comparing Results From 2 Different Arrays (checkboxes)

  1. #1
    Join Date
    May 2009
    Posts
    9

    Comparing Results From 2 Different Arrays (checkboxes)

    I have two arrays which are values for checkboxes and I need to compare them on the next page when they get submited, The first array I created which is the checkbox values that were selected previously:

    1st page:

    Code:
    <input type='checkbox' name="compare" value="131717"/>
    
      <input type='checkbox' name="compare"  value="131719"/>
    2page.asp?compare=131717&compare=131719

    i did try to use this script

    Code:
    <% Dim Connection, Recordset
    Dim sSQL, sConnString, iColumnSpan
    
    sSQL="SELECT *  FROM news WHERE newsid IN (" & Replace( Request.QueryString("compare"), "'", "''") & ")"
    sConnString="Provider=SQLOLEDB.1;......."
    
    Set connection = Server.CreateObject("ADODB.Connection")
    Set recordset = Server.CreateObject("ADODB.Recordset")
    
    connection.Open sConnString
    
    recordset.Open sSQL,connection
    If Recordset.EOF Then
    Response.Write("No records returned.")
    Else
    
    Response.write "<table width=""100%"" border=""1"">" %>

    But i am vulnerable to sql injection using this method.

    Any Help Thank you

  2. #2
    Join Date
    Jan 2008
    Location
    Florida
    Posts
    1,227
    Why not loop the array rather than using IN().. then clean the string before the query.. or better yet, use a sproc if possible.

  3. #3
    Join Date
    May 2009
    Posts
    9

    Comparing Results From 2 Different Arrays (checkboxes)

    Thanks for your reply

    Not sure how to this can you point me to a tutorial or give more detail how to that.
    Thank you

  4. #4
    Join Date
    Jan 2008
    Location
    Florida
    Posts
    1,227

  5. #5
    Join Date
    May 2009
    Posts
    9
    i am still struggling with this.

    this is what i have so far:
    page2.asp?compare=131717&compare=131719

    i did try to use this script

    <&#37;
    'declare your variables
    Dim Connection, Recordset
    Dim sSQL, sConnString, iColumnSpan,i,compare
    For i=1 To Request.queryString("compare").Count
    If Request.queryString("compare")(i)<>"" Then

    End If
    Next

    sSQL="SELECT * FROM news WHERE newsid IN (" & compare& ")"

    sConnString="Provider=SQLOLEDB....."

    Set connection = Server.CreateObject("ADODB.Connection")
    Set recordset = Server.CreateObject("ADODB.Recordset")

    connection.Open sConnString

    recordset.Open sSQL,connection
    If Recordset.EOF Then
    Response.Write("No records returned.")
    Else


    Response.write "<table width=""100%"" border=""1"">"

    iColumnSpan=0
    response.write "<tr>"
    Do While Not recordset.EOF

    If iColumnSpan=3 Then
    response.write "</tr><tr>"
    iColumnSpan=0
    End If

    response.write "<td>"
    response.write recordset("title") & " " & recordset("description")
    response.write "</td>"

    iColumnSpan=iColumnSpan + 1


    Recordset.MoveNext
    Loop

    response.write "</tr>"
    Response.write "</table>"

    End If

    Recordset.Close
    Connection.Close
    Set Recordset = Nothing
    Set Connection = Nothing
    %>
    But doesn't work
    Any Help Thank you

  6. #6
    Join Date
    Jan 2008
    Location
    Florida
    Posts
    1,227
    Of course it won't work. You don't declare your "compare" variable and you're not doing anything at all within the loop.

  7. #7
    Join Date
    Jan 2009
    Location
    Ohio
    Posts
    3,356
    page2.asp?compare=131717&compare=131719
    This will not work. You need to use two different get variables such as
    Code:
    page2.asp?compareA=131717&compareB=131719
    Otherwise I believe the asp engine parses the second value over top the first one.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center

"

"

X vBulletin 4.2.2 Debug Information

  • Page Generation 0.18698 seconds
  • Memory Usage 2,903KB
  • Queries Executed 13 (?)
More Information
Template Usage (34):
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_global_above_footer
  • (1)ad_global_below_navbar
  • (1)ad_global_header1
  • (1)ad_global_header2
  • (1)ad_navbar_below
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)ad_thread_first_post_content
  • (1)ad_thread_last_post_content
  • (3)bbcode_code
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)headinclude_bottom
  • (7)memberaction_dropdown
  • (1)navbar
  • (4)navbar_link
  • (1)navbar_moderation
  • (1)navbar_noticebit
  • (1)navbar_tabs
  • (2)option
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available (6):
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files (26):
  • ./showthread.php
  • ./global.php
  • ./includes/class_bootstrap.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/functions_navigation.php
  • ./includes/class_friendly_url.php
  • ./includes/class_hook.php
  • ./includes/class_bootstrap_framework.php
  • ./vb/vb.php
  • ./vb/phrase.php
  • ./includes/functions_facebook.php
  • ./includes/functions_calendar.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_notice.php
  • ./packages/vbattach/attach.php
  • ./vb/types.php
  • ./vb/cache.php
  • ./vb/cache/db.php
  • ./vb/cache/observer/db.php
  • ./vb/cache/observer.php 

Hooks Called (70):
  • init_startup
  • friendlyurl_resolve_class
  • init_startup_session_setup_start
  • database_pre_fetch_array
  • database_post_fetch_array
  • init_startup_session_setup_complete
  • global_bootstrap_init_start
  • global_bootstrap_init_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • load_show_variables
  • load_forum_show_variables
  • global_state_check
  • global_bootstrap_complete
  • global_start
  • style_fetch
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • strip_bbcode
  • friendlyurl_clean_fragment
  • friendlyurl_geturl
  • forumjump
  • cache_templates
  • cache_templates_process
  • template_register_var
  • template_render_output
  • fetch_template_start
  • fetch_template_complete
  • parse_templates
  • fetch_musername
  • notices_check_start
  • notices_noticebit
  • process_templates_complete
  • friendlyurl_redirect_canonical
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • memberaction_dropdown
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • build_navigation_data
  • build_navigation_array
  • check_navigation_permission
  • process_navigation_links_start
  • process_navigation_links_complete
  • set_navigation_menu_element
  • build_navigation_menudata
  • build_navigation_listdata
  • build_navigation_list
  • set_navigation_tab_main
  • set_navigation_tab_fallback
  • navigation_tab_complete
  • fb_like_button
  • showthread_complete
  • page_templates