Pass a vbscript String list to a SQL "in"operator -

-

in vb script have select statement trying pass string value undetermined length sql in operator below code works allows sql injection.

i looking way use ado createparameter method. believe different ways have tried getting caught in data type (advarchar, adlongchar, adlongwchar)

    dim studentid  studentid = getrequestparam("studentid")  dim rsgetdata, dbcommand     set dbcommand = server.createobject("adodb.command")     set rsgetdata = server.createobject("adodb.recordset")     dbcommand.commandtype = adcmdtext     dbcommand.activeconnection = dbconn dbcommand.commandtext = "select * students studentid in (" & studentid & ")" set rsgetdata = dbcommand.execute()

i have tried

call addparameter(dbcommand, "studentid", advarchar, adparaminput, nothing, studentid)

which gives me error adodb.parameters error '800a0e7c' problems adding parameter (studentid)=('sid0001','sid0010') :parameter object improperly defined. inconsistent or incomplete information provided.

i have tried

call addparameter(dbcommand, "studentid", adlongvarchar, adparaminput, nothing, studentid)

and

    dim studentid  studentid = getrequestparam("studentid")  dim slength slength = len(studentid) response.write(slength)  dim rsgetdata, dbcommand     set dbcommand = server.createobject("adodb.command")     set rsgetdata = server.createobject("adodb.recordset")     dbcommand.commandtype = adcmdtext     dbcommand.activeconnection = dbconn dbcommand.commandtext = "select * students studentid in (?)"     call addparameter(dbcommand, "studentid", advarchar, adparaminput, slength, studentid) set rsgetdata = dbcommand.execute()

both of these options don't anything... no error message , sql not executed.

additional information:

studentid being inputted through html form textarea. design able have user input list of student id's (up 1000 lines) , perform actions on these student profiles. in javascript on previous asp have function takes list , changes comma delimited list '' around each element in list.

classic asp not have support this. need fall 1 of alternatives discussed here:

http://www.sommarskog.se/arrays-in-sql-2005.html

that article kind of long, in way: it's considered many standard work on subject.

it happens preferred option not included in article. use holding table each individual item in list, such each item uses ajax request insert or remove holding table moment user selects or de-selects it. join table list, end this:

select s.*  students s inner join studentselections ss on s.studentid = ss.studentid ss.sessionkey = ?

Comments

Post a Comment

Popular posts from this blog

git - Initial Commit: "fatal: could not create leading directories of ..." -

-
i trying make initial commit git repository on github unity project. followed along this guide am. note: reason or another, couldn't set unity's asset serialization mode force text, settled on mixed (which believe should work). when call git clone --bare . , error. note not creator of repository , contributor (though making initial commit). here's in terminal (i'm using git bash): welcome git (version 1.8.4-preview20130916) run 'git git' display index. run 'git <command>' display specific commands. cheddar@cheddar-pc ~ $ cd documents/ics168swarch/ cheddar@cheddar-pc ~/documents/ics168swarch $ git init initialized empty git repository in c:/users/cheddar/documents/ics168swarch/.git / cheddar@cheddar-pc ~/documents/ics168swarch (master) $ git add . warning: lf replaced crlf in assets/prefabs.meta. file have original line endings in working directory. warning: lf replaced crlf in assets/prefabs/pellet.prefab.meta. file have original ...
Read more

multithreading - OPAL (Open Phone Abstraction Library) Transport not terminated when reattaching thread? -

-
i in process of writing application using opal makes h323 calls. have looked online number of working examples , have managed put resembles should like, @ present able call external ip via application when accept call craps out , dies. leaving me with: 0:12.949 setupcall:8752 sert.cxx(259) assertion fail: transport not terminated when reattaching thread , file d:\voip\software\opal\src\opal\transports.cxx, line 1021 passertfunc(0xde3f88, 0xffffffffd228226f, 0, 0) + 0x82 passertfunc(0x10d6e5f8, 0x3fd, 0, 0x10d6eb98) + 0x15b opaltransport::attachthread(0xde5870, 0xffffffffd22fc76b, 0, 0) + 0x96 h323connection::setupconnection(0xffffffffd22fc713, 0, 0, 0xde6ea8) + 0x196 asynchcallsetup(0x10d3572c, 0, 0, 0xdd0108) + 0x7c pthread1arg<psafeptr<opalconnection,psafeptrbase> >::main(0xffffffffd2282faf from have deduced, perhaps incorrectly if there thread lock issue caused (possibly arising fact application sending expected h323 call, throwing in c...
Read more