Session and sql help

P

Paul M

Hi
is it possible to have a session as a variable in a sql statement like
(ID = ::ID:: AND User_name= '::a session object::')

Paul M
 
T

Thomas A. Rowe

Yes.

ID = request.something
User = Session("User")

(ID = '"& ID & "' AND User_name = '"& User & "')

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 
P

Paul M

Thanks Thomas
I am trying to incorporate it into a select statement created by the DRW.
Can I declare the session object variable anywhere on the page or does it
have to be within the database results region. If its the latter then do you
know how to stop the DRW from re creating itself and overwriting any code I
put in or do you know how to incorporate it . There are things in the grey
code such as s-columnnames can these be manipulated?
Best wishes
Paul M
 
J

Jon Spivey

Hi Paul,
Not directly - the FP wizard takes values from forms or the querystring -
the easiest way would be to stick the session var in a querystring var like
this
<%
if request.querystring("user") = "" then
response.redirect request.servervariables("SCRIPT_NAME") & "?user=" &
session("user")
end if
%>
now we can use a query like this
select * from table where ID = ::ID:: AND User_name= '::user::'
 
P

Paul M

Thanks Jon
Can you talk me through this code I am not sure what this line is doing

response.redirect request.servervariables("SCRIPT_NAME") & "?user=" &

should I be replacing ("SCRIPT_NAME") with anything
I presume that I change "user" to the name of my session object
Thanks
Paul M
 
J

Jon Spivey

Hi,
Just replace session("user") with the name of your session var then stick
the code at the top of the page. Try it out and it should become clear
 
P

Paul M

This is the code and sql I have created just in case I have done something
Placed at the top of the page

<%
if request.querystring("user") = "" then
response.redirect request.servervariables("SCRIPT_NAME") & "?user=" &
session("adminID")
end if
%>

this in the sql

fp_sQry="SELECT * FROM Results WHERE ID = ::ID:: AND User_name= '::user::'"
 
J

Jon Spivey

Ah, I didn't realise you already had a querystring var. In that case
<%
if request.querystring("user") = "" then
response.redirect request.servervariables("SCRIPT_NAME") & "?id=" &
request.querystring("id") & "&user=" & session("adminID")
end if
%>
Rest as you have it
 
P

Paul M

Thanks
Jon
I now get this syntax error
response.redirect request.servervariables("SCRIPT_NAME") & "?id=" &
---------------------------------------------------------------------------^

Paul M
 
J

Jon Spivey

Paul,
The line starting response.redirect up to "&user=" & session("adminID")
needs to be all on one line I've just tested the code myself and it works
fine. If you're still stuck send me this page offlist (e-mail address removed) and I'll
fix it up. If you can get it to me in the next half hour or so I'll do it
tonight if not it'll be morning
 
P

Paul M

Thanks Jon
That works
Only one problem with my plan, it now shows the username in the querystring
in the URL.
The idea was to stop someone just changing the id in the querystring and
recieving someone elses details. The username in the querystring works as
you now need to know both the id and the username to b recieve a
recordset,is there a way of changing the username into a password type
field ie just dots instead of words or something
Thanks Again for helping and for willing to help me offlist
Paul M
 
S

Stefan B Rusynko

That is why you should not be using a parameter to pass any of the info from page to page
- anyone can edit it in teh browser address bar and your security risk is increased

In your case you have
http://www.website.com/edit.asp?ID=78

In the sending page set ID as a session variable before you send
Session("ID") = 78
Session("adminID") = "whatever"

and send the link as
http://www.website.com/edit.asp

<%
If Session("ID") <>"" Then
id = Session("ID")
If Session("adminID") = "" then
user= Session("adminID")
Else
' do something else
End If
' process it
Else
' do something else
End If
%>




| Thanks Jon
| That works
| Only one problem with my plan, it now shows the username in the querystring
| in the URL.
| The idea was to stop someone just changing the id in the querystring and
| recieving someone elses details. The username in the querystring works as
| you now need to know both the id and the username to b recieve a
| recordset,is there a way of changing the username into a password type
| field ie just dots instead of words or something
| Thanks Again for helping and for willing to help me offlist
| Paul M
| | > Paul,
| > The line starting response.redirect up to "&user=" & session("adminID")
| > needs to be all on one line I've just tested the code myself and it works
| > fine. If you're still stuck send me this page offlist (e-mail address removed) and
| > I'll fix it up. If you can get it to me in the next half hour or so I'll
| > do it tonight if not it'll be morning
| >
| > --
| > Cheers,
| > Jon
| > Microsoft MVP
| >
| >
| >
| > | >> Thanks
| >> Jon
| >> I now get this syntax error
| >> response.redirect request.servervariables("SCRIPT_NAME") & "?id=" &
| >> ---------------------------------------------------------------------------^
| >>
| >> Paul M
| >>
| >> | >>> Ah, I didn't realise you already had a querystring var. In that case
| >>> <%
| >>> if request.querystring("user") = "" then
| >>> response.redirect request.servervariables("SCRIPT_NAME") & "?id=" &
| >>> request.querystring("id") & "&user=" & session("adminID")
| >>> end if
| >>> %>
| >>> Rest as you have it
| >>>
| >>> --
| >>> Cheers,
| >>> Jon
| >>> Microsoft MVP
| >>>
| >>> | >>>> This is the code and sql I have created just in case I have done
| >>>> something
| >>>> Placed at the top of the page
| >>>>
| >>>> <%
| >>>> if request.querystring("user") = "" then
| >>>> response.redirect request.servervariables("SCRIPT_NAME") & "?user=" &
| >>>> session("adminID")
| >>>> end if
| >>>> %>
| >>>>
| >>>> this in the sql
| >>>>
| >>>> fp_sQry="SELECT * FROM Results WHERE ID = ::ID:: AND User_name=
| >>>> '::user::'"
| >>>>
| >>>>
| >>>>
| >>>> | >>>>> Hi,
| >>>>> Just replace session("user") with the name of your session var then
| >>>>> stick the code at the top of the page. Try it out and it should become
| >>>>> clear
| >>>>>
| >>>>> --
| >>>>> Cheers,
| >>>>> Jon
| >>>>> Microsoft MVP
| >>>>>
| >>>>> | >>>>>> Thanks Jon
| >>>>>> Can you talk me through this code I am not sure what this line is
| >>>>>> doing
| >>>>>>
| >>>>>> response.redirect request.servervariables("SCRIPT_NAME") & "?user=" &
| >>>>>>
| >>>>>> should I be replacing ("SCRIPT_NAME") with anything
| >>>>>> I presume that I change "user" to the name of my session object
| >>>>>> Thanks
| >>>>>> Paul M
| >>>>>>
| >>>>>> | >>>>>>> Hi Paul,
| >>>>>>> Not directly - the FP wizard takes values from forms or the
| >>>>>>> querystring - the easiest way would be to stick the session var in a
| >>>>>>> querystring var like this
| >>>>>>> <%
| >>>>>>> if request.querystring("user") = "" then
| >>>>>>> response.redirect request.servervariables("SCRIPT_NAME") & "?user="
| >>>>>>> & session("user")
| >>>>>>> end if
| >>>>>>> %>
| >>>>>>> now we can use a query like this
| >>>>>>> select * from table where ID = ::ID:: AND User_name= '::user::'
| >>>>>>>
| >>>>>>> --
| >>>>>>> Cheers,
| >>>>>>> Jon
| >>>>>>> Microsoft MVP
| >>>>>>>
| >>>>>>> | >>>>>>>> Hi
| >>>>>>>> is it possible to have a session as a variable in a sql statement
| >>>>>>>> like
| >>>>>>>> (ID = ::ID:: AND User_name= '::a session object::')
| >>>>>>>>
| >>>>>>>> Paul M
| >>>>>>>>
| >>>>>>>
| >>>>>>>
| >>>>>>
| >>>>>>
| >>>>>
| >>>>>
| >>>>
| >>>>
| >>>
| >>>
| >>
| >>
| >
| >
|
|
 
P

Paul M

Thanks Stefan
The problem is this. I need to add the session var to the querystring so
that the DRW can use the info to retrive the recordset. is there a way to
add a string from sessions that the DRW can read without putting it in the
URL?
in the my projects page, is there a way of creating the session ID of the
project when the link to the edit.asp is clicked. I have tried it and the
session id is created from the bottom recordset.

This is how I am working it at the moment
There is a page called my projects, you enter your password and then the
page queries the database and retreives short descriptions of projects, a
session of your password is then created.
On each recordset/project there is a link to an edit.asp which adds the
project ID to the querystring
In the edit.asp code the password session is added to the querystring as
below.

<%
if request.querystring("user") = "" then
response.redirect request.servervariables("SCRIPT_NAME") & "?ID=" &
request.querystring("ID") & "&user=" & session("password")
end if
%>

These vars are then used in a select sql to bring up the project details in
full
Now to recieve another project you have to know the password for that
project or have created the password session in the my projects page.
Thanks
Paul M
 
P

Paul M

OK
I have another idea, would this work?
I create sessions of the project ID and password when the link on the
myprojects page is clicked it links to an edit.asp which has a DRW with a
form with hidden fields, and I pass the sessions into the form fields which
posts to the results part of the DRW. Now if I could do it so the form posts
on page load then the results should happen without the use of a submit
button
What do you think?
Paul M
 
S

Stefan B Rusynko

See http://home.att.net/~codelibrary/FrontPage/tweaks.htm#DRW Script Modifications




| Thanks Stefan
| The problem is this. I need to add the session var to the querystring so
| that the DRW can use the info to retrive the recordset. is there a way to
| add a string from sessions that the DRW can read without putting it in the
| URL?
| in the my projects page, is there a way of creating the session ID of the
| project when the link to the edit.asp is clicked. I have tried it and the
| session id is created from the bottom recordset.
|
| This is how I am working it at the moment
| There is a page called my projects, you enter your password and then the
| page queries the database and retreives short descriptions of projects, a
| session of your password is then created.
| On each recordset/project there is a link to an edit.asp which adds the
| project ID to the querystring
| In the edit.asp code the password session is added to the querystring as
| below.
|
| <%
| if request.querystring("user") = "" then
| response.redirect request.servervariables("SCRIPT_NAME") & "?ID=" &
| request.querystring("ID") & "&user=" & session("password")
| end if
| %>
|
| These vars are then used in a select sql to bring up the project details in
| full
| Now to recieve another project you have to know the password for that
| project or have created the password session in the my projects page.
| Thanks
| Paul M
| | > That is why you should not be using a parameter to pass any of the info
| > from page to page
| > - anyone can edit it in teh browser address bar and your security risk is
| > increased
| >
| > In your case you have
| > http://www.website.com/edit.asp?ID=78
| >
| > In the sending page set ID as a session variable before you send
| > Session("ID") = 78
| > Session("adminID") = "whatever"
| >
| > and send the link as
| > http://www.website.com/edit.asp
| >
| > <%
| > If Session("ID") <>"" Then
| > id = Session("ID")
| > If Session("adminID") = "" then
| > user= Session("adminID")
| > Else
| > ' do something else
| > End If
| > ' process it
| > Else
| > ' do something else
| > End If
| > %>
| >
| > --
| >
| > _____________________________________________
| > SBR @ ENJOY (-: [ Microsoft MVP - FrontPage ]
| > "Warning - Using the F1 Key will not break anything!" (-;
| > To find the best Newsgroup for FrontPage support see:
| > http://www.net-sites.com/sitebuilder/newsgroups.asp
| > _____________________________________________
| >
| >
| > | > | Thanks Jon
| > | That works
| > | Only one problem with my plan, it now shows the username in the
| > querystring
| > | in the URL.
| > | The idea was to stop someone just changing the id in the querystring
| > and
| > | recieving someone elses details. The username in the querystring works
| > as
| > | you now need to know both the id and the username to b recieve a
| > | recordset,is there a way of changing the username into a password type
| > | field ie just dots instead of words or something
| > | Thanks Again for helping and for willing to help me offlist
| > | Paul M
| > | | > | > Paul,
| > | > The line starting response.redirect up to "&user=" &
| > session("adminID")
| > | > needs to be all on one line I've just tested the code myself and it
| > works
| > | > fine. If you're still stuck send me this page offlist (e-mail address removed)
| > and
| > | > I'll fix it up. If you can get it to me in the next half hour or so
| > I'll
| > | > do it tonight if not it'll be morning
| > | >
| > | > --
| > | > Cheers,
| > | > Jon
| > | > Microsoft MVP
| > | >
| > | >
| > | >
| > | > | > | >> Thanks
| > | >> Jon
| > | >> I now get this syntax error
| > | >> response.redirect request.servervariables("SCRIPT_NAME") & "?id=" &
| > |
| > >> ---------------------------------------------------------------------------^
| > | >>
| > | >> Paul M
| > | >>
| > | >> | > | >>> Ah, I didn't realise you already had a querystring var. In that case
| > | >>> <%
| > | >>> if request.querystring("user") = "" then
| > | >>> response.redirect request.servervariables("SCRIPT_NAME") & "?id=" &
| > | >>> request.querystring("id") & "&user=" & session("adminID")
| > | >>> end if
| > | >>> %>
| > | >>> Rest as you have it
| > | >>>
| > | >>> --
| > | >>> Cheers,
| > | >>> Jon
| > | >>> Microsoft MVP
| > | >>>
| > | >>> | > | >>>> This is the code and sql I have created just in case I have done
| > | >>>> something
| > | >>>> Placed at the top of the page
| > | >>>>
| > | >>>> <%
| > | >>>> if request.querystring("user") = "" then
| > | >>>> response.redirect request.servervariables("SCRIPT_NAME") & "?user="
| > &
| > | >>>> session("adminID")
| > | >>>> end if
| > | >>>> %>
| > | >>>>
| > | >>>> this in the sql
| > | >>>>
| > | >>>> fp_sQry="SELECT * FROM Results WHERE ID = ::ID:: AND User_name=
| > | >>>> '::user::'"
| > | >>>>
| > | >>>>
| > | >>>>
| > | >>>> | > | >>>>> Hi,
| > | >>>>> Just replace session("user") with the name of your session var
| > then
| > | >>>>> stick the code at the top of the page. Try it out and it should
| > become
| > | >>>>> clear
| > | >>>>>
| > | >>>>> --
| > | >>>>> Cheers,
| > | >>>>> Jon
| > | >>>>> Microsoft MVP
| > | >>>>>
| > | >>>>> | > | >>>>>> Thanks Jon
| > | >>>>>> Can you talk me through this code I am not sure what this line is
| > | >>>>>> doing
| > | >>>>>>
| > | >>>>>> response.redirect request.servervariables("SCRIPT_NAME") &
| > "?user=" &
| > | >>>>>>
| > | >>>>>> should I be replacing ("SCRIPT_NAME") with anything
| > | >>>>>> I presume that I change "user" to the name of my session object
| > | >>>>>> Thanks
| > | >>>>>> Paul M
| > | >>>>>>
| > | >>>>>> | > | >>>>>>> Hi Paul,
| > | >>>>>>> Not directly - the FP wizard takes values from forms or the
| > | >>>>>>> querystring - the easiest way would be to stick the session var
| > in a
| > | >>>>>>> querystring var like this
| > | >>>>>>> <%
| > | >>>>>>> if request.querystring("user") = "" then
| > | >>>>>>> response.redirect request.servervariables("SCRIPT_NAME") &
| > "?user="
| > | >>>>>>> & session("user")
| > | >>>>>>> end if
| > | >>>>>>> %>
| > | >>>>>>> now we can use a query like this
| > | >>>>>>> select * from table where ID = ::ID:: AND User_name= '::user::'
| > | >>>>>>>
| > | >>>>>>> --
| > | >>>>>>> Cheers,
| > | >>>>>>> Jon
| > | >>>>>>> Microsoft MVP
| > | >>>>>>>
| > | >>>>>>> | > | >>>>>>>> Hi
| > | >>>>>>>> is it possible to have a session as a variable in a sql
| > statement
| > | >>>>>>>> like
| > | >>>>>>>> (ID = ::ID:: AND User_name= '::a session object::')
| > | >>>>>>>>
| > | >>>>>>>> Paul M
| > | >>>>>>>>
| > | >>>>>>>
| > | >>>>>>>
| > | >>>>>>
| > | >>>>>>
| > | >>>>>
| > | >>>>>
| > | >>>>
| > | >>>>
| > | >>>
| > | >>>
| > | >>
| > | >>
| > | >
| > | >
| > |
| > |
| >
| >
|
|
 
P

Paul M

Thanks Stefan
How can I store the querystring in a session ie
session "IDS" = querystring "ID"

That way I could do away with the search form altogether by creating a
session from the querystring and using its value in the sql statement
Thanks
Paul M


Stefan B Rusynko said:
See
http://home.att.net/~codelibrary/FrontPage/tweaks.htm#DRW Script Modifications




| Thanks Stefan
| The problem is this. I need to add the session var to the querystring so
| that the DRW can use the info to retrive the recordset. is there a way
to
| add a string from sessions that the DRW can read without putting it in
the
| URL?
| in the my projects page, is there a way of creating the session ID of
the
| project when the link to the edit.asp is clicked. I have tried it and
the
| session id is created from the bottom recordset.
|
| This is how I am working it at the moment
| There is a page called my projects, you enter your password and then the
| page queries the database and retreives short descriptions of projects,
a
| session of your password is then created.
| On each recordset/project there is a link to an edit.asp which adds the
| project ID to the querystring
| In the edit.asp code the password session is added to the querystring as
| below.
|
| <%
| if request.querystring("user") = "" then
| response.redirect request.servervariables("SCRIPT_NAME") & "?ID=" &
| request.querystring("ID") & "&user=" & session("password")
| end if
| %>
|
| These vars are then used in a select sql to bring up the project details
in
| full
| Now to recieve another project you have to know the password for that
| project or have created the password session in the my projects page.
| Thanks
| Paul M
| | > That is why you should not be using a parameter to pass any of the
info
| > from page to page
| > - anyone can edit it in teh browser address bar and your security risk
is
| > increased
| >
| > In your case you have
| > http://www.website.com/edit.asp?ID=78
| >
| > In the sending page set ID as a session variable before you send
| > Session("ID") = 78
| > Session("adminID") = "whatever"
| >
| > and send the link as
| > http://www.website.com/edit.asp
| >
| > <%
| > If Session("ID") <>"" Then
| > id = Session("ID")
| > If Session("adminID") = "" then
| > user= Session("adminID")
| > Else
| > ' do something else
| > End If
| > ' process it
| > Else
| > ' do something else
| > End If
| > %>
| >
| > --
| >
| > _____________________________________________
| > SBR @ ENJOY (-: [ Microsoft MVP - FrontPage ]
| > "Warning - Using the F1 Key will not break anything!" (-;
| > To find the best Newsgroup for FrontPage support see:
| > http://www.net-sites.com/sitebuilder/newsgroups.asp
| > _____________________________________________
| >
| >
| > | > | Thanks Jon
| > | That works
| > | Only one problem with my plan, it now shows the username in the
| > querystring
| > | in the URL.
| > | The idea was to stop someone just changing the id in the
querystring
| > and
| > | recieving someone elses details. The username in the querystring
works
| > as
| > | you now need to know both the id and the username to b recieve a
| > | recordset,is there a way of changing the username into a password
type
| > | field ie just dots instead of words or something
| > | Thanks Again for helping and for willing to help me offlist
| > | Paul M
| > | | > | > Paul,
| > | > The line starting response.redirect up to "&user=" &
| > session("adminID")
| > | > needs to be all on one line I've just tested the code myself and
it
| > works
| > | > fine. If you're still stuck send me this page offlist
(e-mail address removed)
| > and
| > | > I'll fix it up. If you can get it to me in the next half hour or
so
| > I'll
| > | > do it tonight if not it'll be morning
| > | >
| > | > --
| > | > Cheers,
| > | > Jon
| > | > Microsoft MVP
| > | >
| > | >
| > | >
| > | > | > | >> Thanks
| > | >> Jon
| > | >> I now get this syntax error
| > | >> response.redirect request.servervariables("SCRIPT_NAME") & "?id="
&
| > |
| >| > | >>
| > | >> Paul M
| > | >>
| > | >> | > | >>> Ah, I didn't realise you already had a querystring var. In that
case
| > | >>> <%
| > | >>> if request.querystring("user") = "" then
| > | >>> response.redirect request.servervariables("SCRIPT_NAME") &
"?id=" &
| > | >>> request.querystring("id") & "&user=" & session("adminID")
| > | >>> end if
| > | >>> %>
| > | >>> Rest as you have it
| > | >>>
| > | >>> --
| > | >>> Cheers,
| > | >>> Jon
| > | >>> Microsoft MVP
| > | >>>
| > | >>> | > | >>>> This is the code and sql I have created just in case I have
done
| > | >>>> something
| > | >>>> Placed at the top of the page
| > | >>>>
| > | >>>> <%
| > | >>>> if request.querystring("user") = "" then
| > | >>>> response.redirect request.servervariables("SCRIPT_NAME") &
"?user="
| > &
| > | >>>> session("adminID")
| > | >>>> end if
| > | >>>> %>
| > | >>>>
| > | >>>> this in the sql
| > | >>>>
| > | >>>> fp_sQry="SELECT * FROM Results WHERE ID = ::ID:: AND User_name=
| > | >>>> '::user::'"
| > | >>>>
| > | >>>>
| > | >>>>
| > | >>>> | > | >>>>> Hi,
| > | >>>>> Just replace session("user") with the name of your session var
| > then
| > | >>>>> stick the code at the top of the page. Try it out and it
should
| > become
| > | >>>>> clear
| > | >>>>>
| > | >>>>> --
| > | >>>>> Cheers,
| > | >>>>> Jon
| > | >>>>> Microsoft MVP
| > | >>>>>
| > | >>>>> | > | >>>>>> Thanks Jon
| > | >>>>>> Can you talk me through this code I am not sure what this
line is
| > | >>>>>> doing
| > | >>>>>>
| > | >>>>>> response.redirect request.servervariables("SCRIPT_NAME") &
| > "?user=" &
| > | >>>>>>
| > | >>>>>> should I be replacing ("SCRIPT_NAME") with anything
| > | >>>>>> I presume that I change "user" to the name of my session
object
| > | >>>>>> Thanks
| > | >>>>>> Paul M
| > | >>>>>>
| > | >>>>>> | > | >>>>>>> Hi Paul,
| > | >>>>>>> Not directly - the FP wizard takes values from forms or the
| > | >>>>>>> querystring - the easiest way would be to stick the session
var
| > in a
| > | >>>>>>> querystring var like this
| > | >>>>>>> <%
| > | >>>>>>> if request.querystring("user") = "" then
| > | >>>>>>> response.redirect request.servervariables("SCRIPT_NAME") &
| > "?user="
| > | >>>>>>> & session("user")
| > | >>>>>>> end if
| > | >>>>>>> %>
| > | >>>>>>> now we can use a query like this
| > | >>>>>>> select * from table where ID = ::ID:: AND User_name=
'::user::'
| > | >>>>>>>
| > | >>>>>>> --
| > | >>>>>>> Cheers,
| > | >>>>>>> Jon
| > | >>>>>>> Microsoft MVP
| > | >>>>>>>
| > | >>>>>>> | > | >>>>>>>> Hi
| > | >>>>>>>> is it possible to have a session as a variable in a sql
| > statement
| > | >>>>>>>> like
| > | >>>>>>>> (ID = ::ID:: AND User_name= '::a session object::')
| > | >>>>>>>>
| > | >>>>>>>> Paul M
| > | >>>>>>>>
| > | >>>>>>>
| > | >>>>>>>
| > | >>>>>>
| > | >>>>>>
| > | >>>>>
| > | >>>>>
| > | >>>>
| > | >>>>
| > | >>>
| > | >>>
| > | >>
| > | >>
| > | >
| > | >
| > |
| > |
| >
| >
|
|
Click to expand...
 
T

Thomas A. Rowe

Session("ID") = Request.QueryString("ID")

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================

Paul M said:
Thanks Stefan
How can I store the querystring in a session ie
session "IDS" = querystring "ID"

That way I could do away with the search form altogether by creating a session from the
querystring and using its value in the sql statement
Thanks
Paul M


Stefan B Rusynko said:
See http://home.att.net/~codelibrary/FrontPage/tweaks.htm#DRW Script Modifications




| Thanks Stefan
| The problem is this. I need to add the session var to the querystring so
| that the DRW can use the info to retrive the recordset. is there a way to
| add a string from sessions that the DRW can read without putting it in the
| URL?
| in the my projects page, is there a way of creating the session ID of the
| project when the link to the edit.asp is clicked. I have tried it and the
| session id is created from the bottom recordset.
|
| This is how I am working it at the moment
| There is a page called my projects, you enter your password and then the
| page queries the database and retreives short descriptions of projects, a
| session of your password is then created.
| On each recordset/project there is a link to an edit.asp which adds the
| project ID to the querystring
| In the edit.asp code the password session is added to the querystring as
| below.
|
| <%
| if request.querystring("user") = "" then
| response.redirect request.servervariables("SCRIPT_NAME") & "?ID=" &
| request.querystring("ID") & "&user=" & session("password")
| end if
| %>
|
| These vars are then used in a select sql to bring up the project details in
| full
| Now to recieve another project you have to know the password for that
| project or have created the password session in the my projects page.
| Thanks
| Paul M
| | > That is why you should not be using a parameter to pass any of the info
| > from page to page
| > - anyone can edit it in teh browser address bar and your security risk is
| > increased
| >
| > In your case you have
| > http://www.website.com/edit.asp?ID=78
| >
| > In the sending page set ID as a session variable before you send
| > Session("ID") = 78
| > Session("adminID") = "whatever"
| >
| > and send the link as
| > http://www.website.com/edit.asp
| >
| > <%
| > If Session("ID") <>"" Then
| > id = Session("ID")
| > If Session("adminID") = "" then
| > user= Session("adminID")
| > Else
| > ' do something else
| > End If
| > ' process it
| > Else
| > ' do something else
| > End If
| > %>
| >
| > --
| >
| > _____________________________________________
| > SBR @ ENJOY (-: [ Microsoft MVP - FrontPage ]
| > "Warning - Using the F1 Key will not break anything!" (-;
| > To find the best Newsgroup for FrontPage support see:
| > http://www.net-sites.com/sitebuilder/newsgroups.asp
| > _____________________________________________
| >
| >
| > | > | Thanks Jon
| > | That works
| > | Only one problem with my plan, it now shows the username in the
| > querystring
| > | in the URL.
| > | The idea was to stop someone just changing the id in the querystring
| > and
| > | recieving someone elses details. The username in the querystring works
| > as
| > | you now need to know both the id and the username to b recieve a
| > | recordset,is there a way of changing the username into a password type
| > | field ie just dots instead of words or something
| > | Thanks Again for helping and for willing to help me offlist
| > | Paul M
| > | | > | > Paul,
| > | > The line starting response.redirect up to "&user=" &
| > session("adminID")
| > | > needs to be all on one line I've just tested the code myself and it
| > works
| > | > fine. If you're still stuck send me this page offlist (e-mail address removed)
| > and
| > | > I'll fix it up. If you can get it to me in the next half hour or so
| > I'll
| > | > do it tonight if not it'll be morning
| > | >
| > | > --
| > | > Cheers,
| > | > Jon
| > | > Microsoft MVP
| > | >
| > | >
| > | >
| > | > | > | >> Thanks
| > | >> Jon
| > | >> I now get this syntax error
| > | >> response.redirect request.servervariables("SCRIPT_NAME") & "?id=" &
| > |
| > >> ---------------------------------------------------------------------------^
| > | >>
| > | >> Paul M
| > | >>
| > | >> | > | >>> Ah, I didn't realise you already had a querystring var. In that case
| > | >>> <%
| > | >>> if request.querystring("user") = "" then
| > | >>> response.redirect request.servervariables("SCRIPT_NAME") & "?id=" &
| > | >>> request.querystring("id") & "&user=" & session("adminID")
| > | >>> end if
| > | >>> %>
| > | >>> Rest as you have it
| > | >>>
| > | >>> --
| > | >>> Cheers,
| > | >>> Jon
| > | >>> Microsoft MVP
| > | >>>
| > | >>> | > | >>>> This is the code and sql I have created just in case I have done
| > | >>>> something
| > | >>>> Placed at the top of the page
| > | >>>>
| > | >>>> <%
| > | >>>> if request.querystring("user") = "" then
| > | >>>> response.redirect request.servervariables("SCRIPT_NAME") & "?user="
| > &
| > | >>>> session("adminID")
| > | >>>> end if
| > | >>>> %>
| > | >>>>
| > | >>>> this in the sql
| > | >>>>
| > | >>>> fp_sQry="SELECT * FROM Results WHERE ID = ::ID:: AND User_name=
| > | >>>> '::user::'"
| > | >>>>
| > | >>>>
| > | >>>>
| > | >>>> | > | >>>>> Hi,
| > | >>>>> Just replace session("user") with the name of your session var
| > then
| > | >>>>> stick the code at the top of the page. Try it out and it should
| > become
| > | >>>>> clear
| > | >>>>>
| > | >>>>> --
| > | >>>>> Cheers,
| > | >>>>> Jon
| > | >>>>> Microsoft MVP
| > | >>>>>
| > | >>>>> | > | >>>>>> Thanks Jon
| > | >>>>>> Can you talk me through this code I am not sure what this line is
| > | >>>>>> doing
| > | >>>>>>
| > | >>>>>> response.redirect request.servervariables("SCRIPT_NAME") &
| > "?user=" &
| > | >>>>>>
| > | >>>>>> should I be replacing ("SCRIPT_NAME") with anything
| > | >>>>>> I presume that I change "user" to the name of my session object
| > | >>>>>> Thanks
| > | >>>>>> Paul M
| > | >>>>>>
| > | >>>>>> | > | >>>>>>> Hi Paul,
| > | >>>>>>> Not directly - the FP wizard takes values from forms or the
| > | >>>>>>> querystring - the easiest way would be to stick the session var
| > in a
| > | >>>>>>> querystring var like this
| > | >>>>>>> <%
| > | >>>>>>> if request.querystring("user") = "" then
| > | >>>>>>> response.redirect request.servervariables("SCRIPT_NAME") &
| > "?user="
| > | >>>>>>> & session("user")
| > | >>>>>>> end if
| > | >>>>>>> %>
| > | >>>>>>> now we can use a query like this
| > | >>>>>>> select * from table where ID = ::ID:: AND User_name= '::user::'
| > | >>>>>>>
| > | >>>>>>> --
| > | >>>>>>> Cheers,
| > | >>>>>>> Jon
| > | >>>>>>> Microsoft MVP
| > | >>>>>>>
| > | >>>>>>> | > | >>>>>>>> Hi
| > | >>>>>>>> is it possible to have a session as a variable in a sql
| > statement
| > | >>>>>>>> like
| > | >>>>>>>> (ID = ::ID:: AND User_name= '::a session object::')
| > | >>>>>>>>
| > | >>>>>>>> Paul M
| > | >>>>>>>>
| > | >>>>>>>
| > | >>>>>>>
| > | >>>>>>
| > | >>>>>>
| > | >>>>>
| > | >>>>>
| > | >>>>
| > | >>>>
| > | >>>
| > | >>>
| > | >>
| > | >>
| > | >
| > | >
| > |
| > |
| >
| >
|
|
Click to expand...
Click to expand...
 
P

Paul M

Thanks Thomas
Paul M
Thomas A. Rowe said:
Session("ID") = Request.QueryString("ID")

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================

Paul M said:
Thanks Stefan
How can I store the querystring in a session ie
session "IDS" = querystring "ID"

That way I could do away with the search form altogether by creating a
session from the querystring and using its value in the sql statement
Thanks
Paul M


Stefan B Rusynko said:
See
http://home.att.net/~codelibrary/FrontPage/tweaks.htm#DRW Script Modifications




| Thanks Stefan
| The problem is this. I need to add the session var to the querystring
so
| that the DRW can use the info to retrive the recordset. is there a way
to
| add a string from sessions that the DRW can read without putting it
in the
| URL?
| in the my projects page, is there a way of creating the session ID of
the
| project when the link to the edit.asp is clicked. I have tried it and
the
| session id is created from the bottom recordset.
|
| This is how I am working it at the moment
| There is a page called my projects, you enter your password and then
the
| page queries the database and retreives short descriptions of
projects, a
| session of your password is then created.
| On each recordset/project there is a link to an edit.asp which adds
the
| project ID to the querystring
| In the edit.asp code the password session is added to the querystring
as
| below.
|
| <%
| if request.querystring("user") = "" then
| response.redirect request.servervariables("SCRIPT_NAME") & "?ID=" &
| request.querystring("ID") & "&user=" & session("password")
| end if
| %>
|
| These vars are then used in a select sql to bring up the project
details in
| full
| Now to recieve another project you have to know the password for that
| project or have created the password session in the my projects page.
| Thanks
| Paul M
| | > That is why you should not be using a parameter to pass any of the
info
| > from page to page
| > - anyone can edit it in teh browser address bar and your security
risk is
| > increased
| >
| > In your case you have
| > http://www.website.com/edit.asp?ID=78
| >
| > In the sending page set ID as a session variable before you send
| > Session("ID") = 78
| > Session("adminID") = "whatever"
| >
| > and send the link as
| > http://www.website.com/edit.asp
| >
| > <%
| > If Session("ID") <>"" Then
| > id = Session("ID")
| > If Session("adminID") = "" then
| > user= Session("adminID")
| > Else
| > ' do something else
| > End If
| > ' process it
| > Else
| > ' do something else
| > End If
| > %>
| >
| > --
| >
| > _____________________________________________
| > SBR @ ENJOY (-: [ Microsoft MVP - FrontPage ]
| > "Warning - Using the F1 Key will not break anything!" (-;
| > To find the best Newsgroup for FrontPage support see:
| > http://www.net-sites.com/sitebuilder/newsgroups.asp
| > _____________________________________________
| >
| >
| > | > | Thanks Jon
| > | That works
| > | Only one problem with my plan, it now shows the username in the
| > querystring
| > | in the URL.
| > | The idea was to stop someone just changing the id in the
querystring
| > and
| > | recieving someone elses details. The username in the querystring
works
| > as
| > | you now need to know both the id and the username to b recieve a
| > | recordset,is there a way of changing the username into a password
type
| > | field ie just dots instead of words or something
| > | Thanks Again for helping and for willing to help me offlist
| > | Paul M
| > | | > | > Paul,
| > | > The line starting response.redirect up to "&user=" &
| > session("adminID")
| > | > needs to be all on one line I've just tested the code myself and
it
| > works
| > | > fine. If you're still stuck send me this page offlist
(e-mail address removed)
| > and
| > | > I'll fix it up. If you can get it to me in the next half hour or
so
| > I'll
| > | > do it tonight if not it'll be morning
| > | >
| > | > --
| > | > Cheers,
| > | > Jon
| > | > Microsoft MVP
| > | >
| > | >
| > | >
| > | > | > | >> Thanks
| > | >> Jon
| > | >> I now get this syntax error
| > | >> response.redirect request.servervariables("SCRIPT_NAME") &
"?id=" &
| > |
| >
---------------------------------------------------------------------------^
| > | >>
| > | >> Paul M
| > | >>
| > | >> | > | >>> Ah, I didn't realise you already had a querystring var. In
that case
| > | >>> <%
| > | >>> if request.querystring("user") = "" then
| > | >>> response.redirect request.servervariables("SCRIPT_NAME") &
"?id=" &
| > | >>> request.querystring("id") & "&user=" & session("adminID")
| > | >>> end if
| > | >>> %>
| > | >>> Rest as you have it
| > | >>>
| > | >>> --
| > | >>> Cheers,
| > | >>> Jon
| > | >>> Microsoft MVP
| > | >>>
| > | >>> | > | >>>> This is the code and sql I have created just in case I have
done
| > | >>>> something
| > | >>>> Placed at the top of the page
| > | >>>>
| > | >>>> <%
| > | >>>> if request.querystring("user") = "" then
| > | >>>> response.redirect request.servervariables("SCRIPT_NAME") &
"?user="
| > &
| > | >>>> session("adminID")
| > | >>>> end if
| > | >>>> %>
| > | >>>>
| > | >>>> this in the sql
| > | >>>>
| > | >>>> fp_sQry="SELECT * FROM Results WHERE ID = ::ID:: AND
User_name=
| > | >>>> '::user::'"
| > | >>>>
| > | >>>>
| > | >>>>
| > | >>>> | > | >>>>> Hi,
| > | >>>>> Just replace session("user") with the name of your session
var
| > then
| > | >>>>> stick the code at the top of the page. Try it out and it
should
| > become
| > | >>>>> clear
| > | >>>>>
| > | >>>>> --
| > | >>>>> Cheers,
| > | >>>>> Jon
| > | >>>>> Microsoft MVP
| > | >>>>>
| > | >>>>> | > | >>>>>> Thanks Jon
| > | >>>>>> Can you talk me through this code I am not sure what this
line is
| > | >>>>>> doing
| > | >>>>>>
| > | >>>>>> response.redirect request.servervariables("SCRIPT_NAME") &
| > "?user=" &
| > | >>>>>>
| > | >>>>>> should I be replacing ("SCRIPT_NAME") with anything
| > | >>>>>> I presume that I change "user" to the name of my session
object
| > | >>>>>> Thanks
| > | >>>>>> Paul M
| > | >>>>>>
| > | >>>>>> | > | >>>>>>> Hi Paul,
| > | >>>>>>> Not directly - the FP wizard takes values from forms or
the
| > | >>>>>>> querystring - the easiest way would be to stick the
session var
| > in a
| > | >>>>>>> querystring var like this
| > | >>>>>>> <%
| > | >>>>>>> if request.querystring("user") = "" then
| > | >>>>>>> response.redirect request.servervariables("SCRIPT_NAME") &
| > "?user="
| > | >>>>>>> & session("user")
| > | >>>>>>> end if
| > | >>>>>>> %>
| > | >>>>>>> now we can use a query like this
| > | >>>>>>> select * from table where ID = ::ID:: AND User_name=
'::user::'
| > | >>>>>>>
| > | >>>>>>> --
| > | >>>>>>> Cheers,
| > | >>>>>>> Jon
| > | >>>>>>> Microsoft MVP
| > | >>>>>>>
| > | >>>>>>> | > | >>>>>>>> Hi
| > | >>>>>>>> is it possible to have a session as a variable in a sql
| > statement
| > | >>>>>>>> like
| > | >>>>>>>> (ID = ::ID:: AND User_name= '::a session object::')
| > | >>>>>>>>
| > | >>>>>>>> Paul M
| > | >>>>>>>>
| > | >>>>>>>
| > | >>>>>>>
| > | >>>>>>
| > | >>>>>>
| > | >>>>>
| > | >>>>>
| > | >>>>
| > | >>>>
| > | >>>
| > | >>>
| > | >>
| > | >>
| > | >
| > | >
| > |
| > |
| >
| >
|
|
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Working outlook via vba code with xlsx - error 0
recordset name 3
Setting unique Session Variable 2
Session help 8
Sharepoint not capturing staff name when automation runs 0
New macros disappear every new session! 1
Save as word to xml is splitting place holders ex: $abc.xyz$ 0
Sequential numbering formula 2

Top