Web Wiz - Green Windows Web Hosting

Login

Web Wiz Homepage

Forum Home

Forum Home > General Discussion > Classic ASP Discussion

New Posts

RSS Feed - Search help

FAQ

FAQ

Register

Login

Search help

Post Reply

Page 12 >

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
Mart Members Profile Find Members Posts Senior Member Joined: 30 November 2002 Status: Offline Points: 2304	Post Options Post Reply Quote Mart Report Post Thanks(0) Quote Reply Topic: Search help Posted: 29 April 2003 at 9:51am
	Hi im making a search engine for MP3s and this is my SQL code: strSQL = "SELECT tblMP3.Artist, tblMP3.Track, tblMP3.Genre, tblMP3.Comments, tblMP3.URL, tblMP3.autonum FROM tblMP3 WHERE genre LIKE '%" & request.querystring("cat") & "%' ORDER BY tblMP3.Artist;" But I need it so if they just type the track it will also come up how do I do that? Thanks, Martin.

MorningZ Members Profile Find Members Posts Senior Member Joined: 06 May 2002 Location: United States Status: Offline Points: 1793	Post Options Post Reply Quote MorningZ Report Post Thanks(0) Quote Reply Posted: 29 April 2003 at 10:23am
	Well, do you have two different search boxes (for each type)? Or do you have some sort of selection of "what kind of search" (and do you allow "one", "the other", "both", or "one or the other"? Or do you want to search both columns with one entered criteria (opens up doors to be very very taxing on the server and slow)? Speaking of opening up doors, whenever you take user entered data and build a SQL statement, do some sort of check that they don't enter a single tic mark, because that above SQL string build is wide open to someone getting major access on your Database (search google for "SQL Injection" if you want more info on that)
	Contribute to the working anarchy we fondly call the Internet

Mart Members Profile Find Members Posts Senior Member Joined: 30 November 2002 Status: Offline Points: 2304	Post Options Post Reply Quote Mart Report Post Thanks(0) Quote Reply Posted: 29 April 2003 at 11:11am
	Ok I have one search box which they can enter either a artist or a track or both also it has got to allow artist - track. Thanks, Martin.

michael Members Profile Find Members Posts Senior Member Joined: 08 April 2002 Location: United States Status: Offline Points: 4670	Post Options Post Reply Quote michael Report Post Thanks(0) Quote Reply Posted: 29 April 2003 at 11:31am
	strSQL = "SELECT tblMP3.Artist, tblMP3.Track, tblMP3.Genre, tblMP3.Comments, tblMP3.URL, tblMP3.autonum FROM tblMP3 WHERE genre LIKE '%" & strSearchbox & "%' OR Track LIKE '%" & strSearchbox & "%' ORDER BY tblMP3.Artist;" I took the Request.Querystring out as I agree with Z that you should filter that entry first, thus this way it searches in both fields...
	Blog \| MPG Tracker

Mart Members Profile Find Members Posts Senior Member Joined: 30 November 2002 Status: Offline Points: 2304	Post Options Post Reply Quote Mart Report Post Thanks(0) Quote Reply Posted: 29 April 2003 at 11:57am
	Ok I've done that now I have another problem, in the database a lot of URLs have my old IP 80.4.220.189 and I have changed services since(I have a new IP). Is there any way of changing all 80.4.220.189 IP addresses to *..*.* in the tblMP3.URL?

Mart Members Profile Find Members Posts Senior Member Joined: 30 November 2002 Status: Offline Points: 2304	Post Options Post Reply Quote Mart Report Post Thanks(0) Quote Reply Posted: 29 April 2003 at 12:28pm
	Thanks for the SQL injection tip, is it just single quotes ' I have to replace with double quotes ''? Thanks, Martin.

MorningZ Members Profile Find Members Posts Senior Member Joined: 06 May 2002 Location: United States Status: Offline Points: 1793	Post Options Post Reply Quote MorningZ Report Post Thanks(0) Quote Reply Posted: 29 April 2003 at 12:39pm
	For strings, replace single quotes with two single quotes ex/ "thisCol LIKE '%" & Replace(strSearch,"'","''") & "%'" For numbers, like say you are passing an ID across the querystring, I have always used the following method: Function Clng0( i_str ) 'Common function in your code Clng0 = 0 On Error Resume Next Clng0 = Clng( i_str ) On Error Goto 0 End Function To use it, and you will get rid of any "funny business": SearchThisID = Clng0( Request.QueryString("PassedID") )
	Contribute to the working anarchy we fondly call the Internet

Mart Members Profile Find Members Posts Senior Member Joined: 30 November 2002 Status: Offline Points: 2304	Post Options Post Reply Quote Mart Report Post Thanks(0) Quote Reply Posted: 29 April 2003 at 12:58pm
	Thanks MorningZ, the replace works but you numeric one always gives a null value, Am i doing it right? Function Clng0( i_str ) 'Common function in your code Clng0 = 0 On Error Resume Next Clng0 = Clng( i_str ) On Error Goto 0 End Function SQL = "FROM somewhere WHERE data LIKE '%" & clng0(request.querystring("ID")) & "%';"

Post Reply	Page 12 >

Forum Jump

Forum Permissions View Drop Down

View Drop Down

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.