Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - Create Variable to add into SQL Statement?
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Create Variable to add into SQL Statement?
 Post Reply Post Reply Page  12>
Author
  Topic Search Topic Search  Topic Options Topic Options
kennywhite View Drop Down
Groupie
Groupie


Joined: 26 February 2009
Location: Indy
Status: Offline
Points: 106 		Post Options Post Options   Thanks (0) Thanks(0)   Quote kennywhite Quote  Post ReplyReply Direct Link To This Post Topic: Create Variable to add into SQL Statement?
    Posted: 11 January 2010 at 9:02pm
Our IT department has a blog where we record all of our daily tasks. One of the fields that we enter information into is for the serial number of the device that we serviced.

I want to add a function to click on the serial number and be taken to a page that will show you every entry containing this serial number. 

What is the easiest way to do this?

I'm thinking the SQL statement of the page displaying the entries would contain 

WHERE serial_number = " & VARIABLE & "

But how would I create that variable on the main page, where we would click on the serial number?

Is there a simpler way to do this?

Thanks for reading!
Back to Top
godeep View Drop Down
Newbie
Newbie


Joined: 29 January 2010
Status: Offline
Points: 12 		Post Options Post Options   Thanks (0) Thanks(0)   Quote godeep Quote  Post ReplyReply Direct Link To This Post Posted: 31 January 2010 at 4:53am
Really quick run down. hope it helps. Hopefully someone can help me with my problem.
 
<%
Dim MyVariable
 
MyVariable = 123456789123456789    <---- This is your serial number if all numbers.
MyVariable = "1AddSE2sDDFVDSDFEK"    <---- This is your serial number if numbers and letters.
%>
 
<a href="resultspage.asp?serialNum=<%=MyVariable%>">go page to display results</a>
 
----
 
results.asp
 
if its only numbers
SELECT * FROM records WHERE serial_number = '"&request.querystring("serialNum")&"'
 
if it includes letters
SELECT * FROM records WHERE serial_number LIKE '"&request.querystring("serialNum")&"'
Back to Top
kennywhite View Drop Down
Groupie
Groupie


Joined: 26 February 2009
Location: Indy
Status: Offline
Points: 106 		Post Options Post Options   Thanks (0) Thanks(0)   Quote kennywhite Quote  Post ReplyReply Direct Link To This Post Posted: 04 February 2010 at 7:03pm
This works great. Thanks for the help.

These serial numbers are stored in an Access database. The serial numbers are stored in a certain column and the details of the task are stored in another. Is there a way to check both the serial_number column and the details column for a match with the serial number that you clicked?

For instance, say that someone had entered one serial number into the serial number field, but performed the same task on 2 different computers and noted the second serial number in the details field.

Can I look for a match in both of those fields?

I have the link on the main page like so,

<a href="results.asp?serialNum=<%=rs("serial_number")%>"><%=rs("serial_number")%></a>

On the results page I have this:

SELECT * FROM blog WHERE serial_number LIKE '"&request.querystring("serialNum")&"'

Is there a way to display the results from both columns?

Thanks again!
Back to Top
Scotty32 View Drop Down
Moderator Group
Moderator Group


Joined: 30 November 2002
Location: Manchester, UK
Status: Offline
Points: 1682 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Scotty32 Quote  Post ReplyReply Direct Link To This Post Posted: 06 February 2010 at 10:41am

If you want to access a specific row, then you should really be using ID numbers.

If you havent already, create a field in the table called "Row_ID" and make it an autonumber (i havent used access in years so dont remember exactly what its called)

You can then pass the Row_ID number around to specify specific records.

Also I would recommend against the "like" statement, as this is ment to allow you do close matchs eg

if you have "where field like 'A%'" then it will find all rows that the field starts with the letter A
the % is a wild card, so you could do " '%A%' " to find all containing A or " '%A' " all ending in A

what you should be doing is:

SELECT * FROM blog WHERE serial_number = '"&request.querystring("serialNum")&"'


And I would recommend taking the direct request out like so:


Dim strSerialNumber
strSerialNumber = request.querystring("serialNum")
SELECT * FROM blog WHERE serial_number = '"& strSerialNumber &"'



If you use the Row_ID then I would do the following, which will help protect against SQL Injection Attacks:


Dim intSerialID

intSerialID = Request.Querystring("SID")
if isNumber(intSerialID) then inSerialID = clng(intSerialID) else intSerialID = 0

SELECT * FROM blog WHERE Row_ID = "& intSerialID &"


This will make sure that intSerialID will always be a number
S2H.co.uk - WebWiz Mods and Skins

For support on my mods + skins, please use my forum.
Back to Top
kennywhite View Drop Down
Groupie
Groupie


Joined: 26 February 2009
Location: Indy
Status: Offline
Points: 106 		Post Options Post Options   Thanks (0) Thanks(0)   Quote kennywhite Quote  Post ReplyReply Direct Link To This Post Posted: 08 February 2010 at 4:59pm
Quote
If you use the Row_ID then I would do the following, which will help protect against SQL Injection Attacks:


Dim intSerialID

intSerialID = Request.Querystring("SID")
if isNumber(intSerialID) then inSerialID = clng(intSerialID) else intSerialID = 0

SELECT * FROM blog WHERE Row_ID = "& intSerialID &"

I'm not quite sure that I understand this. Will this search for the serial number in the entire row?
Back to Top
Scotty32 View Drop Down
Moderator Group
Moderator Group


Joined: 30 November 2002
Location: Manchester, UK
Status: Offline
Points: 1682 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Scotty32 Quote  Post ReplyReply Direct Link To This Post Posted: 10 February 2010 at 7:20pm
I am afraid I do not know how your database is structured so I do not know the answer.

If your database is structured like this (which I recommended above)

Row_ID | Customer   | Serial Number
----------|---------------|------------------------
  1         | John          | WER-TYU-IOP
  2         | Mr Smith   | ASD-FGH-JKL


Then you will be able to get the Serial Number by using the Row_ID, rather than the Serial Number directly.
As I said, this would make your SQL statements far more secure from hacking attempts.
S2H.co.uk - WebWiz Mods and Skins

For support on my mods + skins, please use my forum.
Back to Top
kennywhite View Drop Down
Groupie
Groupie


Joined: 26 February 2009
Location: Indy
Status: Offline
Points: 106 		Post Options Post Options   Thanks (0) Thanks(0)   Quote kennywhite Quote  Post ReplyReply Direct Link To This Post Posted: 10 February 2010 at 9:42pm
hmmm... I tried to do as your example showed, but I didn't get the expected results.

That is how my database is laid out. Instead of "Row_ID" the column is just called "id".

Here is how my code looks now.

The main page is still the same

<a href="results.asp?serialNum=<%=rs("serial_number")%>"><%=rs("serial_number")%></a>

It pulls the serial number from the database.

The results page has been changed to:

Dim intSerialID

intSerialID = Request.Querystring("SID")
if isNumber(intSerialID) then inSerialID = clng(intSerialID) else intSerialID = 0

SELECT * FROM blog WHERE id = "& intSerialID &"


All of the serial numbers are mixed characters. Does that make a difference?

I am only getting results that have a match in the serial_number field in the database. 

I entered a test serial number into both the serial_number field and the details field, but the one with the serial number in the details field does not show up in the results.
Back to Top
Scotty32 View Drop Down
Moderator Group
Moderator Group


Joined: 30 November 2002
Location: Manchester, UK
Status: Offline
Points: 1682 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Scotty32 Quote  Post ReplyReply Direct Link To This Post Posted: 11 February 2010 at 8:08pm
If your table has "id" then use that where I have used "Row_ID"

How is your database structured, is the "main page" you mention running off the same Serial Number table as the results page?

If so you will need to change the link to:

<a href="results.asp?SID=<%=rs("id")%>"><%=rs("serial_number")%></a>


If not, you will either need to restructure your database (store the "id" from the serial number table in which ever table is displayed on the "main page"

If that is not an option then you will need to go with the original answer, Let me know and i will post the best way to do this.


Ideally you would want to pass around unique ID numbers for each row rather than the serial number its self (or customers name if thats what your doing)

But as I said, if you could tell me your database structure. If this is sensitive information, feel free to send me an email (which is in my profile)
S2H.co.uk - WebWiz Mods and Skins

For support on my mods + skins, please use my forum.
Back to Top
 Post Reply Post Reply Page  12>

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.