Print Page | Close Window

passing a sort order from page to page

Printed From: Web Wiz Forums
Category: General Discussion
Forum Name: Classic ASP Discussion
Forum Description: Discussion on Active Server Pages (Classic ASP).
URL: https://forums.webwiz.net/forum_posts.asp?TID=26147
Printed Date: 29 March 2026 at 9:49am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com


Topic: passing a sort order from page to page
Posted By: shanerobinson
Subject: passing a sort order from page to page
Date Posted: 21 August 2008 at 10:39am
Hi Everyone,

I have set up a page to display records from my database and i have restricted it to show only ten records at a time. I have an option for the user to select a sort order for the records which works just fine, However when i move to the next ten records the sort order is lost.

Does anybod have any ides how i can prevent this from happening? please see my code below...

"SELECT * FROM dbo.products WHERE category_name='lcd tv' OR category_name='televisions' OR category_name='plasma tv'" & Request.Form("SortField")


<form action="delete2.asp" method="post">
  Sort by:
  <select name="SortField">
    <option>ORDER BY display_price ASC</option>
    <option>ORDER BY display_price DESC</option>
  </select>
  <input type="submit" name="SortButton" value="Select">

</form>


Thank you.....


Replies:
Posted By: WebWiz-Bruce
Date Posted: 21 August 2008 at 12:14pm
If you use this code you are leaving yourself wide open to an SQL Injection. Many new virus seek out and attack sites that are vulnerble to SQL Injection and both delete tables and place macious code into database.

What would be better is to pass across a value like 1 for ASC and 2 for DESC  like:-

strSQL = "SELECT TOP 10 * FROM dbo.products WHERE category_name='lcd tv' OR
category_name='televisions' OR category_name='plasma tv' ORDER BY display_price "

If Request.Form("SortField") = "1" Then
     strSQL = strSQL & " ASC;"
Else
      strSQL = strSQL & " DESC;"
End If

<form action="delete2.asp" method="post">
  Sort by:
  <select name="SortField">
    <option value=1>ORDER BY display_price ASC</option>
    <option vlaue=2>ORDER BY display_price DESC</option>
  </select>
  <input type="submit" name="SortButton" value="Select">

</form>




-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: shanerobinson
Date Posted: 21 August 2008 at 2:18pm
Thanks, bruce i will give that a try


Print Page | Close Window

Forum Software by Web Wiz Forums® version 12.08 - https://www.webwizforums.com
Copyright ©2001-2026 Web Wiz Ltd. - https://www.webwiz.net