Classic ASP Discussion - Search for Text within a String

Print Page | Close Window

Search for Text within a String

Printed From: Web Wiz Forums
Category: General Discussion
Forum Name: Classic ASP Discussion
Forum Description: Discussion on Active Server Pages (Classic ASP).
URL: https://forums.webwiz.net/forum_posts.asp?TID=29505
Printed Date: 28 March 2026 at 6:06am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com

Topic: Search for Text within a String

Posted By: kennywhite
Subject: Search for Text within a String
Date Posted: 05 July 2011 at 4:09pm

I have a website that I built, using an MS Access database. There is one field in the database called "SERIALS" this field holds all serial numbers for a specific part number. There are already thousands of records in this database, but the users would like a way to search for specific serial numbers. Is this possible? If so, how can I go about doing that? Again, the field holds 1 to dozens of different serial numbers, separated only by a single space.

I have tried

WHERE Serials = '" &  Request.QueryString("serial") & "'

and

WHERE Serials LIKE '" &  Request.QueryString("serial") & "'

I didn't expect either of these to work and they did not. Any ideas on how I can do this without having to create a new table and manually move all of the data over?

Replies:

Posted By: WebWiz-Bruce
Date Posted: 05 July 2011 at 4:29pm

For a start you need to santise the user reponse, using the querystring directly in an SQL Query is leaving yourself wide open to an SQL Injection attack from either a hacker, malware, or virus.

You should place the querystring in to a variable then remove or escape any unsafe SQL from the variable before using it in your SQL Query.

Once you sanitise your input try the following:-


strSerialNumber  =  Request.QueryString("serial")
strSerialNumber  = Replace(strSerialNumber, "'", "''")

WHERE Serials LIKE '%" &  strSerialNumber & "%'

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: kennywhite
Date Posted: 06 July 2011 at 2:29pm

No luck there. I am getting almost every record back, instead of just the one containing the text I'm looking for.

Thanks for the tip on sanitizing, though. I'll definitely start doing this for all of my pages.