[thelist] asp checkboxes help

Ken Schaefer Ken at adOpenStatic.com
Wed Nov 10 21:32:19 CST 2004


Brian,

I would use a combination of John's suggestion and Jason's suggestion.

You need, absolutely, to verify the integrity of the data that's coming
across the wire *before* you put it into an SQL statement, otherwise you run
the risk of SQL injection.

So, I would use Split() to put the data into an Array. Then test each element
to ensure that it's a number. You can use Join() to put the data back into a
string again and place it into an SQL statement if everything's OK.
Otherwise, if some elements are suspect, you could either abort the entire
page -or- only use those elements that are valid.

Cheers
Ken

: -----Original Message-----
: From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org] On
: Behalf Of Brooking, John
: Sent: Thursday, 11 November 2004 7:11 AM
: To: thelist at lists.evolt.org
: Subject: RE: [thelist] asp checkboxes help
: 
: Brian asked:
: > ...
: > How do I retrieve the multiple checkbox values if there is
: > more than one service?
: >
: > I am using asp, javascript.
: > any ideas??
: 
: Brian,
: 
:    If you need to process them one at a time, you can use the VBScript
: "Split" function to split the list into an array, then loop through the
: array. Untested, off the top of my head:
: 
:    DIM serviceListArray
:    serviceListArray = Split( request("serviceid"), "," )
:    For Each serviceItem In serviceListArray
:       ' Do whatever you want with each item
:    Next



More information about the thelist mailing list