Querystring issue

TheMSsForum.com: The Microsoft Software Forum

Hi all,

is there anyway of separating a string by either a space or + sign, I have
an sms.asp page that receives a string in this format below

http://acompany.co.uk/online/internal/InboundSms.asp?api_id=2920893&from=447912956700&to=447624813579×tamp=2007-04-07+03%3A56%3A42&text=19%2Bdavid

the last part text= I need to split into 2 parts I need to read the first
part 19 and match that to the db and then deal with the name David, I have
tried everything, is there anyway of doing this even if the string read
text=19+david if there was a way of separating the two.

Thanks in advance.

Regards
Simon Gare
The Gare Group Limited

website: www.thegaregroup.co.uk
website: www.privatehiresolutions.co.uk
Top

Re: Querystring issue by Evertjan

Evertjan
Sun Apr 08 15:06:17 CDT 2007

Simon Gare wrote on 08 apr 2007 in
microsoft.public.inetserver.asp.general:

> Hi all,
>
> is there anyway of separating a string by either a space or + sign, I
> have an sms.asp page that receives a string in this format below
>
> http://acompany.co.uk/online/internal/InboundSms.asp?api_id=2920893&fro
> m=447912956700&to=447624813579×tamp=2007-04-07+03%3A56%3A42&text=19%2Bd
> avid
>
> the last part text= I need to split into 2 parts I need to read the
> first part 19 and match that to the db and then deal with the name
> David, I have tried everything, is there anyway of doing this even if
> the string read text=19+david if there was a way of separating the
> two.


============= test.asp ======================
<% 'vbscript

if request.querystring("text").count=1 then
a = split(request.querystring("text"),"%2B")
response.write a(0) & "<br>"
response.write a(1) & "<br>"
end if

%>

<form method='get'>
<input name='text' value='19%2Bdavid'>
<input type='submit'>
</form>
==============================================

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Top

Re: Querystring issue by Simon

Simon
Sun Apr 08 17:24:43 CDT 2007

Thanks Evertjan,

how would the insert query look, below is what I have now but how would I
split that when entering the data 19 into 1 field and David into another?

Dim api_id
Dim sentfrom
Dim timestamp
Dim text


api_id = ParseString(Request.Querystring("api_id"))
from = ParseString(Request.Querystring("from"))
timestamp = Request.Querystring("timestamp")

text = ParseString(Request.Querystring("text"))


sql = "insert into dbo.SMSAPI (api_id,SentFrom,text,timestamp) values ("&
api_id &","& from &",'"& text &"','"& paxname &"',getdate())"


Thanks in Advance

Simon


"Evertjan." <exjxw.hannivoort@interxnl.net> wrote in message
news:Xns990CE084798C9eejj99@194.109.133.242...
> Simon Gare wrote on 08 apr 2007 in
> microsoft.public.inetserver.asp.general:
>
> > Hi all,
> >
> > is there anyway of separating a string by either a space or + sign, I
> > have an sms.asp page that receives a string in this format below
> >
> > http://acompany.co.uk/online/internal/InboundSms.asp?api_id=2920893&fro
> > m=447912956700&to=447624813579×tamp=2007-04-07+03%3A56%3A42&text=19%2Bd
> > avid
> >
> > the last part text= I need to split into 2 parts I need to read the
> > first part 19 and match that to the db and then deal with the name
> > David, I have tried everything, is there anyway of doing this even if
> > the string read text=19+david if there was a way of separating the
> > two.
>
>
> ============= test.asp ======================
> <% 'vbscript
>
> if request.querystring("text").count=1 then
> a = split(request.querystring("text"),"%2B")
> response.write a(0) & "<br>"
> response.write a(1) & "<br>"
> end if
>
> %>
>
> <form method='get'>
> <input name='text' value='19%2Bdavid'>
> <input type='submit'>
> </form>
> ==============================================
>
> --
> Evertjan.
> The Netherlands.
> (Please change the x'es to dots in my emailaddress)


Top

Re: Querystring issue by Evertjan

Evertjan
Mon Apr 09 06:21:07 CDT 2007

Simon Gare wrote on 09 apr 2007 in
microsoft.public.inetserver.asp.general:

> Thanks Evertjan,

[Please do not toppost on usenet]

>
> how would the insert query look, below is what I have now but how
> would I split that when entering the data 19 into 1 field and David
> into another?
>
> Dim api_id
> Dim sentfrom
> Dim timestamp
> Dim text
>
>
> api_id = ParseString(Request.Querystring("api_id"))

What is ParseString() ?????????

> from = ParseString(Request.Querystring("from"))
> timestamp = Request.Querystring("timestamp")
>
> text = ParseString(Request.Querystring("text"))
>
>
> sql = "insert into dbo.SMSAPI (api_id,SentFrom,text,timestamp) values
> ("& api_id &","& from &",'"& text &"','"& paxname &"',getdate())"

DANGEROUS! entering querystring strings directly in a SQL
is asking for SQL Injection/Insertion Attacks.
[read up on Insertion Attacks on the web!]

Do as I showed you extracting the two strings:

a = split(request.querystring("text"),"%2B")

Then test the resulting strings for Insertion Attack characters,
and if all is well set them into the SQL strings as you do above with
"from" etc.



> Thanks in Advance
>
> Simon
>
>
> "Evertjan." <exjxw.hannivoort@interxnl.net> wrote in message
> news:Xns990CE084798C9eejj99@194.109.133.242...
>> Simon Gare wrote on 08 apr 2007 in
>> microsoft.public.inetserver.asp.general:
>>
>> > Hi all,
>> >
>> > is there anyway of separating a string by either a space or + sign,
>> > I have an sms.asp page that receives a string in this format below
>> >
>> > http://acompany.co.uk/online/internal/InboundSms.asp?api_id=2920893&
>> > fro
>> > m=447912956700&to=447624813579×tamp=2007-04-07+03%3A56%3A42&text=19%
>> > 2Bd avid
>> >
>> > the last part text= I need to split into 2 parts I need to read the
>> > first part 19 and match that to the db and then deal with the name
>> > David, I have tried everything, is there anyway of doing this even
>> > if the string read text=19+david if there was a way of separating
>> > the two.
>>
>>
>> ============= test.asp ======================
>> <% 'vbscript
>>
>> if request.querystring("text").count=1 then
>> a = split(request.querystring("text"),"%2B")
>> response.write a(0) & "<br>"
>> response.write a(1) & "<br>"
>> end if
>>
>> %>
>>
>> <form method='get'>
>> <input name='text' value='19%2Bdavid'>
>> <input type='submit'>
>> </form>
>> ==============================================
>>
>> --
>> Evertjan.
>> The Netherlands.
>> (Please change the x'es to dots in my emailaddress)
>
>
>



--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Top

Re: Querystring issue by Simon

Simon
Mon Apr 09 17:11:42 CDT 2007

Sorry Evertjan its not working, need to match the first part of the
querystring against one table i.e. 19 and enter the second part i.e. David
into another table along with other info.

Sorry to be a pain but cannot separate the 2 apart even with your solution,
more assistance would be greatly appreciated.

Regards
Simon
"Evertjan." <exjxw.hannivoort@interxnl.net> wrote in message
news:Xns990D877AD995Deejj99@194.109.133.242...
> Simon Gare wrote on 09 apr 2007 in
> microsoft.public.inetserver.asp.general:
>
> > Thanks Evertjan,
>
> [Please do not toppost on usenet]
>
> >
> > how would the insert query look, below is what I have now but how
> > would I split that when entering the data 19 into 1 field and David
> > into another?
> >
> > Dim api_id
> > Dim sentfrom
> > Dim timestamp
> > Dim text
> >
> >
> > api_id = ParseString(Request.Querystring("api_id"))
>
> What is ParseString() ?????????
>
> > from = ParseString(Request.Querystring("from"))
> > timestamp = Request.Querystring("timestamp")
> >
> > text = ParseString(Request.Querystring("text"))
> >
> >
> > sql = "insert into dbo.SMSAPI (api_id,SentFrom,text,timestamp) values
> > ("& api_id &","& from &",'"& text &"','"& paxname &"',getdate())"
>
> DANGEROUS! entering querystring strings directly in a SQL
> is asking for SQL Injection/Insertion Attacks.
> [read up on Insertion Attacks on the web!]
>
> Do as I showed you extracting the two strings:
>
> a = split(request.querystring("text"),"%2B")
>
> Then test the resulting strings for Insertion Attack characters,
> and if all is well set them into the SQL strings as you do above with
> "from" etc.
>
>
>
> > Thanks in Advance
> >
> > Simon
> >
> >
> > "Evertjan." <exjxw.hannivoort@interxnl.net> wrote in message
> > news:Xns990CE084798C9eejj99@194.109.133.242...
> >> Simon Gare wrote on 08 apr 2007 in
> >> microsoft.public.inetserver.asp.general:
> >>
> >> > Hi all,
> >> >
> >> > is there anyway of separating a string by either a space or + sign,
> >> > I have an sms.asp page that receives a string in this format below
> >> >
> >> > http://acompany.co.uk/online/internal/InboundSms.asp?api_id=2920893&
> >> > fro
> >> > m=447912956700&to=447624813579×tamp=2007-04-07+03%3A56%3A42&text=19%
> >> > 2Bd avid
> >> >
> >> > the last part text= I need to split into 2 parts I need to read the
> >> > first part 19 and match that to the db and then deal with the name
> >> > David, I have tried everything, is there anyway of doing this even
> >> > if the string read text=19+david if there was a way of separating
> >> > the two.
> >>
> >>
> >> ============= test.asp ======================
> >> <% 'vbscript
> >>
> >> if request.querystring("text").count=1 then
> >> a = split(request.querystring("text"),"%2B")
> >> response.write a(0) & "<br>"
> >> response.write a(1) & "<br>"
> >> end if
> >>
> >> %>
> >>
> >> <form method='get'>
> >> <input name='text' value='19%2Bdavid'>
> >> <input type='submit'>
> >> </form>
> >> ==============================================
> >>
> >> --
> >> Evertjan.
> >> The Netherlands.
> >> (Please change the x'es to dots in my emailaddress)
> >
> >
> >
>
>
>
> --
> Evertjan.
> The Netherlands.
> (Please change the x'es to dots in my emailaddress)


Top

Re: Querystring issue by Evertjan

Evertjan
Mon Apr 09 17:42:05 CDT 2007

Simon Gare wrote on 10 apr 2007 in
microsoft.public.inetserver.asp.general:

> Sorry Evertjan its not working, need to match the first part of the
> querystring against one table i.e. 19 and enter the second part i.e.
> David into another table along with other info.
>
> Sorry to be a pain but cannot separate the 2 apart even with your
> solution, more assistance would be greatly appreciated.
>
> Regards
> Simon
> "Evertjan." <exjxw.hannivoort@interxnl.net> wrote in message
> news:Xns990D877AD995Deejj99@194.109.133.242...
>> Simon Gare wrote on 09 apr 2007 in
>> microsoft.public.inetserver.asp.general:
>>
>> > Thanks Evertjan,
>>
>> [Please do not toppost on usenet]

If you keep on toposting I will not go on with this thread.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Top

Re: Querystring issue by Anthony

Anthony
Tue Apr 10 08:25:39 CDT 2007


"Simon Gare" <simon@simongare.com> wrote in message
news:uhD%236aheHHA.5044@TK2MSFTNGP06.phx.gbl...
> Hi all,
>
> is there anyway of separating a string by either a space or + sign, I have
> an sms.asp page that receives a string in this format below
>
>
http://acompany.co.uk/online/internal/InboundSms.asp?api_id=2920893&from=447912956700&to=447624813579×tamp=2007-04-07+03%3A56%3A42&text=19%2Bdavid
>
> the last part text= I need to split into 2 parts I need to read the first
> part 19 and match that to the db and then deal with the name David, I have
> tried everything, is there anyway of doing this even if the string read
> text=19+david if there was a way of separating the two.
>
> Thanks in advance.
>
> Regards
> Simon Gare
> The Gare Group Limited
>
> website: www.thegaregroup.co.uk
> website: www.privatehiresolutions.co.uk
>
>

aText = Split(Request.QueryString("text"), "+")

aText(0) will be "19" and aText(1) will be "david"

The %2B is an escape code for + because + is used converted to space by some
url encoders.

I think what you really need to do is make sure the code that generated the
URL in the first place does so in a consitent manner.



Top