tags:

views:

25

answers:

2
Q: 

matching string with database

I am coding simple 404 seo for my website. I am little confused at one point. I need codes to go over categories table and see if it matches with the string. If yes, then it should print category's name, if not then it should display "page not found" message. I dont understand where I went wrong here...

> > <%
> >     WebsiteQueryString = Request.QueryString
> >     SplitQueryString = split(WebsiteQueryString, "/")
> > 
> >     SQL = "SELECT C.CATEGORYID,
> > C.CATEGORYNAME"     SQL = SQL & " FROM
> > CATEGORIES C"   Set objCategory =
> > objConn.Execute(SQL)    
> > 
> >     If objCategory("CATEGORYID") =
> > SplitQueryString(4) Then     %>
> > 
> > <%=objCategory("CATEGORYNAME")%>
> > 
> > <% Else %>
> > 
> 
>     enter code here`page not found.
> 
> > 
> > 
> > <% End If %>
A: 

OK, I'm a little rusty on the Classic ASP, but it seems that you probably want something more like this:

<% 
    WebsiteQueryString = Request.QueryString 
    SplitQueryString = split(WebsiteQueryString, "/") 

    ' I'm assuming SplitQueryString(4) is a number, as is CATEGORYID
    SQL = "SELECT CATEGORYNAME FROM CATEGORIES WHERE CATEGORYID = " & SplitQueryString(4)
    Set objCategory = objConn.Execute(SQL)     

    If objCategory("CATEGORYNAME") <> "" Then

    Response.Write(objCategory("CATEGORYNAME"))

    Else %> 

  enter code here`page not found. 

<% End If %>

One other major comment on this. Taking this approach makes you severely susceptible to SQL injection attacks. I'd suggest a Stored Procedure.

CSharper  2010-01-19 03:28:20
what is a stored procedure?
Efe Tuncel  2010-01-19 03:41:39
It's basically a partially compiled SQL statement to which you pass parameters. You can see more here: http://en.wikipedia.org/wiki/Stored_procedure
CSharper  2010-01-29 18:52:40
A: 

Some hints:

1/ use cInt (or cStr)

If objCategory("CATEGORYID") = SplitQueryString(4) Then

If SplitQueryString(4) is a number, try putting cInt( before both operands as in

If cInt(objCategory("CATEGORYID")) = cInt(SplitQueryString(4)) Then

If have come across situations where I needed to do this to have a good comparison.

2/ try writing the values on screen before you compare them (are you sure you are comparing with the correct element ?)

Response.Write( "[" & objCategory("CATEGORYID" & "]")
Response.Write( "[" & SplitQueryString(4) & "]" )

I always put brackets around them as to see if an empty string is present

3/ Test for IsNull()

Try testing for IsNull() for your objCategory("CATEGORYID") , since I think field values are Null if not present in the record

4/ Make sure you use the correct field name (CATEGORYID) - check spelling

Edelcom  2010-01-19 10:32:15

related questions

asp consuming a web service, what do do with recordset object ?
How exactly do you configure httpOnly Cookies in ASP Classic?
Replace huge Case statement in Classic ASP
How do the CakePHP and codeigniter frameworks compare to the ASP.NET MVC framework?
Why do I get this error "[DBNETLIB][ConnectionRead (recv()).]General network error" with ASP pages
ASPSmartUpload v3.2
Are there benefits to Classic ASP over ASP.net
Why continue writing legacy systems?
Remote Debugging Server Side of a Web Application with Visual Studio 2008
Migrating from ASP Classic to .NET and pain mitigation
VBScript/ASP Classic
What is this 'Multiple-step OLE DB' error?
Code Classic ASP in Linux
How do I secure a folder used to let users upload files?
ASP/VBScript - Int() vs CInt()
What's the best way to manage a classic asp front-end using Visual Studio 2008?
Calling ASP.NET web service from ASP using SOAPClient
IIS 6/COM+ hangs
Select Query on 2 tables, on different database servers
Calling REST web services from a classic asp page
How to run remote shell scripts from ASP pages?
What is the IDE for classic ASP and VBScript?
Using ConfigurationManager to load config from an arbitrary location
What is the best way to iterate through an array in Classic Asp VBScript?
How do I build a collection in classic ASP?