ASP need help with variables

Forum Moderators: open

Message Too Old, No Replies

ASP need help with variables

Andrew Thomas

4:08 pm on Dec 11, 2002 (gmt 0)

I have to files index.asp and build.asp. using <%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>

The index code is:-

<a href="build.asp?product=<%=(rs_products.Fields.Item("product_display_title").Value)%

so the product is held in the URL, and passed to the buils.asp page.

I have the following SELECT code in a file called "build.asp" which i need to capture the "product", from the index.asp code

SELECT * FROM components, products WHERE componentt_title LIKE 'Processor' AND product_display_title = '" + product + "'

the trouble is, im getting mixed up with my variables and not sure what to do with them? As i understand i need

var product=Request.Querystring("product") within my build.asp code.

But i get an error, and also do i need to declare this variable in my index.asp, and if so what is the format?

hope you all understand,

trying to get to grips with this ASP

Andy

korkus2000

4:15 pm on Dec 11, 2002 (gmt 0)

With VBscript you should use:

dim product
product=Request.Querystring("product") 'within my build.asp code.

instead of

var product=Request.Querystring("product") within my build.asp code.

var is a javascript declaration and you identified the scripting language at the top of the page:

<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>

as VBScript.

I would also use more descriptive variable names. It will help when you are looking at a hundred of them.

Andrew Thomas

4:17 pm on Dec 11, 2002 (gmt 0)

thanks, but i get this error

Microsoft VBScript compilation error '800a0401'

Expected end of statement

/build.asp, line 6

dim product=Request.Querystring("product")

korkus2000

4:18 pm on Dec 11, 2002 (gmt 0)

Assign your variable on a different line.

dim product
product=Request.Querystring("product")

Andrew Thomas

4:22 pm on Dec 11, 2002 (gmt 0)

thanks, it worked....

slowly getting the hang of this, just mixing up the format a bit....

Andy

korkus2000

4:23 pm on Dec 11, 2002 (gmt 0)

Ya it gets confusing going back and forth between languages.

Dreamquick

4:24 pm on Dec 11, 2002 (gmt 0)

Making the query work

If it was me I'd do it like this;

SELECT * FROM components, products WHERE componentt_title LIKE 'Processor' AND product_display_title = '" & Request.Querystring("product") & "'

This doesn't require an extra variable, therefore no declarations. I also swapped the +'s for &'s since if you are working with text with ASP the & is preferable.

You might want to consider filtering the input first rather than using it as-is, maybe wrapping it in a function call to do the entire thing inline. (See the PHP Security thread for an explanation of why you need to do this - the case outlined there applies to any script language including ASP)

To declare & use a variable

Dim sMyString

sMyString = "Something"
sMyString = Object.Property

Sadly you can't use a single variable creation and assignment as you can in C or JavaScript.

Hope that helps.

- Tony