Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Discussions (General)
 members.asp
 New Topic  Topic Locked
 Printer Friendly
Previous Page | Next Page
Author Previous Topic Topic Next Topic
Page: of 3

davemaxwell
Access 2000 Support Moderator

USA
3020 Posts

Posted - 17 October 2002 :  11:08:05  Show Profile  Visit davemaxwell's Homepage  Send davemaxwell an AOL message  Send davemaxwell an ICQ Message  Send davemaxwell a Yahoo! Message
The problem with that is like in the search page, you can search just one forum, which is passed in the querystring. But the rest comes from the form (I think, don't have the code in front of me - the forumID might get moved into a form field before searching...). What I would prefer is a function that searches the querystring first, then if nothing is there, it hits the form. Just so it only hits those two object types and not all eight.

Dave Maxwell
Barbershop Harmony Freak
Go to Top of Page

GauravBhabu
Advanced Member

4288 Posts

Posted - 17 October 2002 :  11:16:29  Show Profile
quote:
Originally posted by davemaxwell

The problem with that is like in the search page, you can search just one forum, which is passed in the querystring. But the rest comes from the form (I think, don't have the code in front of me - the forumID might get moved into a form field before searching...). .


forum - forumid I guess you referring to search.asp.

quote:
What I would prefer is a function that searches the querystring first, then if nothing is there, it hits the form. Just so it only hits those two object types and not all eight


This part does that
sub InitRequestVars()
    dim objRequest
    if Request.QueryString <> "" then 
     Set objRequest = Request.QueryString
    else
     Set objRequest = Request.Form
    end if

Edited by - GauravBhabu on 17 October 2002 11:19:52
Go to Top of Page

davemaxwell
Access 2000 Support Moderator

USA
3020 Posts

Posted - 17 October 2002 :  11:20:43  Show Profile  Visit davemaxwell's Homepage  Send davemaxwell an AOL message  Send davemaxwell an ICQ Message  Send davemaxwell a Yahoo! Message
Yeah. like if I go into the Community:Announcements forum and click the search button, this is the URL http://forum.snitz.com/forum/search.asp?FORUM_ID=20

That will only search for posts matching the criteria in that Forum_ID, not the entire forum......never mind. I see how it does it. It presets the search in forum: box with appropriate forum. NEVER MIND....

Dave Maxwell
Barbershop Harmony Freak
Go to Top of Page

GauravBhabu
Advanced Member

4288 Posts

Posted - 17 October 2002 :  11:43:49  Show Profile
Here is what I did
members.asp
Lines 74-101
Replaced with following statements

dim SortMethod, strSortMethod, strSortMethod2 
dim strMode
dim SearchName
dim srchUName, srchFName, srchLName, srchInitial

if ((Request.Form = "") And (Request.QueryString = "")) then
 strMode = "" : SearchName = ""
 srchUName = "" : srchFName = "" 
 srchLName = "" : srchInitial = ""
else
 Call InitRequestVars()
end if


Added the following functions to members.asp
<edit>
sub InitRequestVars()
    dim objRequest
    if Request.Form("mode") = "search" then 
     Set objRequest = Request.Form
    else
     Set objRequest = Request.Querystring
    end if
    SortMethod = Trim(objRequest("method"))
    strMode = (objRequest("mode"))
    SearchName = objRequest("M_NAME")
    srchUName = objRequest("UserName")
    srchFName = objRequest("FirstName")
    srchLName = objRequest("LastName")
    srchInitial = objRequest("INITIAL")
    Set objRequest = Nothing
    Rem -Sort Method
    if SortMethod <> "" then
    	SortMethod = Trim(chkString(SortMethod, "SQLString"))
    	strSortMethod = "&method=" & SortMethod
    	strSortMethod2 = "?method=" & SortMethod
    end if
    strMode = Trim(chkString(strMode, "SQLString"))
    if strMode <> "search" then strMode = ""
    Rem -Search For
    SearchName = Trim(chkString(SearchName, "SQLString"))
    Rem -Find Match in Username
    if srchUName <> "" then srchUName = CheckNumeric(srchUName, "1")
    Rem -Find Match in FirstName
    if srchFName <> "" then srchFName = CheckNumeric(srchFName, "0")
    Rem -Find Match in LastName
    if srchLName <> "" then srchLName = CheckNumeric(srchLName, "0")
    Rem -Match Initial
    if srchInitial <> "" then srchInitial = CheckNumeric(srchInitial, "0")
end sub

function CheckNumeric(lngNumber, strNumber)
    if IsNumeric(lngNumber) then 
     CheckNumeric = cLng(lngNumber)
    else
     CheckNumeric = strNumber
    end if
end function


DEMO HERE
username: snitz
password: snitz

Edited by - GauravBhabu on 18 October 2002 01:18:08
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20595 Posts

Posted - 17 October 2002 :  12:21:20  Show Profile  Visit HuwR's Homepage
quote:

quote:


SearchName = trim(chkString(Request("M_NAME"), "SQLString"))
if SearchName = "" then
SearchName = trim(chkString(Request.Form("M_NAME"), "SQLString"))
end if




Uhhmmmm...if it can't find it in the generic request object on the first check, it's not going to find it in the request.form object since the generic checks request.form.



That was the point I was trying to make, if you do this
SearchName = trim(chkString(Request("M_NAME"), "SQLString"))
then the if then statement is just a waste of code.
Go to Top of Page

GauravBhabu
Advanced Member

4288 Posts

Posted - 17 October 2002 :  15:09:36  Show Profile
quote:
Originally posted by HuwR

...That was the point I was trying to make, if you do this
SearchName = trim(chkString(Request("M_NAME"), "SQLString"))
then the if then statement is just a waste of code.


It is not that I have not understood your point. Infact that was my initial thought also. But Consider the point in my post Here and solutions
Solution #1
Solution #2
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20595 Posts

Posted - 17 October 2002 :  16:11:35  Show Profile  Visit HuwR's Homepage
I understand your point, I think we were just arguing different points , I like your solution, but am inclined to agree with Richard that a generic function may be more useful, but does not need to do all checks like youe suggested previously, since the blank request("") as far as I know only ever refer to either the form or the querystring, and it is never used this way to retrieve from the cookies etc, so something as simple as

sub GetRequestVar(NAME)
dim objRequest
if Request.QueryString <> "" then
Set objRequest = Request.QueryString
else
Set objRequest = Request.Form
end if
GetRequestVar = objRequest(NAME)
end sub

or something similar
Go to Top of Page

GauravBhabu
Advanced Member

4288 Posts

Posted - 17 October 2002 :  16:27:35  Show Profile
Oh Yes, that will be good also and can be implemented through out the forum.
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20595 Posts

Posted - 17 October 2002 :  16:43:46  Show Profile  Visit HuwR's Homepage
quote:
Originally posted by GauravBhabu

Oh Yes, that will be good also and can be implemented through out the forum.



I just nicked a couple of bits of your solution, so its your idea really
Go to Top of Page

Gremlin
General Help Moderator

New Zealand
7528 Posts

Posted - 17 October 2002 :  16:54:18  Show Profile  Visit Gremlin's Homepage
Don't over use it though its still adds no benefits if you already know which collection you should be checking, I'm against giving people an easy way out that actually hinders performance, you find MOD writers start using it by default when they should just be specifiying the correct collection in the code.

Kiwihosting.Net - The Forum Hosting Specialists
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20595 Posts

Posted - 17 October 2002 :  17:06:19  Show Profile  Visit HuwR's Homepage
quote:

Don't over use it though its still adds no benefits if ....



I agree, it is only for those places where the variable may be passed in ether the form or the query string, not for every request call
Go to Top of Page

GauravBhabu
Advanced Member

4288 Posts

Posted - 17 October 2002 :  20:42:43  Show Profile
I also agree, it is only for those situations when the values are expected from either Form Object or in Querystring and are either exclusively being passed via Form object or exclusively in Querystring.
Go to Top of Page

work mule
Senior Member

USA
1358 Posts

Posted - 18 October 2002 :  00:31:44  Show Profile
quote:
For items not in Request.Cookies, Request.Form, Request.QueryString, or Request.ClientCertificate, there is an implicit call to Request.ServerVariables. The Request.ServerVariables collection is much slower than the other collections.


Maybe I'm not getting it, but I don't think there is an issue.

Try this simple test and the above statement (not mine, the quoted one) will become clear:

Step 1:
Create a simple test page with this one line:
response.write Request("HTTP_USER_AGENT")


Now try these links and look at the output:

http://localhost/olp_dev/testobjects.asp
http://localhost/olp_dev/testobjects.asp?HTTP_USER_AGENT=
http://localhost/olp_dev/testobjects.asp?HTTP_USER_AGENT=TEST

As long as the item exists, it won't go through to the Request.ServerVariables collection. So just make sure all items (you're expecting) are passed in the querystring or in your form, regardless if they have a value or not. In the case of the the second link, even though there's no value, it still creates an entry in the Request.Querystring Collection. As long as the entry exists, it won't check the next collection nor make it down to the ServerVariable collection.

You have to be aware of the order of precedence of the various collections.

quote:

All variables can be accessed directly by calling Request(variable) without the collection name. In this case, the Web server searches the collections in the following order.

QueryString
Form
Cookies
ClientCertificate
ServerVariables



Something evil...
If someone knew that the page your forms posted to did not specifically check for the forms collection [Request.Form("")], they could override all of your form values by recreating your form post via the querystring. In that instance, if the person relied upon the html form to validate the data (ie. thinking values only in lists would be sent, data lengths limited by maxsize, javascript validations), they'd be vulnerable.

So it's not so much an issue of performance, but integrity. If you know you're value is going to be in the form collection, look for it there. If you don't, someone could mess around and add it to the querystring and anything in the form collection would be ignored with a basic Request("") reference.
Go to Top of Page

GauravBhabu
Advanced Member

4288 Posts

Posted - 18 October 2002 :  01:05:38  Show Profile
quote:
Originally posted by work mule


As long as the item exists, it won't go through to the Request.ServerVariables collection...As long as the entry exists, it won't check the next collection nor make it down to the ServerVariable collection.


That is exactly what I pointed out in the post Here
quote:

Something evil...
If someone knew that the page your forms posted to did not specifically check for the forms collection [Request.Form("")], they could override all of your form values by recreating your form post via the querystring...



quote:

So it's not so much an issue of performance, but integrity. If you know you're value is going to be in the form collection, look for it there. If you don't, someone could mess around and add it to the querystring and anything in the form collection would be ignored with a basic Request("") reference.


Validate the Input always. Script in members.asp validated all the input values whether they are passed via querystring or Form Object.
Go to Top of Page

GauravBhabu
Advanced Member

4288 Posts

Posted - 18 October 2002 :  01:21:19  Show Profile
quote:
Originally posted by work mule


Something evil...
If someone knew that the page your forms posted to did not specifically check for the forms collection [Request.Form("")], they could override all of your form values by recreating your form post via the querystring...
...If you don't, someone could mess around and add it to the querystring and anything in the form collection would be ignored with a basic Request("") reference.



To avoid that first Check if the user submitted the values via Form
sub InitRequestVars()
    dim objRequest
    if Request.Form("mode") = "search" then 
     Set objRequest = Request.Form
    else
     Set objRequest = Request.Querystring
    end if


Go to Top of Page
Page: of 3 Previous Topic Topic Next Topic  
Previous Page | Next Page
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.2 seconds. Powered By: Snitz Forums 2000 Version 3.4.07