| Author |
 Topic  |
|
Nikkol
Forum Moderator
USA
6907 Posts |
 Posted - 17 February 2003 : 13:37:23
|
How about this? Should work as Frutz's does, just changed this around a bit.
if Request.QueryString("TOPIC_ID") <> "" then
if IsNumeric(Request.QueryString("TOPIC_ID")) = True then
strRqTopicID = cLng(Request.QueryString("TOPIC_ID"))
else
Response.Redirect("default.asp")
end if
else
if (strRqMethod <> "Topic" And strRqMethod <> "Forum" And strRqMethod <> "Category") then Response.Redirect("default.asp")
end if
if Request.QueryString("FORUM_ID") <> "" then
if IsNumeric(Request.QueryString("FORUM_ID")) = True then
strRqForumID = cLng(Request.QueryString("FORUM_ID"))
else
Response.Redirect("default.asp")
end if
else
if (strRqMethod <> "Forum" And strRqMethod <> "Category") then Response.Redirect("default.asp")
end if
if Request.QueryString("CAT_ID") <> "" then
if IsNumeric(Request.QueryString("CAT_ID")) = True then
strRqCatID = cLng(Request.QueryString("CAT_ID"))
else
Response.Redirect("default.asp")
end if
end if
if Request.QueryString("REPLY_ID") <> "" then
if IsNumeric(Request.QueryString("REPLY_ID")) = True then
strRqReplyID = cLng(Request.QueryString("REPLY_ID"))
else
Response.Redirect("default.asp")
end if
else
if (strRqMethod <> "Reply" And strRqMethod <> "Topic" And strRqMethod <> "Forum" And strRqMethod <> "Category") then Response.Redirect("default.asp")
end if |
 |
|
|
Deleted
deleted
4116 Posts |
Posted - 17 February 2003 : 13:41:36
|
quote:
You named your daughter Duty?
Very good  , are'nt children duty for their parents? Her name is Defne (Daphne in English), she is 10 months old and started to walk around to crash stuff. You want believe how much time she takes, so we could have named her Duty.
|
 Stop the WAR! |
|
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
|
|
Roland
Advanced Member
Netherlands
9335 Posts |
Posted - 17 February 2003 : 14:11:24
|
quote:
Originally posted by Nikkol
How about this? Should work as Frutz's does, just changed this around a bit.
if Request.QueryString("TOPIC_ID") <> "" then
if IsNumeric(Request.QueryString("TOPIC_ID")) = True then
strRqTopicID = cLng(Request.QueryString("TOPIC_ID"))
else
Response.Redirect("default.asp")
end if
else
if (strRqMethod <> "Topic" And strRqMethod <> "Forum" And strRqMethod <> "Category") then Response.Redirect("default.asp")
end if
if Request.QueryString("FORUM_ID") <> "" then
if IsNumeric(Request.QueryString("FORUM_ID")) = True then
strRqForumID = cLng(Request.QueryString("FORUM_ID"))
else
Response.Redirect("default.asp")
end if
else
if (strRqMethod <> "Forum" And strRqMethod <> "Category") then Response.Redirect("default.asp")
end if
if Request.QueryString("CAT_ID") <> "" then
if IsNumeric(Request.QueryString("CAT_ID")) = True then
strRqCatID = cLng(Request.QueryString("CAT_ID"))
else
Response.Redirect("default.asp")
end if
end if
if Request.QueryString("REPLY_ID") <> "" then
if IsNumeric(Request.QueryString("REPLY_ID")) = True then
strRqReplyID = cLng(Request.QueryString("REPLY_ID"))
else
Response.Redirect("default.asp")
end if
else
if (strRqMethod <> "Reply" And strRqMethod <> "Topic" And strRqMethod <> "Forum" And strRqMethod <> "Category") then Response.Redirect("default.asp")
end if
No offence, but will these codes be better than what I posted, or are you just going through the different ways of writing the same thing? |
|
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
Posted - 17 February 2003 : 14:46:15
|
| none taken. i was just eliminating the part to check for Request.QueryString("FORUM_ID") = "" and the like since that's already taken care of in the first part of the if statement. Just cuts down on the amount of time to process if only by a very small fraction of a second. |
Nikkol ~ Help Us Help You | ReadMe | 3.4.03 fixes | security fixes ~ |
|
|
|
GauravBhabu
Advanced Member
4288 Posts |
Posted - 17 February 2003 : 15:36:32
|
How about something like as below?
Set RequestString = Request.QueryString
strRqMethod = Empty
strRqCatID = Empty ' or 0
strRqForumID = Empty 'or 0
strRqTopicID = Empty ' or 0
strRqReplyID = Empty ' or 0
numRequestID = 0
For Each RequestItem in RequestString
Select Case lcase(RequestItem)
Case "method"
strRqMethod = RequestString(RequestItem)
Case "cat_id"
strRqCatID = RequestString(RequestItem)
'Call function IDValidation to Validate for Numeric values
Case "forum_id"
strRqForumID = RequestString(RequestItem)
'Call function IDValidation to Validate for Numeric values
Case "topic_id"
strRqTopicID = RequestString(RequestItem)
'Call function IDValidation to Validate for Numeric values
Case "reply_id"
strRqReplyID = RequestString(RequestItem)
'Call function IDValidation to Validate for Numeric values
End select
Next
Set RequestString = Nothing
Select Case lcase(strRqMethod)
Case [VALID METHODS]
'Continue
Case else
'ERROR - INVALID METHOD
End select
numRequestID = strRqReplyID + strRqTopicID + strRqForumId + strRqCatID
if strRqMethod = "category" then
'creating a new Category
elseif numRequestId = 0 then
'ERROR - ID REQUIRED
end if
function IDValidation checks for numeric values. If value is not numeric the function returns 0.
|
|
|
|
davemaxwell
Access 2000 Support Moderator
USA
3020 Posts |
Posted - 17 February 2003 : 16:51:07
|
quote:
Originally posted by Nikkol
quote:
Originally posted by bozden
she is 10 months old and started to walk around to crash stuff
just wait until she's two.
Or you HAVE two.... |
Dave Maxwell
Barbershop Harmony Freak |
|
|
|
Nathan
Help Moderator
USA
7664 Posts |
Posted - 18 February 2003 : 00:18:24
|
| Who cares if column names are exposed. This is an open source forum, anyone can get the column names just by downloading a copy and looking at the access database. |
 Nathan Bales
CoreBoard | Active Users Download |
|
|
|
Roland
Advanced Member
Netherlands
9335 Posts |
Posted - 18 February 2003 : 07:27:21
|
| I agree with Nathan that it's not important whether or not people know the column names, but it does look better if when someone enters a wrong URL, they get redirected to default.asp instead of getting some vague error they can't do anything with. |
|
|
|
Topic |
|
Topic Locked
