Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/O Code)
 Encoding search parameters in the search URL
 New Topic  Topic Locked
 Printer Friendly
Next Page
Author Previous Topic Topic Next Topic
Page: of 2

chri5k
Starting Member

2 Posts

Posted - 16 April 2003 :  19:38:43  Show Profile
Hi All,

I would like to know if there is a way to put the search terms in the URL rather than having to click on the search icon and enter the terms then click search. I have seen other ASP based forums where the URL for a completed search is something like this

http://www.site.com/forum/search.asp?keyword=Test&sort=1....

Whereas the results from a search with Snitz looks like this

http://forum.snitz.com/forum/search.asp?mode=DoIt

This would allow links to searches directly in replies and allow links in otjer portions of a site to reference a search. Any help will be appreciated.

Thanks,
Chris

Edited by - ruirib on 08 July 2003 17:57:08

Nikkol
Forum Moderator

USA
6907 Posts

Posted - 16 April 2003 :  19:54:02  Show Profile
I believe doing that might be a security risk via sql injection.

Nikkol ~ Help Us Help You | ReadMe | 3.4.03 fixes | security fixes ~
Go to Top of Page

chri5k
Starting Member

2 Posts

Posted - 16 April 2003 :  20:35:06  Show Profile
Nikkol,

Thanks for the info re security. I had thought of that but this would be on a small intranet and not on the Internet so the risk would be reduced but not eliminated. Is there a way to encode the serach in a URL?

Thanks,
Chris
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 16 April 2003 :  22:28:32  Show Profile  Send ruirib a Yahoo! Message
To do that you would need to change search.asp to get all the search parameters from the query string. It's certainly possible, but that change would be required.


Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

ROB
Junior Member

USA
347 Posts

Posted - 01 June 2003 :  14:30:45  Show Profile  Visit ROB's Homepage  Send ROB an AOL message  Send ROB an ICQ Message  Send ROB a Yahoo! Message
Is it really a sql injection risk? Is there not some way around this?

If I could link to search results, life would be much easier for my moderators.

Jeff (ROB) Hester
BigBlueNetwork | BigBlueBall | Christian Church Today
Go to Top of Page

Nikkol
Forum Moderator

USA
6907 Posts

Posted - 01 June 2003 :  14:33:34  Show Profile
quote:
Originally posted by ROB

If I could link to search results, life would be much easier for my moderators.

Explain. Why is it hard for them now?

Nikkol ~ Help Us Help You | ReadMe | 3.4.03 fixes | security fixes ~
Go to Top of Page

Aaron S.
Average Member

USA
985 Posts

Posted - 01 June 2003 :  14:54:06  Show Profile  Visit Aaron S.'s Homepage
I think he means that moderators (or whomever) could display a search result as a URL rather than referring them to the search form and telling them which keywords to enter.

--Aaron

DOWNLOAD GREAT NEW MODS HERE
Go to Top of Page

Nikkol
Forum Moderator

USA
6907 Posts

Posted - 01 June 2003 :  14:58:13  Show Profile
ah, ok.

Nikkol ~ Help Us Help You | ReadMe | 3.4.03 fixes | security fixes ~
Go to Top of Page

ROB
Junior Member

USA
347 Posts

Posted - 03 June 2003 :  17:35:38  Show Profile  Visit ROB's Homepage  Send ROB an AOL message  Send ROB an ICQ Message  Send ROB a Yahoo! Message
Yep, that's what I meant. But I'm still wondering if there really is a SQL injection risk, and if so, if there's any way to avoid it. I'm not looking for a solution, just an opinion.

If it looks like it's safely do-able, I'm up for creating a version of search.asp that uses the URL querystring. This would solve the problem.

Jeff (ROB) Hester
BigBlueNetwork | BigBlueBall | Christian Church Today
Go to Top of Page

D3mon
Senior Member

United Kingdom
1685 Posts

Posted - 03 June 2003 :  17:42:07  Show Profile  Visit D3mon's Homepage
Depends if the code checks the querystring variables for naughty characters/code. Running ChkString() on them before using them should work fine.


Snitz 'Speedball' : Site Integration Mod : Friendly Registration Mod
"In war, the victorious strategist only seeks battle after the victory has been won"
Go to Top of Page

D3mon
Senior Member

United Kingdom
1685 Posts

Posted - 03 June 2003 :  17:59:58  Show Profile  Visit D3mon's Homepage
here ya go...
search.txt

(might need a ciouple of tweaks to get it looking right - ripped it straight from my own forums)


Snitz 'Speedball' : Site Integration Mod : Friendly Registration Mod
"In war, the victorious strategist only seeks battle after the victory has been won"
Go to Top of Page

ROB
Junior Member

USA
347 Posts

Posted - 08 July 2003 :  17:40:34  Show Profile  Visit ROB's Homepage  Send ROB an AOL message  Send ROB an ICQ Message  Send ROB a Yahoo! Message
Works beautifully. I've integrated it with the version of search.asp optimized for SQL Server and it's sweet. Thanks D3mon!

Jeff (ROB) Hester
BigBlueNetwork | BigBlueBall | Christian Church Today
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 08 July 2003 :  18:01:03  Show Profile  Send ruirib a Yahoo! Message
quote:
Originally posted by ROB

Works beautifully. I've integrated it with the version of search.asp optimized for SQL Server and it's sweet. Thanks D3mon!


Well I guess you could provide a link to that. Other people may be interested in it.


Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

PeeWee.Inc
Senior Member

United Kingdom
1893 Posts

Posted - 09 July 2003 :  18:12:03  Show Profile  Visit PeeWee.Inc's Homepage
http://www.bigblueball.com/forums/search.asp?mode=DoIt&Search=test&andor=1&Forum=0&SearchMessage=0&SearchDate=0&SearchMember=0

De Priofundus Calmo Ad Te Damine
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 09 July 2003 :  18:48:02  Show Profile  Send ruirib a Yahoo! Message
PeeWee what are you trying to do? That's a link to a search that returns a zillion posts?!


Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

MarcelG
Retired Support Moderator

Netherlands
2625 Posts

Posted - 22 July 2003 :  10:54:00  Show Profile  Visit MarcelG's Homepage
D3Mon, ...I installed your version, and now I have the following problem:

If a search is done, for which there are more results than can be shown on one page, you can select the page from the dropdown list...
However, if you select another page, you are not redirected to that page.
Example: (sorry, it is intranet, so these links don't work here).
Original search url:
http://nlzum140.nl.int.atosorigin.com/forum/search.asp?mode=DoIt&Search=test&andor=1&Forum=0&SearchMessage=0&SearchDate=0&SearchMember=0
Then, I select page 2:
http://nlzum140.nl.int.atosorigin.com/forum/search.asp?Search=test&andor=1&Forum=0&SearchMessage=0&SearchDate=0&SearchMember=0&whichpage=2

I seem to be missing the mode=DoIt& part in the new url.....however, I cannot seem to find out where this is done....
please help

portfolio - linkshrinker - oxle - twitter

Edited by - MarcelG on 25 July 2003 05:16:53
Go to Top of Page
Page: of 2 Previous Topic Topic Next Topic  
Next Page
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.3 seconds. Powered By: Snitz Forums 2000 Version 3.4.07