I am passing variable ('PortalContentId')between pages that at some point this variable save in database. This is the syntax:
classViewAds.asp?catID=6&PortalContentId=1
If a user will change the value then my database will be populated with wrong data. lets say: classViewAds.asp?catID=6&PortalContentId=foo How to prevent that.
OWM, thanks for the quick reply, but this not help me much I guess my problem is not about the type of the datatype. the point is that the value of this variable can be change by any user (changing the url), so I will end up with wrong data in my table. Beside of that, user can insert large size variable which can cause to database error.
you will need to do some checking before inserting to check for size and such. instead of passing the value in the querystring, why not pass the value in a form?
quote:OWM, thanks for the quick reply, but this not help me much I guess my problem is not about the type of the datatype.
You're wrong, you always should check the data before inserting it into the database for both the correct type and allowed values because it may cause errors. I also recommend using a form to pass the data.
Checking the size is a good idea and will solve the problem with inserting large size. bTW: The basic Classified mod actually does not checking size..
Passing it by the form needs much more planning and I guess much more difficult to implement then passing it by querystring. my work is to integrate the Portal with Classified mod
Topic Locked
Posted - 22 August 2003 : 03:45:19
