Querystring issue

[Simon Gare]

Hi all,

is there anyway of separating a string by either a space or + sign, I have
an sms.asp page that receives a string in this format below

http://acompany.co.uk/online/intern...813579×tamp=2007-04-07+03:56:42&text=19+david

the last part text= I need to split into 2 parts I need to read the first
part 19 and match that to the db and then deal with the name David, I have
tried everything, is there anyway of doing this even if the string read
text=19+david if there was a way of separating the two.

Thanks in advance.

Regards
Simon Gare
The Gare Group Limited

website: www.thegaregroup.co.uk
website: www.privatehiresolutions.co.uk

 

[Evertjan.]

Simon Gare wrote on 08 apr 2007 in
microsoft.public.inetserver.asp.general:

Hi all,

is there anyway of separating a string by either a space or + sign, I
have an sms.asp page that receives a string in this format below

http://acompany.co.uk/online/internal/InboundSms.asp?api_id=2920893&fro
m=447912956700&to=447624813579×tamp=2007-04-07+03%3A56%3A42&text=19%2Bd
avid

the last part text= I need to split into 2 parts I need to read the
first part 19 and match that to the db and then deal with the name
David, I have tried everything, is there anyway of doing this even if
the string read text=19+david if there was a way of separating the
two.

============= test.asp ======================
<% 'vbscript

if request.querystring("text").count=1 then
a = split(request.querystring("text"),"%2B")
response.write a(0) & "<br>"
response.write a(1) & "<br>"
end if

%>

<form method='get'>
<input name='text' value='19%2Bdavid'>
<input type='submit'>
</form>
==============================================

 

[Simon Gare]

Thanks Evertjan,

how would the insert query look, below is what I have now but how would I
split that when entering the data 19 into 1 field and David into another?

Dim api_id
Dim sentfrom
Dim timestamp
Dim text


api_id = ParseString(Request.Querystring("api_id"))
from = ParseString(Request.Querystring("from"))
timestamp = Request.Querystring("timestamp")

text = ParseString(Request.Querystring("text"))


sql = "insert into dbo.SMSAPI (api_id,SentFrom,text,timestamp) values ("&
api_id &","& from &",'"& text &"','"& paxname &"',getdate())"


Thanks in Advance

Simon

 

[Evertjan.]

Simon Gare wrote on 09 apr 2007 in
microsoft.public.inetserver.asp.general:

Thanks Evertjan,

[Please do not toppost on usenet]

how would the insert query look, below is what I have now but how
would I split that when entering the data 19 into 1 field and David
into another?

Dim api_id
Dim sentfrom
Dim timestamp
Dim text


api_id = ParseString(Request.Querystring("api_id"))

What is ParseString() ?????????

from = ParseString(Request.Querystring("from"))
timestamp = Request.Querystring("timestamp")

text = ParseString(Request.Querystring("text"))


sql = "insert into dbo.SMSAPI (api_id,SentFrom,text,timestamp) values
("& api_id &","& from &",'"& text &"','"& paxname &"',getdate())"

DANGEROUS! entering querystring strings directly in a SQL
is asking for SQL Injection/Insertion Attacks.
[read up on Insertion Attacks on the web!]

Do as I showed you extracting the two strings:

a = split(request.querystring("text"),"%2B")

Then test the resulting strings for Insertion Attack characters,
and if all is well set them into the SQL strings as you do above with
"from" etc.

Thanks in Advance

Simon

 

[Simon Gare]

Sorry Evertjan its not working, need to match the first part of the
querystring against one table i.e. 19 and enter the second part i.e. David
into another table along with other info.

Sorry to be a pain but cannot separate the 2 apart even with your solution,
more assistance would be greatly appreciated.

Regards
Simon

Simon Gare wrote on 09 apr 2007 in
microsoft.public.inetserver.asp.general:

Thanks Evertjan,

[Please do not toppost on usenet]

how would the insert query look, below is what I have now but how
would I split that when entering the data 19 into 1 field and David
into another?

Dim api_id
Dim sentfrom
Dim timestamp
Dim text


api_id = ParseString(Request.Querystring("api_id"))

What is ParseString() ?????????

from = ParseString(Request.Querystring("from"))
timestamp = Request.Querystring("timestamp")

text = ParseString(Request.Querystring("text"))


sql = "insert into dbo.SMSAPI (api_id,SentFrom,text,timestamp) values
("& api_id &","& from &",'"& text &"','"& paxname &"',getdate())"

DANGEROUS! entering querystring strings directly in a SQL
is asking for SQL Injection/Insertion Attacks.
[read up on Insertion Attacks on the web!]

Do as I showed you extracting the two strings:

a = split(request.querystring("text"),"%2B")

Then test the resulting strings for Insertion Attack characters,
and if all is well set them into the SQL strings as you do above with
"from" etc.

 

[Evertjan.]

Simon Gare wrote on 10 apr 2007 in
microsoft.public.inetserver.asp.general:

Sorry Evertjan its not working, need to match the first part of the
querystring against one table i.e. 19 and enter the second part i.e.
David into another table along with other info.

Sorry to be a pain but cannot separate the 2 apart even with your
solution, more assistance would be greatly appreciated.

Regards
Simon

Simon Gare wrote on 09 apr 2007 in
microsoft.public.inetserver.asp.general:

Thanks Evertjan,

[Please do not toppost on usenet]

If you keep on toposting I will not go on with this thread.

 

[Anthony Jones]

Hi all,

is there anyway of separating a string by either a space or + sign, I have
an sms.asp page that receives a string in this format below

http://acompany.co.uk/online/intern...813579×tamp=2007-04-07+03:56:42&text=19+david

the last part text= I need to split into 2 parts I need to read the first
part 19 and match that to the db and then deal with the name David, I have
tried everything, is there anyway of doing this even if the string read
text=19+david if there was a way of separating the two.

Thanks in advance.

Regards
Simon Gare
The Gare Group Limited

website: www.thegaregroup.co.uk
website: www.privatehiresolutions.co.uk

aText = Split(Request.QueryString("text"), "+")

aText(0) will be "19" and aText(1) will be "david"

The %2B is an escape code for + because + is used converted to space by some
url encoders.

I think what you really need to do is make sure the code that generated the
URL in the first place does so in a consitent manner.