Simplify SQL (and other funky strings) by using a web page element.
Simplify SQL (and other funky strings) by using a web page element.
Simplify SQL (and other funky strings) by using a web page element.
Simplify SQL (and other funky strings) by using a web page element.
Simplify SQL (and other funky strings) by using a web page element.
Simplify SQL (and other funky strings) by using a web page element. Simplify SQL (and other funky strings) by using a web page element. Simplify SQL (and other funky strings) by using a web page element. Simplify SQL (and other funky strings) by using a web page element. Simplify SQL (and other funky strings) by using a web page element. Simplify SQL (and other funky strings) by using a web page element. Simplify SQL (and other funky strings) by using a web page element. Simplify SQL (and other funky strings) by using a web page element.
Simplify SQL (and other funky strings) by using a web page element. Simplify SQL (and other funky strings) by using a web page element.
Simplify SQL (and other funky strings) by using a web page element.
Go Back  Xtreme Visual Basic Talk > > > Simplify SQL (and other funky strings) by using a web page element.


Reply
 
Thread Tools Display Modes
  #1  
Old 12-10-2013, 02:18 AM
A-Dam A-Dam is offline
Junior Contributor
 
Join Date: Nov 2002
Posts: 361
Default Simplify SQL (and other funky strings) by using a web page element.


Tell me if:
this is common knowledge
or
there's an easier way
or
why it's bad.

We've all gone through the fun of creating strings in script. If you have a complex SQL statement with functions and comparison operators, it looks gnarly enough in a query editor. Then to assign it to a string variable in script, you have to deal with special chars like quote and doublequote. And since &ampersands and +plus signs are both string concatenators, they might cause problems. And to make line breaks, maybe for msgbox output, we use vbCrLf. We can tweek the string and check it with debug.print then see if it "works".

I've made plenty of code like newstring = "string" & vbCrLf & ""quoted string"" & "whatever".

There's plenty of tricks:
Double up every quote/doublequote or use chr(34).
Use find/replace in a text or code editor.
Use the Replace() function.

But if you are scripting on a web page, you can use an element (tag) to hold and assign a string exactly as is.

The example uses a <comment> tag because it naturally doesn't render, but you can use other tags (like <p>) and set the style="display:none".

Example:

Code:
<html>
<head><title></title></head>
<body>
<script language="VBScript">
<!--
sub stringfromtag()
	dim tagstr

	tagstr = commInput.innerHTML
	divOutput.innerText = tagstr
	msgbox len(tagstr)
end sub
-->
</script>

<comment id="commInput">'a	" bc
de   ; f</comment>

<button onclick="stringfromtag()">Fill DIV with String</button>
<div id="divOutput"></div>
</body>
</html>
Between the start and end tags of the comment element is a string 17 chars long, including a tab, a CrLf, and 3 spaces in a row. Just make sure the start/end tags are together on the same line:

<comment></comment>

and anything you paste between them will be preserved, including all the whitespace and even html tags.

I've only tried this with notepad and my browsers; if you open/edit/save web pages with special editors, there's no telling what they might do.

I did a little searching, but didn't find anyone employing this method.
What do you think?
__________________
It looks like ketchup; it tastes like ketchup; but brother, it ain't ketchup!
Reply With Quote
  #2  
Old 12-10-2013, 04:10 AM
PlausiblyDamp's Avatar
PlausiblyDampSimplify SQL (and other funky strings) by using a web page element. PlausiblyDamp is offline
Ultimate Contributor

Forum Leader
* Expert *
 
Join Date: Nov 2003
Location: Newport, Wales
Posts: 2,055
Default

If you are doing any kind of sql using string concatenation then you are causing problems for yourself regardless, this will cause security issues (e.g. SQL Injection attacks) and problems with legitimate input (e.g. names like O'Dowd) - tricks to solve this often just push the problem elsewhere and don't solve it entirely.

SQL should be done with parametrised sql, stored procs or a decent ORM that takes care of this for you.

Including SQL code in the html that is visible to the browser is also a big security risk as you are revealing column and table names, possible schema names and even database logic such as joins and modification requirements.
__________________
Intellectuals solve problems; geniuses prevent them.
-- Albert Einstein

Posting Guidelines Forum Rules Use the code tags
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump

Advertisement:





Free Publications
The ASP.NET 2.0 Anthology
101 Essential Tips, Tricks & Hacks - Free 156 Page Preview. Learn the most practical features and best approaches for ASP.NET.
subscribe
Programmers Heaven C# School Book -Free 338 Page eBook
The Programmers Heaven C# School book covers the .NET framework and the C# language.
subscribe
Build Your Own ASP.NET 3.5 Web Site Using C# & VB, 3rd Edition - Free 219 Page Preview!
This comprehensive step-by-step guide will help get your database-driven ASP.NET web site up and running in no time..
subscribe
Simplify SQL (and other funky strings) by using a web page element.
Simplify SQL (and other funky strings) by using a web page element.
Simplify SQL (and other funky strings) by using a web page element. Simplify SQL (and other funky strings) by using a web page element.
Simplify SQL (and other funky strings) by using a web page element.
Simplify SQL (and other funky strings) by using a web page element.
Simplify SQL (and other funky strings) by using a web page element. Simplify SQL (and other funky strings) by using a web page element. Simplify SQL (and other funky strings) by using a web page element. Simplify SQL (and other funky strings) by using a web page element. Simplify SQL (and other funky strings) by using a web page element. Simplify SQL (and other funky strings) by using a web page element. Simplify SQL (and other funky strings) by using a web page element.
Simplify SQL (and other funky strings) by using a web page element.
Simplify SQL (and other funky strings) by using a web page element.
 
Simplify SQL (and other funky strings) by using a web page element.
Simplify SQL (and other funky strings) by using a web page element.
 
-->