Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Parse URL String to SQL

Status
Not open for further replies.
primagic

primagic

IS-IT--Management
Jul 24, 2008
476
GB
How would one parse an example of the following sql string to a table in my database:

Code: 
IP_ADDRESS=10.10.10.10&LOAN_VAL=200000&CCJ=YES&IVA=YES&MISS_PYMT=YES&EST_VAL=1500000&PROP_DESC=HOUSE&PROP_PURP=PRIMARY&PROP_STYLE=TERRACE&SELF_CERT=YES&TIME_TO_APPLY=1_2WEEKS&BKCY=YES&OCC_STAT=EMPLOYED&CRED_GRADE=&LOAN_TYPE=ADJUSTABLE&PROP_COUNTY=Essex&PROP_POSTCODE=B92%209DP&BAL_ONE=500000&OTHER_DEBT=YES&UNSECURED_DEBT_AMOUNT=30000&SECURED_LOAN_AMOUNT=10000&TITLE=MR&FNAME=Joseph&LNAME=Grecko&DOBMM=11&DOBDD=20&DOBYYYY=1964&PRI_PHON=02075181524&PREF_CALLTIME=MORNING_PRIMARY&EMAIL=test@lptest.com&ADDRESS1=8704%20Hamsons&ADDRESS2=Apt%20#123&CITY=Solihull&COUNTY=Essex&POSTCODE=B92%209DP&SEC_PHON=07769779823&DOB=30/05/1976
 
Sort by date Sort by votes
Don't do this. Seriously. If you send data directly from a query string to the database, you expose yourself to SQL Injection.

Instead, you should be parsing the query string using your front end language, and validating the data before sending to the database.

You should make sure boolean values are limited to true/false. Numbers should be restricted to 0-9, the decimal and a negative sign. Phone numbers should be validated for length. Dates? Make sure they are valid also. The more validation you do on your data, the better your database will be, and the more valuable it will be. Trust me on this.

Once you parse the data to do your validation, it will be simpler to put the data in to the database using the parsed values.

-George
Microsoft SQL Server MVP
My Blogs
SQLCop
"The great things about standards is that there are so many to choose from." - Fortune Cookie Wisdom
 
Upvote 0 Downvote
As George says, do this on the front end for many reasons. Also, parsing on the front end will be much easier than using SQL to do it. Many languages have a Split() method which would make parsing this a breeze.
 
Upvote 0 Downvote
Ok I have never done this before so I take all your comments on board. I am using access as a front end so I presume I would need to execute something in vba. Any ideas on where to start, any useful websites/articles to browse?

I also will need to do this in asp.net at some point to.
 
Upvote 0 Downvote
I can definately help you with .NET. Access I don't have much experiece with. I would assume that in .NET is is much easier with all the string functions available in the framework, whereas VBA will be much more limited.
When you do it .net and need any help, post in that forum and there are many people there to help.
 
Upvote 0 Downvote
There are also a VBA forum and an Access Modules forum.

djj
The Lord is my shepherd (Psalm 23) - I need someone to lead me!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

V
  • Locked
  • Question
xp_cmdshell vs psexec - this SQL server forgets credential to an W10 share
Replies
0
Views
510
Volvere
V
gbaughma
  • Locked
  • Question
SQL Performance
Replies
11
Views
527
pjw001
pjw001
elly00
  • Locked
  • Question
create sql view using batch file
Replies
5
Views
318
Mike Lewis
Mike Lewis
Cpreston
  • Locked
  • Question
Seconds to minutes 2
Replies
5
Views
795
Chris Miller
Chris Miller
grnzbra
  • Locked
  • Question
T-SQL Dialog Box
Replies
8
Views
288
Chris Miller
Chris Miller

Part and Inventory Search

Sponsor

Back
Top