Pass value to asp page

[emuye]

I would like to pass the value and get the result from the database using asp code.how could i pass the value from here and get the result from the database.how complicated would be my asp code.not much experince with asp.


<select name="dropdownList">
<option selected value="default"> Please select an option </option>
<option value="year2003"> 2003</option>
<option value="year2004"> 2004</option>
<option value="year2005"> 2005</option>
ect
<select>

 

[Lothario]

something like this:

'get your dropdown data

valselected=Request.Form("dropdownlist")

'make your db connection
'create a recordset

'SQL query

SELECT * FROM yourtable Where youryear='"&valselected&"'

let me know if you need further assistance

-L

 

[snowboardr]

You also want to check the value of valselected to make sure there is no ' this will cause a problem with your query. Replace all ' with ''

jason

www.sitesd.com
ASP WEB DEVELOPMENT

 

[Lothario]

Jason,

his values are 2003, 2004, 2005 and so on...so i dont think there is need for him to check for the apostrophe '

Thanks

-L

 

[Genimuse]

Unfortunately if you're really trying to protect against SQL injection, you do have to validate that the values are what you expect, since it's easy enough to post data directly without using the form.

It's good policy, anyway. Maybe too much for someone who is just learning.

 

[Genimuse]

(To clarify, no, there's no need to replace single-quotes with double single-quotes, since the SQL contains no single quotes anyway (you only need to do that if you're putting them in yourself because your sql contains strings), but verifying that they're numbers is good sql injection protection.)