Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Store asp script in database 1

Status
Not open for further replies.

tchaplin

Programmer
Jul 18, 2003
58
NZ
I have a situation where I don't wish to totally redesign a website Some comments refer to one domain name and others to another domain name. Eg New Zealand and Australia.

<% if session("CurrencyCode") = "NZD" then %>
New Zealand
<% else %>
Australia
<% end if %>

I wish to store this statement in a field associated with comments. To have this effect

NZ Domain name
"The gift basket from New Zealand...."

Aus Domain Name
"The gift basket from Australia...."

It will only be used for several items

Thansks for your comments and time

Todd




 
This is what i am entering in to teh database field

But still nothing

...selection of delightful treats from
<% if session("CurrencyCode") = "NZD" then
<Response.Write "NewwZ">
else
Response.Write "AUS"
end if %>
. Accompanied by the ...
 
I have simplified the code down to - entered into the db field Still Not Working - it will just be a string thing But what hehehe It can be frustrating

what ever & "<% Response.Write "Hello World." %>" & " the code to a s
 
You can't enter ASP code into a database field and have it processed at the server and rendered by the browser. Doesn't work that way.

If it's only for a few items then stick that perfectly functional code you have in the pages in question and run it off the session variable value.

 
I didnt see anything about a database in any of your code.
 
That’s right I was intending to white the code into a database field. When it was retrieved I was hoping it could be executed. However I’ve been told through the above post that it doesn't work that way. So will have to insert the code with in the pages its self.

Thanks for your time
 
Well technically you can do it but it leads to so many potential security problems that its best to pretend that you can't and find a different technique.
 
Well technically you can do it [/code]

Ok. Give me (us) the fast lesson if you have the time- I didn't think it was possible and I'm curious.
 
Doing this opens you up to the same kinds of security problems associated with SQL Injection except, with this technique it is your web server that could execute a bad command instead of your database server... even the dumbest of script-kiddies will try [tt]del c:\*.*[/tt] which could be a problem depending on if you also changed the default security model away from the IUSR_<machinename> account.

This will get you started:

This is a safer way to almost do the same thing:
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top