Thread: Loopadd problem
View Single Post
  #10 (permalink)  
Old August 24th, 2008, 12:56 AM
beetle_jaipur beetle_jaipur is offline
Authorized User
 
Join Date: Feb 2006
Location: jaipur, rajasthan, India.
Posts: 67
Thanks: 7
Thanked 0 Times in 0 Posts
Send a message via Yahoo to beetle_jaipur
Default

ok, now i got the problem,

i am resending that tabid, optid, and linkid with query string and probably that content is not probably properly cleaned before sending to server. like :

<%
dim LinkID, SubID, OptID
if Request.QueryString("LinkID")<>"" then
    LinkID = Request.QueryString("LinkID")
else
LinkID = ""
end if
%>

and i am using the same value which i received from querystring to send it to server, may be anyone is sending values through those tabid, linkid and optids, and i am not checking that values in some of the queries.

thanks for your suggestion, now will work on it.
and plz guide me on some of the questions:
1. should i use views instead of writing direct queries to code.
2. or should i use stored procedures to fetch data
3. should i use any sql account (guest sort of) to fire sql queries. who do not have any update or delete or insert rights.
4. from where i can get resources for proper sql server handling.
5. and is it possible to access those pages which are on server, but do not have any direct hyperlink visibility.

thanks a lot

ashok sharma

Reply With Quote