onClick Passing parameters

jmss66 · April 24th, 2012, 12:16 PM

I have a table with several records. The user clicks on one of the records and passes the information to another asp page. I am not sure if I am passing the record correctly. Some might offer a an HREF but I can't seem to get it to work so I went with onClick but then it's not doing anything. Here is my code, maybe someone can see what I am doing wrong. Thanks in advance...

Code:

do while not oRSMem.EOF
  Response.Write "<CENTER>"
 Response.Write _
 "<TABLE BORDER=""1"" CELLSPACING=""3"" CELLPADDING=""3"" WIDTH=""90%"">" & _
 "   <TR onmouseover=""ChangeColor(this, true);"" onmouseout=""ChangeColor(this, false);"" onClick=""window.location.replace('Directory_Display.asp?Estimate=""oRSMem(""SSN"")""');"">" & _
  "<TD>" & "<b>" & oRSMem("FamilyName") &"</TD>" & "</b>"  & _
  "<TD>" & "<b>" & oRSMem("GivenName") & "</TD>" & "</b>"  & _
  "<TD>" & "<b>" & oRSMem("SSN") & "</TD>" & "</b>"
 Response.Write "</TR>"
 
    Response.Write "</TABLE>"
  Response.Write "</CENTER>"
  oRSMem.MoveNext
  Loop

Imar · April 24th, 2012, 02:21 PM

Take a look at this:

Code:

 
onClick=""window.location.replace('Directory_Display.asp?Estimate=""oRSMem(""SSN"")""');"">" & _

You're not adding the value of the record set, but embedding its name as a literl. Try this:

Code:

onClick=""window.location.replace('Directory_Display.asp?Estimate=""" & oRSMem("SSN") & """');"">" & _

or

Code:

href=""Directory_Display.asp?Estimate=" & oRSMem("SSN") & """>" & _

Hope this helps,

Imar

jmss66 · April 24th, 2012, 03:09 PM

Hi Imar, thanks for giving me options. Both codes were not doing anything but after revising the code. This is what I have come up and it worked.

onclick="window.location.replace('Directory_Redire ct.asp?Estimate=<%=oRSMem("SSN")%>');">

Here's another issue. After making it work, I realized that it's passing a sensitive information and displaying it in the URL. Is there a way to hide the parameter which in this case, the SSN so it won't he intercepted?

Thanks.

Imar · April 24th, 2012, 05:13 PM

Oh, yes, that makes perfect sense. Forgot that; sorry.....

Quote:

Is there a way to hide the parameter which in this case, the SSN so it won't he intercepted?

Not really. You are outputting it in the wild, so it can be seen. You could protected the site with SSL to make the data less readily available.

A few alternatives:

1. Pass around another unique key

2. Store the data in a session variable and redirect

3. Encrpt the data before you append it to the query string.

Hope this helps,

Imar

disel2010 · April 25th, 2012, 04:34 AM

Just wanted to add one option to Imar's list:

4. submit a hidden form with javascripts

jmss66 · April 25th, 2012, 08:35 AM

Can you please direct me to a link or give me a sample of a hidden form?
I went with Imar's second suggestion but would be curious to see how a hidden form works.

Thanks to both of you.

disel2010 · April 25th, 2012, 09:12 AM

Hi,

something like this should work:

Code:

<html>
<head>
<script language="javascript">
	function passParamsByForm(prmName,prmVal)
	{
		document.hForm.paramName.value = prmName;
		document.hForm.paramValue.value = prmVal;
		document.hForm.submit();
	}
</script>
</head>
<body>
<form name="hForm" action="Directory_Display.asp" method="post">
	<input type="hidden" name="paramName" value="0" />
	<input type="hidden" name="paramValue" value="0" />
</form>
<a href="javascript:passParamsByForm('Estimate',12)">SSN</a>
</body>
</html>

jmss66 · May 1st, 2012, 11:54 AM

Thanks disel, this helped a lot. It gave me an idea on how to go about coding it.