开发者

Can we use Request.QueryString in classic ASP if using URL masking?

I'm writing a website for a local club of ours. I've got all the site written in ASP linked to our backend SQL server and it works lovely. I want to create player profiles now. Normally I would use "(a href=playerdetails.asp?ID=1) Player 1 (/a)" then in the ASP section of 开发者_如何学Cthe page use strsql = "SELECT * FROM Players Where ID=" & request.querystring("ID").

However, this is where my problems starts. To save money for the club, I am also hosting the site for them on my private domain. We have registered there domain and instead of paying for hosting, we're just redirecting the traffic via the domain registers URL forwarding, using masking. Therefore instead of the URL saying www.mydomain.com/club/ it says www.club.com.

Thus the original question... Can I use request.querystring with the setup we have? If not, is there a way around it as the club doesn't really have the budet for a hosted site with SQL in the backend.

Thanks in advance,

Paul.

PS <'s in the link replaced with ('s to display correctly.


A couple of things:

URL Masking uses frames to hide the actual URL. You can still use query string values in the URL, however you will not see the URL in the address bar change, because it will always be www.club.com do to the URL masking.

http://en.wikipedia.org/wiki/Domain_Masking

Second you are opening up your site to SQL injection attacks:

  • NEVER trust user input
  • NEVER use Request.QueryString or Request.Form in SQL states without filtering out bad characters and keywords.

http://en.wikipedia.org/wiki/SQL_injection

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜