在查询字符串中传递百分号 [英] Passing percent sign in querystring
问题描述
我通过我的查询字符串传递一个sql字符串,用于下一页
capture。
例如: www.xxxxxxxx.com/index.asp?str=select *来自表格名称
喜欢''%doe%''
传递基本字符串工作正常。但是,当我使用LIKE语句时,
不起作用。我知道这是因为%符号,所以如何通过这个来翻译
,以便下一页获取百分号?
***通过开发人员发送的指南 http://www.developersdex.com ***
I am passing a sql string thru my querystring for the next page to
capture.
example: www.xxxxxxxx.com/index.asp?str=select * from table where name
like ''%doe%''
Passing a basic string works fine. But, when I use the LIKE statement it
does not work. I know it''s because of the % sign, so how do I translate
this thru, so that the following page picks up the percent sign?
*** Sent via Developersdex http://www.developersdex.com ***
推荐答案
" Joey Martin" <乔** @ infosmiths.net>写在留言中
新闻:OJ ************** @ TK2MSFTNGP14.phx.gbl ...
"Joey Martin" <jo**@infosmiths.net> wrote in message
news:OJ**************@TK2MSFTNGP14.phx.gbl...
我正在传递一个sql字符串通过我的查询字符串为下一页
捕获。
示例: www.xxxxxxxx.com/index.asp?str=select *来自表格,其中名称
喜欢''%doe%''
传递一个基本的字符串工作正常。但是,当我使用LIKE语句时,
不起作用。我知道这是因为%符号,所以我如何翻译
,以便下一页获取百分号?
I am passing a sql string thru my querystring for the next page to
capture.
example: www.xxxxxxxx.com/index.asp?str=select * from table where name
like ''%doe%''
Passing a basic string works fine. But, when I use the LIKE statement it
does not work. I know it''s because of the % sign, so how do I translate
this thru, so that the following page picks up the percent sign?
JavaScript解决方案:
var url =" www.xxxxxxxx.com/index.asp?str =" ;;
var sql =" SELECT * FROM table WHERE name LIKE''%doe%''" ;;
window.open(url + escape(sql),"","");
A JavaScript solution:
var url = "www.xxxxxxxx.com/index.asp?str=";
var sql = "SELECT * FROM table WHERE name LIKE ''%doe%''";
window.open(url + escape(sql),"","");
好吧,希望你只在网站的安全区域做这个,只有
管理员使用
无论你想将Server.URLEncode之前的那个字符串发送到
下一页
Server.URLEncode(YourSQLString)
>
它将对某些字符进行编码,以便它们可以完成...
您不必担心解码它,因为请求对象需要处理
" Joey Martin" <乔** @ infosmiths.net>写在留言中
新闻:OJ ************** @ TK2MSFTNGP14.phx.gbl ...
well, hopefully your only doing this in a secure area of the site that only
admins use
regardless you want to Server.URLEncode that string before you send it to
the next page
Server.URLEncode(YourSQLString)
it will encode certaint characters so they make it over ok...
you dont have to worry about decoding it as the request object takes care of
that
"Joey Martin" <jo**@infosmiths.net> wrote in message
news:OJ**************@TK2MSFTNGP14.phx.gbl...
我正在传递一个sql字符串通过我的查询字符串为下一页
捕获。
示例: www.xxxxxxxx.com/index.asp?str=select *来自表格,其中名称
喜欢''%doe%''
传递一个基本的字符串工作正常。但是,当我使用LIKE语句时,
不起作用。我知道这是因为%符号,所以我如何翻译
,以便下一页获取百分号?
***通过Developersdex发送< a rel =nofollowhref =http://www.developersdex.comtarget =_ blank> http://www.developersdex.com ***
I am passing a sql string thru my querystring for the next page to
capture.
example: www.xxxxxxxx.com/index.asp?str=select * from table where name
like ''%doe%''
Passing a basic string works fine. But, when I use the LIKE statement it
does not work. I know it''s because of the % sign, so how do I translate
this thru, so that the following page picks up the percent sign?
*** Sent via Developersdex http://www.developersdex.com ***
嘿Joey,
i认为在查询中编写整个sql语句是个坏主意 -
你是开放的sql注入攻击等。您的所有用户都必须这样做
是替换删除选择,嘿presto,您的表是空的(除非您已经拒绝了您的数据库用户帐户的删除权限) )....
问候,
Jon。
" Kyle Peterson"写道:
Hey Joey,
i think writing the whole sql statement in the querysting is a bad idea -
you are open to sql injection attacks and the like. All your user has to do
is substitute delete for select, and hey presto, your table is empty (unless
you''ve denied delete rights on your db user account)....
regards,
Jon.
"Kyle Peterson" wrote:
好吧,希望你只在网站的安全区域做这个,只有
管理员使用
无论你想要服务器。 URLEncode将该字符串发送到下一页之前
Server.URLEncode(YourSQLString)
它会对某些字符进行编码,这样它们就可以完成它了。 。
你不必担心解码它,因为请求对象负责
" Joey Martin" <乔** @ infosmiths.net>在消息中写道
新闻:OJ ************** @ TK2MSFTNGP14.phx.gbl ...
well, hopefully your only doing this in a secure area of the site that only
admins use
regardless you want to Server.URLEncode that string before you send it to
the next page
Server.URLEncode(YourSQLString)
it will encode certaint characters so they make it over ok...
you dont have to worry about decoding it as the request object takes care of
that
"Joey Martin" <jo**@infosmiths.net> wrote in message
news:OJ**************@TK2MSFTNGP14.phx.gbl...
我通过查询字符串传递一个sql字符串为下一页
捕获。
示例: www.xxxxxxxx.com/index.asp?str=select *来自表格名称
喜欢''%doe%''
传递基本字符串工作正常。但是,当我使用LIKE语句时,
不起作用。我知道这是因为%符号,所以我如何翻译
,以便下一页获取百分号?
***通过Developersdex发送< a rel =nofollowhref =http://www.developersdex.comtarget =_ blank> http://www.developersdex.com ***
I am passing a sql string thru my querystring for the next page to
capture.
example: www.xxxxxxxx.com/index.asp?str=select * from table where name
like ''%doe%''
Passing a basic string works fine. But, when I use the LIKE statement it
does not work. I know it''s because of the % sign, so how do I translate
this thru, so that the following page picks up the percent sign?
*** Sent via Developersdex http://www.developersdex.com ***
这篇关于在查询字符串中传递百分号的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
