Develop Reference

How to Pass Parameter to Frameset Using ASP

I have an ASP page called map.asp and in it I have a dynamically generated table with links to detailed node and utilization information. However, I need to pass this information to a frameset. It currently is code like this:
<a href='gauge-frame.asp?nodeid=<%response.write rsnetdevices("nodeid")%>'
where gauge-frame.asp looks like this:
<frame src="details.asp?nodeid=<%response.write rsnetdevices("nodeid")%>">
However, I'm getting a "Page cannot be displayed error".
Suggestions on how to fix are appreciated.
Dale
============================
Below is maptest.asp
<%
Option Explicit
Dim rsSolarWinds, conn, rsnetdevices, nodeid
nodeid = Request.QueryString("nodeid")
set Conn=Server.CreateObject("ADODB.Connection")
set rsSolarWinds = server.CreateObject("ADODB.Recordset")
Conn.open "Provider=sqloledb;Server="";Initial Catalog=Skynet;
set rsnetdevices = conn.Execute ("SELECT Caption AS NodeName, nodeid, category, substring(statusdescription, 16,4) as nodedown " _
& " from nodes " _
& " where category = 'Infrastructure' or caption like '%intswt%' or caption like '%intrtr%') " )
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<table class="gradienttable" cellspacing="0" border>
<tr>
<th colspan=4 style="font-size:7.5pt"; "font:small Verdana,Sans-serif";"font-family:Verdana" align="center">Network Devices</th>
</tr>
<tr>
<th style="font-size:7.5pt"; "font:small Verdana,Sans-serif";"font-family:Verdana" align="center">Node ID</th>
<th style="font-size:7.5pt"; "font:small Verdana,Sans-serif";"font-family:Verdana" align="center">Node Name</th>
<th style="font-size:7.5pt"; "font:small Verdana,Sans-serif";"font-family:Verdana" align="center">Node Status</th>
</tr>
<%do while not rsnetdevices.EOF%></do>
<tr>
<td width=8 style="font-size:7.5pt"; "font:small Verdana,Sans-serif";"font-family:Verdana" align="center">
<a href='gauge-frame.asp?nodeid=<%response.write rsnetdevices("nodeid")%>' target="_blank" title="Show Node Details")><%response.write rsnetdevices("nodeid")%></a>
</td>
<%rsnetdevices.MoveNext%>
<%loop%>
</tr>
</table>
</body>
</html>
And below is frame-gauge.asp
<%
Option Explicit
Dim rsnetdevices, conn, nodeid
nodeid = Request.QueryString("nodeid")
set Conn=Server.CreateObject("ADODB.Connection")
set rsnetdevices = server.CreateObject("ADODB.Recordset")
Conn.open "Provider=sqloledb;Server="";Initial Catalog=Skynet;"
set rsnetdevices = conn.Execute ("SELECT description, sysname, machinetype, type, devicerole, cpuload, substring(statusdescription, 16,4) as nodedown, substring(statusdescription, 16,2) as nodeup, " _
& " ip_address, dns, nextpoll, location, unmanaged, percentmemoryused, contact, lastboot, iosversion, cpucount, substring(description, 77, 53) as software " _
& " FROM Nodes " _
& " where Nodes.Nodeid = '" &nodeid & "' " )
%>
<html>
<head>
<Title>Network Device Information</title>
<frameset cols="48%,52%" frameborder="0">
<frame src="gauges.asp" scrolling="NO" marginheight=0 marginwidth=0 >
<frame src="details.asp?nodeid=<%response.write rsnetdevices("nodeid")%>">
</frameset>
</head>
</html>

#SearchAndResQ was correct in that nodeid was missing in the select statement.

I see an extra closing parenthesis at the end of the SQL in this section:
set rsnetdevices = conn.Execute ("SELECT Caption AS NodeName, nodeid, category, substring(statusdescription, 16,4) as nodedown " _
& " from nodes " _
& " where category = 'Infrastructure' or caption like '%intswt%' or caption like '%intrtr%') " )
As ullfindsmit commented, you need to disable the "Show Friendly Messages" misfeature in IIS, so it'll give you the actual line number and error message, not the totally useless and infuriating "page couldn't be displayed" message.

Passing Command Line Arguments To HTA Application

I have an HTA application I would like to run from a Command Prompt.
I've tried everything I could possibly think of and it's just not working!
It just launches the application and that's it.
From Command Prompt I run it with the full path as such:
C:\users\xxx\script.hta "arg1" "arg2"
which is essentially what I'm trying to accomplish here?
I've gone through numerous pages on here with similar issues but I guess I'm just not putting it together properly!
Here is the code:
<html>
<head>
<HTA:Application
ID="oHTA"
APPLICATIONNAME="MSI-BUILD"
Border = "NO"
Singleinstance ="YES"
BorderStyle = "Complex"
ShowInTaskBar = "YES"
MaximizeButton = "No"
MinimizeButton = "No"
scroll="NO"
VERSION="2"
/>
<script language = "VBScript">
Sub RunProgram
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8
Set objShell = CreateObject("Wscript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set WshShell = CreateObject("WScript.Shell")
strCurDir= WshShell.CurrentDirectory
StrARG = MSINAME.value
StrARG3 = FPath.value
strFolder = "D:\SMPSS\PROJECTS\"&MSINAME.value
Set oFSO = CreateObject("Scripting.FileSystemObject")
If Not oFSO.FolderExists(strFolder) Then
oFSO.CreateFolder strFolder
End If
objShell.Run "D:\SMPSS\MSI-2\1-newproject.vbs " & StrARG , 0, True
window.close()
End Sub
Sub Window_onLoad
Self.Resizeto 890, 300
document.title = oHTA.applicationName & " v" & oHTA.version
arrCommands = Split(oHTA.commandLine, chr(34))
For i = 3 to (Ubound(arrCommands) - 1) Step 2
Select Case arrCommands(i)
Case "arg1"
myarg1 = "This is argument 1."
Case "arg2"
myarg2 = "This is argument 2."
End Select
Next
MsgBox myarg1
MsgBox myarg2
End Sub
</script>
</head>
<body style="background-color: #b2b2f4">
<td>MSI-NAME:</td>
<td> </td>
<td style="overflow:hidden">
<td style="resize:none">
<td style="text-align:right">
<td style="width: 325px"><input type = "text" name = "MSINAME" id = "MSINAME" size="50" /></td>
<p>
<td>PATH:</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td style="overflow:hidden"></td>
<td style="resize:none"></td>
<td style="text-align:right"></td>
<td style="width: 325px"><input type = "text" name = "FPath" id = "FPath" value ="" size="50" /></td>
<td> </td>
</p>
<p>
<input id='submit' type="button" value="Submit" onClick="RunProgram"></td>
</p>
</body>
</html>

I figured it out the issue was having <meta http-equiv="x-ua-compatible" content="ie=9"> in my code once removed everything started working as it should thanks! Also the file wasn't saved as ANSI so it was having invalid character errors. Everything is working great now!

Microsoft VBScript runtime error '800a004c' Path Not Found

I am receiving this error after login: Microsoft VBScript runtime error '800a004c' Path not found /ppi/files.asp, line 23.
How do I fix error? See below:
SQL = "SELECT * FROM [rapid_prod].[dbo].[PPI] WHERE [UserName] ='" & Request.Form("txtUserName") & "'"
rs.Open SQL, Conn
If NOT rs.EOF Then
If (Request.Form("txtUserPass")) = rs("Passwd") Then
Session("TopUrl") = rs("PPI_Dir")
Dim propertyname, propertydir
propertyname = rs("Property_Name")
propertydir = rs("PPI_Dir")
rs.Close
Set rs = Nothing
Conn.Close
Set Conn = Nothing
Response.Redirect "/ppi/files.asp?property="& propertyname &"&fold="& propertydir
End If
End If
In relation to the above code, I am adding the file for the redirect. Here is the file.asp code below:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<%
If Request.QueryString("fold")= "" then
'pthFolder="/ppi/"
Response.Write("<center><br><br><br>There was either an error with your request<br> Or Your session timed out.<br><br><a href='../ppi.asp'>Return to the login page.</a></center>")
Else
'pthFolder=pthFolder&"/ppi/"&Request.QueryString("fold")
'pthFolder="/ppi/"&Request.QueryString("fold")
sTopUrl = "files.asp?fold="&Session("TopUrl")
pthFolder= Request.QueryString("fold")
Set fso=Server.CreateObject("Scripting.FileSystemObject")
'get all required info
sParentFolder=fso.GetParentFolderName(pthFolder)
If sParentFolder="" then sParentFolder="/"
If left(sParentFolder,1)="/" or left(sParentFolder,1)="\" then sParentFolder=Mid(sParentFolder,2)
sBackURL="files.asp?fold="&sParentFolder
dim FolderSize
FolderSize=0
Set Folder=fso.GetFolder(Server.MapPath(pthFolder))
'correct the pthFolder variable if it starts with a slash
'we will not be using the mappath method anymore, so we can discard the slash
If left(pthFolder,1)="/" or left(pthFolder,1)="\" then pthFolder=Mid(pthFolder,2)
'now, if the folder name does not end with a slash, then add a slash
If len(pthFolder)>0 and right(pthFolder,1)<>"/" and right(pthFolder,1)<>"\" then _
pthFolder=pthFolder&"/"
%>
<HTML>
<HEAD>
<title>PPI</title>
<link href="ppi.css" rel="stylesheet" type="text/css">
<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="./fancybox/jquery.mousewheel-3.0.2.pack.js"></script>
<script type="text/javascript" src="./fancybox/jquery.fancybox-1.3.1.js"></script>
<link rel="stylesheet" type="text/css" href="./fancybox/jquery.fancybox-1.3.1.css" media="screen" />
<link rel="stylesheet" href="style.css" />
<script type="text/javascript">
$(document).ready(function() {
$("a#example5").fancybox({
'titlePosition' : 'inside'
});
});
</script>
<script>
function newWindow(urlname)
{
var a=window.open(urlname,'winName',"top=100, left=100, width=680, height=520, scrollbars=no");
a.focus();
}
</script>
</HEAD>
<BODY>
<table width="760" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td valign="top" style="padding-bottom:20px;"><img src="img/banner.gif" width="760" height="133"></td>
</tr>
<tr>
<td valign="top">
<br><br>
<table width="760" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="568"><span class="body1">Viewing for: <b><a href="<% =sTopURL %>&property=<% = Request.QueryString("property") %>">
<% = Request.QueryString("property") %>
</a> /
<% If Request.Querystring ("subprop") <> "" then %>
<% If Request.Querystring ("level") = "eof" then %>
<a href="<% =sBackURL %>&property=<% = Request.QueryString("property") %>&subprop=<% = Request.QueryString("subprop") %>">
<% = Request.QueryString("subprop") %>
</a>
<% Else %>
<% = Request.QueryString("subprop") %>
<% End If %>
<% End If %>
</b></span> </td>
<td width="82" align="right">Logout</td>
</tr>
</table>
<br>
<% If Request.Querystring ("level") = "eof" then %>
<br>
<table width="720" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="347" class="body1">Vehicles for <b><% = Request.QueryString("month") %></b></td>
<td width="168" align="right"> </td>
</tr>
<tr>
<td colspan="2"><span class="smallprint">Click on thumbnail for larger view</span> <br>
<hr> </td>
</tr>
</table>
<%
' ---------------- START FILE VIEW -------------------------------
Dim ImagePath
ImagePath = Request.QueryString("fold")
Response.write "<table width=""680"" align=""center"" border=""0"">"
'iColumnSpan is used as a column counter
iColumnSpan=0
response.write "<tr>"
'If there are records then loop through the fields AND iColumnSpan <= IntPageSize
for each item in Folder.files
If iColumnSpan=4 Then
response.write "</tr><tr>"
iColumnSpan=0
End If
response.write "<td valign='top'>"
%>
<a id="example5" href="<%=ImagePath%>/<%=item.Name%>" title="<%=item.Name%>"><img src="<%=ImagePath%>/<%=item.Name%>" alt="Click To Enlarge" border="0" height="113" width="150" class="img"></a>
<!-- <img src="<%=ImagePath%>/<%=item.Name%>" alt="Click To Enlarge" border="0" height="113" width="150" class="img">--><br>
<span class="smallprint" style="padding-left:11px; display:block;"><%=item.Name%></span>
<br><br><br>
<%
response.write "</td>"
iColumnSpan=iColumnSpan + 1
next
response.write "</tr>"
Response.write "</table><br>"
' ---------------- END IMAGE VIEW -------------------------------
%>
<center><br><br></center>
<%
Else
' ---------------- START FOLDER VIEW ------------------------------- %>
<br>
<table width="680" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="247"><em>Folder</em></td>
<td width="303"><em>Last Modified</em></td>
</tr>
<tr>
<td colspan="2"><hr size=1></td>
</tr>
</table>
<table width="680" border="0" align="center" cellpadding="2" cellspacing="5" class="body1">
<tr valign="top">
<%
for each item in Folder.SubFolders
If right(item.Name,2) > "12" then
DirLabel = item.Name
SubProperty = item.Name
Else
FolderView = "eof"
SubProperty = Request.QueryString("subprop")
If right(item.Name,2) = "01" then DirLabel = "January " & left(item.Name,2) End If
If right(item.Name,2) = "02" then DirLabel = "February " & left(item.Name,2) End If
If right(item.Name,2) = "03" then DirLabel = "March " & left(item.Name,2) End If
If right(item.Name,2) = "04" then DirLabel = "April " & left(item.Name,2) End If
If right(item.Name,2) = "05" then DirLabel = "May " & left(item.Name,2) End If
If right(item.Name,2) = "06" then DirLabel = "June " & left(item.Name,2) End If
If right(item.Name,2) = "07" then DirLabel = "July " & left(item.Name,2) End If
If right(item.Name,2) = "08" then DirLabel = "August " & left(item.Name,2) End If
If right(item.Name,2) = "09" then DirLabel = "September " & left(item.Name,2) End If
If right(item.Name,2) = "10" then DirLabel = "October " & left(item.Name,2) End If
If right(item.Name,2) = "11" then DirLabel = "November " & left(item.Name,2) End If
If right(item.Name,2) = "12" then DirLabel = "December " & left(item.Name,2) End If
End If
%>
<td width="20" align="center"><img src="img/folder.gif" width="16" height="13"></td>
<td width="211"><%=DirLabel%></td>
<td width="308"><span class="smallprint"><%=item.DateLastModified%></span></td>
</tr>
<% Next %>
</table>
<br><br><br><br><br><br><br><br><br><br><br><br>
<%' ---------------- END FOLDER VIEW -------------------------------%>
<% End If %>
<br> </td>
</tr>
<tr>
<td align="center" valign="top"><br> </td>
</tr>
</table>
<br>
<%
function fit(text,length)
'function to make text fit a given length, so that it does not overflow the cell width.
If len(text)>(length-3) then
text=left(text,(length-3))
text=text&"..."
fit=text
else
fit=text
end if
end function
%>
</BODY>
</HTML>
<% End If %>

should the '**' be in your redirect url?
probably need more info really but the problem could be happening in the script that this one redirects to.

problem in retrieving records based on multiple form values from database in ASP?

I am not able to retrieve records from Oracle based on multiple inputs.
Here is my code:
Search.asp
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>SearchMDFnode</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#99CCFF">
<p align="center"><font color="#9966CC" size="5" face="Georgia, Times New Roman, Times, serif"><strong>Records</strong></font></p>
<style>
A:link {text-decoration: none;color: blue;}
A:visited {text-decoration: none;}
A:hover {text-decoration:underline; color: red;}
</style>
<script>
function updateDate(fname){
var instDate = showModalDialog('upd_date.html','Select Date','dialogHeight:375px;dialogWidth:287px;status:no;resizable:no;help:no;');
if (instDate == -1 || instDate == null){
alert("You did not select any date.")
fname.focus()
} else {
fname.value = instDate
}
}
function findNull(frm,tname,optnull,optorder){
var nfname = optnull.value
var ofname = optorder.value
frm.action = "MDFnodeDisplayTable.asp?opt=" + tname + "&nfield=" + nfname + "&order=" + ofname
frm.submit()
}
</script>
<form name="SearchMDFnode" action="Display.asp?opt=MDFnode" method="post">
<table width="68%" border="1" align="center" cellpadding="3" cellspacing="2">
<table width="94%" border="1" align="center" cellpadding="3" cellspacing="2">
<tr>
<td width="19%">CCP_CODE</td>
<td width="22%"><strong>
<select name="CCP_CODE" id="select4" title="BLOCK_HOUSE">
<option></option>
<option>AM</option>
<option>AR</option>
<option>BD</option>
<option>BP</option>
<option>CG</option>
<option>CT</option>
<option>CY</option>
<option>ES</option>
<option>GL</option>
<option>HG</option>
<option>JE</option>
<option>JR</option>
<option>JW</option>
<option>KT</option>
<option>NT</option>
<option>OC</option>
<option>PL</option>
<option>QT</option>
<option>TB</option>
<option>TP</option>
<option>TS</option>
</select>
</strong></td>
<td width="19%">NODE_SITE_ID</td>
<td width="40%"><strong>
<input name="NODE_SITE_ID" type="text" id="NODE_SITE_ID" size="10" maxlength="10" title="NODE_SITE_ID(max 7 digits)">
</strong></td>
</tr>
<tr>
<td>STREET_NAME</td>
<td><strong>
<input name="STREET_NAME" type="text" id="STREET_NAME" size="30" maxlength="30" title="STREET_NAME(max 30 digits)">
</strong></td>
<td>BUILDING_NAME</td>
<td><strong>
<input name="BUILDING_NAME" type="text" id="BUILDING_NAME" size="25" maxlength="25" title="BUILDING_NAME(max 7 digits)">
</strong></td>
</tr>
<tr>
<td height="38">BLOCK_HOUSE</td>
<td><strong>
<select name="BLOCK_HOUSE" id="select3" title="BLOCK_HOUSE">
<option></option>
<option>BLOCK</option>
<option>HOUSE</option>
</select>
</strong></td>
<td>BLOCK_DESC_NO</td>
<td><strong>
<input name="BLOCK_DESC_NO" type="text" id="BLOCK_DESC_NO" size="6" maxlength="6" title="BLOCK_DESC_NO(max 6 digits)">
</strong></td>
</tr>
<tr>
<td>REMARK</td>
<td><strong>
<input name="REMARK" type="text" id="REMARK" size="50" maxlength="50" title="REMARK(max 50 char)">
</strong></td>
<td>EQ_RM</td>
<td><strong>
<input name="EQ_RM" type="text" id="EQ_RM" size="3" maxlength="3" title="EQ_RM(max 6 digits)">
</strong></td>
</tr>
<tr>
<td>TYPE</td>
<td><strong>
<select name="EQ_TY" id="select" title="EQ_TY">
<option>CE</option>
<option></option>
</select>
</strong></td>
<td>CE_TY</td>
<td><strong>
<input name="CE_TY" type="text" id="CE_TY" size="10" maxlength="10" title="CE_TY(max 6 digits)">
</strong></td>
</tr>
<tr>
<td height="32">STATUS</td>
<td><strong>
<select name="STATUS" id="select2" title="EQ_TY">
<option></option>
<option>-</option>
<option>Site Survey</option>
<option>Survey Done</option>
<option>Document Sent</option>
<option>Equipment Installed</option>
<option>Commissioned</option>
<option>Cancelled</option>
</select>
</strong></td>
<td>NO</td>
<td><strong>
<input name="NO" type="text" id="NO" size="3" maxlength="3" title="NO (max 7 digits)">
<input name="UNIT_DESC_NO" type="text" id="UNIT_DESC_NO" size="2" maxlength="2" title="UNIT_DESC_NO (max 1 digits)">
<input name="NO_ME_CCTS" type="text" id="NO_ME_CCTS" size="2" maxlength="2" title="NO_ME_CCTS (max 2 digits)">
<input name="Rack" type="text" id="Rack" size="2" maxlength="2" title="Rack (max 1 digits)">
<input name="INSTALL_BY" type="text" id="INSTALL_BY" size="2" maxlength="2" title="INSTALL_BY (max 2 digits)">
</strong></td>
</tr>
<td height="32"><font color="#000000" size="3" face="Georgia, Times New Roman, Times, serif">Order By</font></td>
<td colspan="5"><select name="oMDFnode">
<option value="STATUS">STATUS</option>
<option value="NO">NO</option>
<option value="CCP_CODE">CCP_CODE</option>
<option value="CCP_CODE">NODE_SITE_ID</option>
</select>
<select name="orMDFnode" id="orMDFnode">
<option value="NO">NO</option>
<option value="STATUS">STATUS</option>
<option value="CCP_CODE">CCP_CODE</option>
<option value="CCP_CODE">NODE_SITE_ID</option>
</select>
<select name="ordMDFnode" id="ordMDFnode">
<option value="CCP_CODE">NODE_SITE_ID</option>
<option value="CCP_CODE">NO</option>
<option value="CCP_CODE">STATUS</option>
<option value="CCP_CODE">CCP_CODE</option>
</select></td>
</tr>
</table>
<p align="center">
<input type="submit" name="Submit" value="Search">
<input type="reset" name="reset" value="Clear">
</p>
</form>
<form name="commNull" method="post">
<tr>
<td height="56" colspan="4"><div align="center">
</div></td>
</tr>
</form>
</body>
</html>
Display.asp
<% option explicit %>
<!-- METADATA TYPE = "typelib" File = "c:\Program Files\Common Files\System\ado\msado15.dll" -->
<%
dim strTitle
dim strF, fname, ropt, j, i, sno, ropt1
dim objRS, strQuery, strConn, strSort,strQuery1
dim strHref
dim nodesiteid
'dim eq_ty
'ropt1 = request("opt1")
ropt = request("opt")
'eq_ty = request("EQ_TY")
nodesiteid = request("NODE_SITE_ID")
strQuery1 = request("NODE_SITE_ID")
Set objRS = Server.CreateObject("ADODB.Recordset")
strConn = "Provider=MSDAORA.1;Password=hr;User ID=hr;Data Source=xe;Persist Security Info=True"
strSort = ""
strF = "CCP_CODE, NODE_SITE_ID, STREET_NAME, BLOCK_HOUSE, BLOCK_DESC_NO, UNIT_DESC_NO, BUILDING_NAME, EQ_RM, EQ_TY, CE_TY , Rack, INSTALL_BY, STATUS, NO, RFS_DATE, REMARK, NO_ME_CCTS, NO_ME_CCTS" 'these were fields in sql table as well as input name in form
fname= split(strF,",",-1,vbtextcompare) 'split the above string to individual field
if trim(strQuery1) ="" then
strQuery = "select rowid,CCP_CODE, NODE_SITE_ID, STREET_NAME, BLOCK_HOUSE, BLOCK_DESC_NO, UNIT_DESC_NO, BUILDING_NAME, EQ_RM, EQ_TY, CE_TY , Rack, INSTALL_BY, STATUS, NO, RFS_DATE, REMARK, NO_ME_CCTS from MDF_NODE where CCP_CODE = CCP_CODE"
else
strQuery = "select rowid,CCP_CODE, NODE_SITE_ID, STREET_NAME, BLOCK_HOUSE, BLOCK_DESC_NO, UNIT_DESC_NO, BUILDING_NAME, EQ_RM, EQ_TY, CE_TY , Rack, INSTALL_BY, STATUS, NO, RFS_DATE, REMARK, NO_ME_CCTS from MDF_NODE where CCP_CODE = CCP_CODE and NODE_SITE_ID="
strQuery = strQuery & "'" & strQuery1 & "'"
end if
strSort = " order by " & request("oMDFnode") & "," & request("orMDFnode") & "," & request("ordMDFnode")
strTitle = "Summary of Carrier Ethernet Node"
if trim(request("nfield"))= "" then
j=0
for i= 0 to ubound(fname)
if request(fname(i)) <> "" then 'process if user input value in field
if j=0 then
strQuery = strQuery & " and " & fname(i) & " like '" & request(fname(i)) & "' " '1st field shd start with where clause
j = j + 1
else
strQuery = strQuery & " and " & fname(i) & " like '" & request(fname(i)) & "' " 'rest shd start with and clause
j = j + 1
end if
end if
next
strQuery = strQuery & strSort
else
strQuery = strQuery & " where " & trim(request("nfield")) & " is null order by " & trim(request("order"))
end if
objRS.Open strQuery, strConn,adOpenStatic,adLockOptimistic,adCmdText 'open recordset query oracle database
if objRS.eof then
objRS.close
set objRS = nothing
response.write "<script>alert('No Rows Selected')</script>" 'if eof mean NO data return
response.write "<script>history.back()</script>"
else
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>SdhTermDisplayTable2</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#99CCFF"><div align="center">
<p align="left"><strong>
<p> </p>
<p>
</p>
</strong>
<table width=945 align="center">
<tr class="nonPrint" height=30>
<td width="646" nowrap style="vertical-align:middle;font:bolder 12pt verdana;" >
<strong> <font size="4" face="Georgia, Times New Roman, Times, serif"> </font><font size="4" face="Georgia, Times New Roman, Times, serif">
Records/font></strong></td>
</table>
<strong>
<%
if trim(request("nfield"))= "" then
j=0
for i= 0 to ubound(fname)
if request(fname(i)) <> "" then 'process if user input value in field
if j=0 then
strQuery = strQuery & " where " & fname(i) & " like '" & request(fname(i)) & "' " '1st field shd start with where clause
j = j + 1
else
strQuery = strQuery & " and " & fname(i) & " like '" & request(fname(i)) & "' " 'rest shd start with and clause
j = j + 1
end if
end if
next
strQuery = strQuery & strSort
else
strQuery = strQuery & " where " & trim(request("nfield")) & " is null order by " & trim(request("order"))
end if
if objRS.eof then
objRS.close
set objRS = nothing
response.write "<script>alert('No Rows Selected')</script>" 'if eof mean NO data return
response.write "<script>history.back()</script>"
else
call drawHeader(ropt)
objRS.movefirst
sno = sno + 1
do until objRS.eof
call drawB(fname)
sno = sno + 1
objRS.movenext
loop
objRS.close
set objRS = nothing
end if
sub drawHeader(ropt)
response.write "<table id='tbl' table border=1 bordercolor='black' bgcolor='LavenderBlush' cellpadding=1 cellspacing=0 align=center style='BORDER-COLLAPSE: collapse;'>"
select case ropt
case "MDFnode"
response.write "<tr height=20><td><b>SNo</b></td>"
response.write "<td style='font:bold 11pt;' width=50>Exch</b></td><td><b>Cabinet</b></td><td><b>Street Name</b></td><td><b>BLK/HSE</b></td><td><b>No</b></td><td><b>Unit</b></td><td><b>Building Name</b></td><td><b>Room</b></td><td><b>Type</b></td><td><b>Equipment Type</b></td><td><b>Rack</b></td><td><b>Inst By</b></td><td><b>Status</b></td><td><b>ID</b></td><td><b>RFS Date</b></td><td><b>Remark</b></td><td><b>No of ccts</b></td>"
end select
response.write"</tr>"
end sub
response.write"</table>"
sub drawbody(ropt)
response.write "<tr>"
select case ropt
case "MDFnode"
for i= 0 to 10
response.write "<td>" & i & "</td>"
next
end select
response.write"</tr>"
end sub
sub drawB(ofname)
response.write "<tr>"
for i = 0 to ubound(ofname)
if isnull(objRS(i)) then
response.write "<td> </td>"
else
if i = 0 then
strHref = "<a href='e_" & ropt & ".asp?tname=" & ropt & "&rowid=" & server.URLEncode(trim(objRS("rowid"))) & "'>" & sno & "</a>"
response.write "<td style='font:normal 12pt Arial;'>" & strHref & "</td>"
else
response.write "<td style='font:normal 12pt Arial;'>" & trim(objRS(i)) & "</td>"
end if
end if
next
response.write "</tr>"
end sub
end if
response.write"</table>"
%>
</strong></p> </div>
<div align="center">
<input type="button" value="Save as Excel" onClick="vbscript:xlsReport()">
</div>
</p>
</body>
</html>
<script language="VBScript">
dim r, c, colcnt,row
sub xlsReport()
window.status = "Export to Excel ... Please Wait ..."
dim rownow
colcnt = tbl.cells.length / tbl.rows.length
set xls = createobject("Excel.Application")
xls.visible = true
xls.workbooks.add
xls.worksheets.add
for c = 0 to colcnt - 1
xls.cells(3,c+1).value = tbl.rows(0).cells(c).innerText
next
row = 3
for r = 1 to tbl.rows.length -1
for c = 0 to colcnt - 1
xls.cells(row+r,c+1).value = tbl.rows(r).cells(c).innerText
next
next
xls.cells(1,1).value = txtRpt.innerText
set xls = nothing
window.status = "Done"
end sub
</script>
</div>
I am getting records based on CCP_Code and NODE_SITE_ID values.
Now I want to retrieve values only based on TYPE = 'CE' but I am not able to do this.
When I didn't select anything by default the TYPE value is 'CE'. Click submit and it gives me only type CE values.
When I give CCp_code with TYPE = empty then it should give me all the records based on CCP_Code.
When I select CCP_CODE and NODE_SITE_ID it should give me values based on both.
When I select CCP_CODE, NODE_SITE_ID and TYPE='CE' then it should give me values based on these values.

You need to Google "SQL injection" for a start.
strQuery = strQuery & "'" & strQuery1 & "'"
But as a start I'd log the contents of "strQuery" just before the objRS.Open
Once you can see the query text, it should be easy to say why rows were or were not returned.

How to prevent XSS in a Classic ASP multipart form?

I have a multipart form written in Classic ASP that is based on the code below. I use stored procedures and parameters to write to the sql DB, I use Server.HTMLEncode before it is submitted also. I have javascript based validation (jquery validation plugin) as well as server side ASP validation for all the fields. I am not worried about injection but the page is vulnerable to XSS code listed below.
My question is: How do I prevent this type of cross site scripting on a classic ASP page like the one below?
Basically, all the data is collected then on the last "page" after submit is hit I run it through the server side validation. But I need to know how to prevent XSS before the user gets to the submission point.
XSS CODE:
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
CODE:
<%
Const NUMBER_OF_PAGES = 3
Dim intPreviousPage
Dim intCurrentPage
Dim strItem
' What page did we come from?
intPreviousPage = Request.Form("page")
' What page are we on?
Select Case Request.Form("navigate")
Case "< Back"
intCurrentPage = intPreviousPage - 1
Case "Next >"
intCurrentPage = intPreviousPage + 1
Case Else
' Either it's our first run of the page and we're on page 1 or
' the form is complete and pages are unimportant because we're
' about to process our data!
intCurrentPage = 1
End Select
' If we're not finished then display the form.
If Request.Form("navigate") <> "Finish" Then %>
<form action="<%= Request.ServerVariables("URL") %>" method="post">
<input type="hidden" name="page" value="<%= intCurrentPage %>">
<%
' Take data and store it in hidden form fields. All our fields are
' prefixed with numbers so that we know what page it belongs to.
For Each strItem In Request.Form
' Ignore the "page" and "navigate" button form fields.
If strItem <> "page" And strItem <> "navigate" Then
' If the data is from the current page we don't need
' the hidden field since the data will show in the visible
' form fields.
If CInt(Left(strItem, 1)) <> intCurrentPage Then
Response.Write("<input type=""hidden"" name=""" & strItem & """" _
& " value=""" & Request.Form(strItem) & """>" & vbCrLf)
End If
End If
Next
' Display current page fields. The fields are all named with
' numerical prefix that tells us which page they belong to.
' We need a Case for each page.
Select Case intCurrentPage
Case 1
%>
<table>
<tr>
<td><strong>Name:</strong></td>
<td><input type="text" name="1_name" value="<%= Request.Form("1_name") %>"></td>
</tr><tr>
<td><strong>Email:</strong></td>
<td><input type="text" name="1_email" value="<%= Request.Form("1_email") %>"></td>
</tr>
</table>
<%
Case 2
%>
<table>
<tr>
<td><strong>Address:</strong></td>
<td><input type="text" name="2_address" value="<%= Request.Form("2_address") %>"></td>
</tr><tr>
<td><strong>City:</strong></td>
<td><input type="text" name="2_city" value="<%= Request.Form("2_city") %>"></td>
</tr><tr>
<td><strong>State:</strong></td>
<td><input type="text" name="2_state" value="<%= Request.Form("2_state") %>"></td>
</tr><tr>
<td><strong>Zip:</strong></td>
<td><input type="text" name="2_zip" value="<%= Request.Form("2_zip") %>"></td>
</tr>
</table>
<%
Case 3
' Notice that you can do other types of form fields too.
%>
<table>
<tr>
<td><strong>Sex:</strong></td>
<td>
<input type="radio" name="3_sex" value="male" <% If Request.Form("3_sex") = "male" Then Response.Write("checked=""checked""") %>>Male
<input type="radio" name="3_sex" value="female" <% If Request.Form("3_sex") = "female" Then Response.Write("checked=""checked""") %>>Female
</td>
</tr><tr>
<td><strong>Age:</strong></td>
<td>
<select name="3_age">
<option></option>
<option<% If Request.Form("3_age") = "< 20" Then Response.Write(" selected=""selected""") %>>< 20</option>
<option<% If Request.Form("3_age") = "20 - 29" Then Response.Write(" selected=""selected""") %>>20 - 29</option>
<option<% If Request.Form("3_age") = "30 - 39" Then Response.Write(" selected=""selected""") %>>30 - 39</option>
<option<% If Request.Form("3_age") = "40 - 49" Then Response.Write(" selected=""selected""") %>>40 - 49</option>
<option<% If Request.Form("3_age") = "50 - 59" Then Response.Write(" selected=""selected""") %>>50 - 59</option>
<option<% If Request.Form("3_age") = "60 - 69" Then Response.Write(" selected=""selected""") %>>60 - 69</option>
<option<% If Request.Form("3_age") = "70 - 79" Then Response.Write(" selected=""selected""") %>>70 - 79</option>
<option<% If Request.Form("3_age") = "80 +" Then Response.Write(" selected=""selected""") %>>80 +</option>
</select>
</td>
</tr>
</table>
<%
Case Else
' You shouldn't see this error unless something goes wrong.
Response.Write("Error: Bad Page Number!")
End Select
%>
<br />
<!-- Display form navigation buttons. -->
<% If intCurrentPage > 1 Then %>
<input type="submit" name="navigate" value="< Back">
<% End If %>
<% If intCurrentPage < NUMBER_OF_PAGES Then %>
<input type="submit" name="navigate" value="Next >">
<% Else %>
<input type="submit" name="navigate" value="Finish">
<% End If %>
</form>
<%
Else
' This is where we process our data when the user submits the final page.
' I just display the data, but you're free to store the data in a
' database, send it via email, or do whatever you want with it.
'For Each strItem In Request.Form
' Response.Write(strItem & ": " & Request.Form(strItem) & "<br />" & vbCrLf)
'Next
%>
<p><strong>
Here's what you entered:
</strong></p>
<pre>
<strong>Name:</strong> <%= Request.Form("1_name") %>
<strong>Email:</strong> <%= Request.Form("1_email") %>
<strong>Address:</strong> <%= Request.Form("2_address") %>
<strong>City:</strong> <%= Request.Form("2_city") %>
<strong>State:</strong> <%= Request.Form("2_state") %>
<strong>Zip:</strong> <%= Request.Form("2_zip") %>
<strong>Sex:</strong> <%= Request.Form("3_sex") %>
<strong>Age:</strong> <%= Request.Form("3_age") %>
</pre>
<p>
Start Again
</p>
<%
End If
%>

You should use Server.HTMLEncode before writing the user input to the page, not before writing to the DB. In fact, it's better to store non encoded values in the DB to avoid double encoding.
Fixed code:
Case 1
%>
<table>
<tr>
<td><strong>Name:</strong></td>
<td><input type="text"
name="1_name"
value="<%= Server.HTMLEncode(Request.Form("1_name")) %>"></td>
</tr>
<tr>
<td><strong>Email:</strong></td>
<td><input type="text"
name="1_email"
value="<%= Server.HTMLEncode(Request.Form("1_email")) %>"></td>
</tr>
</table>
<%
Also, make sure that Request.Form("page") is a number
intPreviousPage = TryCLng(Request.Form("page"))
Internal function of mine
function TryCLng( NumeroEnTexto )
if isNumeric( NumeroEnTexto ) then
TryCLng = clng(NumeroEnTexto)
else
TryCLng = 0
end if
end function