I have a combobox where I submit a value when Onchange event is triggerd. But the 'if' won't work.
The ID and the 'selectedGebouw' are both visible on the screen combobox, but it won't let it as selected.
<select name="gebouwFilter" onchange="this.form.submit()">
<option value="0"></option>
<%
set objRec = objCon.execute(QUERY)
DO WHILE NOT objRec.EOF
%>
<option value="<%=objRec("locationID")%>" <%if selectedGebouw = objRec("locationID") then response.write("Selected") end if %>>
<!-- <%=objRec("address") &", "& objRec("place") %> -->
<%=objRec("locationID") &", "& selectedGebouw %>
</option>
<%
objRec.MoveNext
Loop
objRec.Close
set objRec = nothing
%>
</select>
FIXED:
First changed the submited value to int fixed it:
selectedGebouw = cint(Request.Form("gebouwFilter"))
Related
I have an array like this:
#airports = [
['Malaysia', 'Alor Setar', 'AOR'],
['Malaysia', 'Bintulu', 'BTU'],
['Malaysia', 'Ipoh', 'IPH'],
['Malaysia', 'Johor Bahru', 'JHB'],
['Indonesia', 'Kuching', 'KCH'],
['Indonesia', 'Labuan', 'LBU'],
['Indonesia', 'Langkawi', 'LGK'],
['Indonesia', 'Miri', 'MYY'],
['Indonesia', 'Penang', 'PEN'],
]
then in my view:
<select name="from" class="form-control select2">
<% #airports.each do |airport| %>
<optgroup label="<%= airport[0] %>">
<option value="<%= airport[2] %>" <%= #params[:from] == airport[2] ? "selected" : "" %>>
<%= "#{airport[1]} (#{airport[2]})" %>
</option>
</optgroup>
<% end %>
</select>
which gives the result like this:
How can I group it for each country? I mean like this:
Malaysia
Alor Setar
Bintulu
Ipoh
Johor
Indonesia
Kuching
Labuan
Langkawi
Penang
Miri
In your view, you can do something like:
<% countries = #airports.group_by{|a| a.first} %>
<% countries.each do |country, airport| %>
<optgroup label="<%= country %>">
<% airport.each do |a| %>
<option value="<%= a[1] %>"></option>
<% end %>
</optgroup>
<% end %>
PS: This is just to give you a rough idea, I'm missing the logic you used for <option value> in my example. Hope you can fix it accordingly.
This is the below code that I had written for populating a dropdown.
<html>
<select id = 'status_update' >
<% array = [{"status_name"=>"Submitted", "reachable"=>false, "transition_name"=>""},
{"status_name"=>"Replied", "reachable"=>true, "transition_name"=>"Reply"},
{"status_name"=>"Answered", "reachable"=>false, "transition_name"=>""},
{"status_name"=>"Closed", "reachable"=>false, "transition_name"=>""},
{"status_name"=>"Canceled", "reachable"=>true, "transition_name"=>"Cancel"}]
array.each { |x|
x.each do |key, value|
%>
<option value = "<%= #{x['transition_name']} %>"
disabled = "<%= if ((#{x['reachable']}) == 'false')
return 'disabled'
else
return ''
end %>" ><%= "#{x['status_name']}" %></option>
<% end %>
<% } %>
</select>
</html>
In the above code, array is collection of hashmaps and the keys in hashmaps remains the same, 3 keys with different values in each set. Now, I am trying to populate each hashmap, with the values of their respective keys, in the dropdown. When I try so, I am getting error
ERB syntax error:dropdown:23: syntax error, unexpected kELSE
else
Might be simple, but not able to get the correct way of approach to get the hashmaps in the dropdown. Can anyone of you kindly let me know how to proceed please ?
The second loop in not necessary. This should work:
<% array.each do |x| %>
<option value="<%= x['transition_name'] %>" disabled="<%= x['reachable'] ? '' : 'disabled' %>"><%= x['status_name'] %></option>
<% end %>
Rather than setting disabled="" it's better to omit the attribute:
<option value="<%= x['transition_name'] %>" <%= 'disabled="disabled"' unless x['reachable'] %>"><%= x['status_name'] %></option>
Or, if this is too much in one line:
<% if x['reachable'] %>
<option value="<%= x['transition_name'] %>"><%= x['status_name'] %></option>
<% else %>
<option value="<%= x['transition_name'] %>" disabled="disabled"><%= x['status_name'] %></option>
<% end %>
I have a model like this:
class Project
include DataMapper::Resource
property :id, Serial
property :title, String
property :slug, String
property :status, Enum[:open, :closed ], :default => :open
has n, :issues
end
I've created a view to update the project status:
<form action="/project/update" method="post" id="project">
<label for="status">Status
<select id="status">
<option value="0"
<% if(#project.status == :open) %>
selected="selected"
<% end %>
>Open</option>
<option value="1"
<% if(#project.status == :closed) %>
selected="selected"
<% end %>
>Closed</option>
</select>
</label>
</form>
Here's the route:
post '/project/update' do
#project = Project.get(params[:project_id])
#project.update(:title => params[:title])
end
What values does the form need to pass to the route to update the status? and what should the route look like in this instance?
Thanks,
"open" and "closed" - they will be converted to symbols automatically.
I have a multipart form written in Classic ASP that is based on the code below. I use stored procedures and parameters to write to the sql DB, I use Server.HTMLEncode before it is submitted also. I have javascript based validation (jquery validation plugin) as well as server side ASP validation for all the fields. I am not worried about injection but the page is vulnerable to XSS code listed below.
My question is: How do I prevent this type of cross site scripting on a classic ASP page like the one below?
Basically, all the data is collected then on the last "page" after submit is hit I run it through the server side validation. But I need to know how to prevent XSS before the user gets to the submission point.
XSS CODE:
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
CODE:
<%
Const NUMBER_OF_PAGES = 3
Dim intPreviousPage
Dim intCurrentPage
Dim strItem
' What page did we come from?
intPreviousPage = Request.Form("page")
' What page are we on?
Select Case Request.Form("navigate")
Case "< Back"
intCurrentPage = intPreviousPage - 1
Case "Next >"
intCurrentPage = intPreviousPage + 1
Case Else
' Either it's our first run of the page and we're on page 1 or
' the form is complete and pages are unimportant because we're
' about to process our data!
intCurrentPage = 1
End Select
' If we're not finished then display the form.
If Request.Form("navigate") <> "Finish" Then %>
<form action="<%= Request.ServerVariables("URL") %>" method="post">
<input type="hidden" name="page" value="<%= intCurrentPage %>">
<%
' Take data and store it in hidden form fields. All our fields are
' prefixed with numbers so that we know what page it belongs to.
For Each strItem In Request.Form
' Ignore the "page" and "navigate" button form fields.
If strItem <> "page" And strItem <> "navigate" Then
' If the data is from the current page we don't need
' the hidden field since the data will show in the visible
' form fields.
If CInt(Left(strItem, 1)) <> intCurrentPage Then
Response.Write("<input type=""hidden"" name=""" & strItem & """" _
& " value=""" & Request.Form(strItem) & """>" & vbCrLf)
End If
End If
Next
' Display current page fields. The fields are all named with
' numerical prefix that tells us which page they belong to.
' We need a Case for each page.
Select Case intCurrentPage
Case 1
%>
<table>
<tr>
<td><strong>Name:</strong></td>
<td><input type="text" name="1_name" value="<%= Request.Form("1_name") %>"></td>
</tr><tr>
<td><strong>Email:</strong></td>
<td><input type="text" name="1_email" value="<%= Request.Form("1_email") %>"></td>
</tr>
</table>
<%
Case 2
%>
<table>
<tr>
<td><strong>Address:</strong></td>
<td><input type="text" name="2_address" value="<%= Request.Form("2_address") %>"></td>
</tr><tr>
<td><strong>City:</strong></td>
<td><input type="text" name="2_city" value="<%= Request.Form("2_city") %>"></td>
</tr><tr>
<td><strong>State:</strong></td>
<td><input type="text" name="2_state" value="<%= Request.Form("2_state") %>"></td>
</tr><tr>
<td><strong>Zip:</strong></td>
<td><input type="text" name="2_zip" value="<%= Request.Form("2_zip") %>"></td>
</tr>
</table>
<%
Case 3
' Notice that you can do other types of form fields too.
%>
<table>
<tr>
<td><strong>Sex:</strong></td>
<td>
<input type="radio" name="3_sex" value="male" <% If Request.Form("3_sex") = "male" Then Response.Write("checked=""checked""") %>>Male
<input type="radio" name="3_sex" value="female" <% If Request.Form("3_sex") = "female" Then Response.Write("checked=""checked""") %>>Female
</td>
</tr><tr>
<td><strong>Age:</strong></td>
<td>
<select name="3_age">
<option></option>
<option<% If Request.Form("3_age") = "< 20" Then Response.Write(" selected=""selected""") %>>< 20</option>
<option<% If Request.Form("3_age") = "20 - 29" Then Response.Write(" selected=""selected""") %>>20 - 29</option>
<option<% If Request.Form("3_age") = "30 - 39" Then Response.Write(" selected=""selected""") %>>30 - 39</option>
<option<% If Request.Form("3_age") = "40 - 49" Then Response.Write(" selected=""selected""") %>>40 - 49</option>
<option<% If Request.Form("3_age") = "50 - 59" Then Response.Write(" selected=""selected""") %>>50 - 59</option>
<option<% If Request.Form("3_age") = "60 - 69" Then Response.Write(" selected=""selected""") %>>60 - 69</option>
<option<% If Request.Form("3_age") = "70 - 79" Then Response.Write(" selected=""selected""") %>>70 - 79</option>
<option<% If Request.Form("3_age") = "80 +" Then Response.Write(" selected=""selected""") %>>80 +</option>
</select>
</td>
</tr>
</table>
<%
Case Else
' You shouldn't see this error unless something goes wrong.
Response.Write("Error: Bad Page Number!")
End Select
%>
<br />
<!-- Display form navigation buttons. -->
<% If intCurrentPage > 1 Then %>
<input type="submit" name="navigate" value="< Back">
<% End If %>
<% If intCurrentPage < NUMBER_OF_PAGES Then %>
<input type="submit" name="navigate" value="Next >">
<% Else %>
<input type="submit" name="navigate" value="Finish">
<% End If %>
</form>
<%
Else
' This is where we process our data when the user submits the final page.
' I just display the data, but you're free to store the data in a
' database, send it via email, or do whatever you want with it.
'For Each strItem In Request.Form
' Response.Write(strItem & ": " & Request.Form(strItem) & "<br />" & vbCrLf)
'Next
%>
<p><strong>
Here's what you entered:
</strong></p>
<pre>
<strong>Name:</strong> <%= Request.Form("1_name") %>
<strong>Email:</strong> <%= Request.Form("1_email") %>
<strong>Address:</strong> <%= Request.Form("2_address") %>
<strong>City:</strong> <%= Request.Form("2_city") %>
<strong>State:</strong> <%= Request.Form("2_state") %>
<strong>Zip:</strong> <%= Request.Form("2_zip") %>
<strong>Sex:</strong> <%= Request.Form("3_sex") %>
<strong>Age:</strong> <%= Request.Form("3_age") %>
</pre>
<p>
Start Again
</p>
<%
End If
%>
You should use Server.HTMLEncode before writing the user input to the page, not before writing to the DB. In fact, it's better to store non encoded values in the DB to avoid double encoding.
Fixed code:
Case 1
%>
<table>
<tr>
<td><strong>Name:</strong></td>
<td><input type="text"
name="1_name"
value="<%= Server.HTMLEncode(Request.Form("1_name")) %>"></td>
</tr>
<tr>
<td><strong>Email:</strong></td>
<td><input type="text"
name="1_email"
value="<%= Server.HTMLEncode(Request.Form("1_email")) %>"></td>
</tr>
</table>
<%
Also, make sure that Request.Form("page") is a number
intPreviousPage = TryCLng(Request.Form("page"))
Internal function of mine
function TryCLng( NumeroEnTexto )
if isNumeric( NumeroEnTexto ) then
TryCLng = clng(NumeroEnTexto)
else
TryCLng = 0
end if
end function
Does anyone know how to configure visual studio to correctly format code segments within a View
This annoys the crap outta me!:
<select>
<%
foreach(Height height in ViewData.Model.Heights)
{%>
<option value="<%=height.ID %>"><%=height.Value%></option>
<%
}%>
</select>
It should be like this:
<% foreach(Height height in ViewData.Model.Heights) { %>
<option value="<%=height.ID %>"><%=height.Value%></option>
<% } %>
</select>
I can fix it manually but whenever I reformat, or change some of the code close to the braces it screws up again!
After the auto formatting takes place hit cntrl-z, it will undo the auto-formatting only and not rearrange your code.