Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
the parsing of user name has a ' inside of the user name
and i think that is causing the code to break
when i set it with this
tempUsername=Request.Form("UserName")
if (Request.Form("Action") = "Login") then
tempUsername=Request.Form("UserName")
tempPassword=Request.Form("UserPassword")
is that assumption right?
if so what is a solution to this?
Jumping onto the comment by James, as well as answering this question:
Input sanitization is an issue in every language. Even if there weren't ' characters in usernames, this code is danger++
At the very least, run all the data you get from Request.form through a function that escapes/sanitizes dangerous characters in the context of what the data is getting passed on to (such as data stores or dir-resolving code).
As for the code using <%, that's a sign this is an ASP script, and the syntax looks like it's VB. The (Request.Form("Action") = "Login") in particular is a dead give-away, because no sane programming language since the 80s uses "=" as an equality testing operator =)
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed last year.
Improve this question
Is this command
Workbooks.Open (ActiveDocument.FilePath & EXCEL_DATA_FILE)
which in a script wrote for excell 32 bits works, for 64 bits gives error.
I am newbie, I maybe wrong ... but ... I had to ask
Dim EXCEL_DATA_FILE As String
This means that that variable is known, but this does not mean it has any value. You need to check which value is gets (or even whether or not it gets a value), then you can check if that corresponds with a filename in your current directory (ActiveDocument.FilePath), and by the way, can you check if your ActiveDocument.FilePath ends with a slash or a backslash? If not, instead of opening "C:\Temp\Filename.xls" you might try opening "C:\TempFilename.xls", which most probably does not exist :-)
As an example: I've copied the same code, added a breakpoint and ended up in a situation which won't work either, as the necessary variables are not filled in (correctly). How is the situation at your side?
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
As an exercise we need to explain what happens when we leave an open paranthesesis in a print statement.
Doing so does not give us an error nor a value, the resulting line gives us a prompt consisting of dots instead of arrows. Does this situation/prompt have a name and can someone explain?
for example:
>>>print('Hello'
...
The official name is secondary prompt. It is used when inputting incomplete constructs, for example not closing any set of parentheses or when defining a function.
The three greater-than signs (>>>) prompts for the next command, which the interpreter can process at once. The three dots (...), in its turn, prompts the continuation lines, such as print(: interpreter can't process your command at once, because it, in this case, doesn't know the arguments you want to pass to the function.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 3 years ago.
Improve this question
For example, it would make sense that in a comment section on a website which does not prevent the processing of escape characters that an escape character followed by code could "infiltrate" the backend code. How do big websites prevent this and is it absolutely impossible?
It is not impossible.
Big websites and small websites prevent SQL injection exactly the same way:
Using query parameters.
This works for text fields as well as shorter strings, dates, numbers, etc.
Here's a hypothetical example in PHP, but similar examples exist for any other programming language.
$text = $_POST['textfield'];
$stmt = $pdo->prepare("INSERT INTO mytable (textcol) VALUES (?)");
$stmt->execute( [ $text ] );
By keeping the content separate from the SQL query until execute(), this avoids a risk of SQL injection.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I am trying to create, via VBA, an "IF" command which would sound an specifc sentence when a pre determined condition is reached. Could you help me, please?
The only thing I know is that I need to use the "application.speech.speak" command. That is it.
PS: dear forum friends, as I am testing a suggested sent solution I ask you to wait a little while to see if it will work, avoiding taking your time. Thank you all.
Something like this maybe? You can use other conditions, of course.
Sub test()
If 1 = 1 Then
Application.Speech.Speak ("hello world")
End If
End Sub
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
When you execute your Alloy-code in Analyzer you get some message like "No counterexample was found". And I want extract this message. I want, for example, get .txt file with this message. Can somebody help me?
The cleanest and easiest way to do this would be to write a small java program that makes calls to the Alloy API to analyze given models and write the result in a text file (example here).
Now if you want to choose the hard and dirty way, that is: to extract such information from the guenuine Alloy analyzer GUI (not from a program of your own that calls the Alloy API),I guess a solution could be to use image recognition scripting tools like sikuli.