I have a requirement from my client to get the query parameter of an URL with VBScript, the URL is like below:
Need to get the value of "sn".
What should the code be like?
No idea how to use VBScript to get the parameter.
Asked
Active
Viewed 451 times
1 Answers
-2
I got the code:
dim sn
sn = Request.QueryString("sn")
It works.
Yigo Zhou
- 23
- 7
-
The solution does works, not sure why some one voted down. – Yigo Zhou Mar 31 '22 at 06:09
-
This solution encourages injecting query string parameters directly into a SQL statement, this makes it vulnerable to [SQL Injection](https://en.wikipedia.org/wiki/SQL_injection) attacks and as such is bad practice and shouldn't be encouraged. A more robust approach would be to [use a parameterised query](https://stackoverflow.com/a/7661608/692942). – user692942 Mar 31 '22 at 09:17
-
You can't just change it to hide your flawed SQL example. SQL injection is a big problem, especially with older languages likes Classic ASP. You need to update your solution, not hide it. Plus, this is basic VBscript functionality, the OP obviously didn't look far or look at all for an answer before posting. It really didn't need a code example answer. `Request.QueryString("sn")` left as a comment would have sufficed, or a link to a already answered question, or an external resource like w3schools. – Adam Apr 01 '22 at 15:23