I have an old Classic ASP code such as:
<html>
<head></head>
<body>
<form action="test.asp" method="post" name="fname">
<select name="clients" size="3" multiple="multiple">
<option value="5311" selected="selected">5311</option>
<option value="9999" select开发者_StackOverflow中文版ed="selected">9999</option>
</select>
<input type="submit" value="test">
</form>
<%
dim clients
clients=Request.Form("clients")
Response.Write(clients)
%>
</body>
</html>
This outputs 5311, 9999 from the Request.Form object
If I put the same HTML in an ASP.Net app and read the Request.Form object it outputs 5311,9999.
Spot the difference, there is a space between the two.
Why is that? Is there a way I change it so it includes the space?
Thanks
Classic ASP has changed. Around about Windows Server 2008, probably later due to a patch or service pack, it started putting between items.
It does the same thing with field arrays. If you have 3 input boxes with the name "AMOUNT", response.write(request.amount) will display aaa, bbb, ccc
I've been working with classic ASP for around 12 years and this started happening a while ago and breaking things.
I've never seen it documented though.
Note: I can find old Microsoft documentation that specifically says a "comma delimited string"
It sounds like you might do a replace to create a part of a valid SQL statement. If that is what you're doing, it's a really really bad idea since an evil visitor can use this to run any SQL statements they like. A better idea, for both classic ASP and ASP.net is to do a split on comma and use CLng or Convert.ParseInt32 to convert to number and build the SQL statement using that.
I never noticed a difference in the way that Classic ASP and ASP.NET works in this regard, but the presence or absence of a space should not affect an IN clause. If you are currently just throwing the Request.Form value into a dynamically constructed SQL statement, you are potentially asking for trouble as has been pointed out. You should parameterise it:
http://www.mikesdotnetting.com/Article/116/Parameterized-IN-clauses-with-ADO.NET-and-LINQ
精彩评论