#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2007
    Posts
    62
    Rep Power
    7

    String manipulation


    Hi,

    I have a string that will vary in length but there will always be a consistent pattern.

    Var String = “value a; value b; value c;”

    This string could go on with additional value value e; value f; etc etc.

    What I need to do is to take that variable “string” and create a new variable and alter the values in the string. Again it will always be consistent value I will be creating from it.

    For example the above var string will need to look like newstring below, it is building a SQL query actually:

    Var newstring = “ car like ‘%value a % OR car like ‘%value b % OR car like ‘%value c %’

    And if there were more values I would need it to keep building the string dynamically.

    What is the best method for me to do this and does anyone have some sample code I can work with?

    Thanks for looking.
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Hi,

    why on earth do you create SQL queries in JavaScript? You do realize that this allows anybody to query your database with anything?

    Can you explain what you're trying to do? Because this sounds like you're really, really on the wrong track.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2007
    Posts
    62
    Rep Power
    7
    Hi, this was only part of the SQL query the rest is on another page, that part was formed based on a user field value. I now have the answer from tek-tips.

    See here for anyone that needs help
    Code:
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <title>test</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <script language="JavaScript">
    function test(){
    
    string = "value a; value b; value c;"
    
    newstring=string
      .split(/ *; */)
      .filter(function(p){return p.trim()})
      .map(function(p){return "car like '%"+p.replace(/['\\]/g,'\\$&')+" %'"})
      .join(' or ') 
      
      alert(newstring)
      
      
    }
    
    </script>
    </head>
    
    <body onload="test()">
    
    </table>
    </body>
    </html>

    Comments on this post

    • Jacques1 disagrees : I call this virtual suicide.
  6. #4
  7. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    I'm sorry to say, but the people that "helped" you obviously have no clue of secure (and sane) web programming -- or maybe they just didn't care. This piece of code is wrong in pretty much every possible aspect.

    I repeat what I already said: When you build queries in JavaScript, it means that anybody can execute any query on your server. JavaScript runs on the client, so the user has full control over it and can manipulate it in any way they like. How about I send you a DROP some_important_table? Chances are your database will happily execute it. And that's just a harmless example. An unprotected database can be used to capture the whole server.

    Apart from that, it makes no sense whatsoever to create SQL queries in JavaScript.

    I mean, it's up to you what you do with your server. If you're happy with your "solution", go ahead. But be warned and expect to be "hacked" as soon as some script kiddie finds your website.

    Comments on this post

    • Aurum84 agrees
    • PaulGer agrees
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".

IMN logo majestic logo threadwatch logo seochat tools logo