VBScript, Encoding - Decoding Variables

Encoding - Decoding Variables

Author	Message
Matt W #1 / 4	Encoding - Decoding Variables To avoid storing a variable in a Session object, I'd Like to encode a user's ID so it can be attached to the URL and carried with them. Thing is I want to bury it in a number or characters; such as - ../../detail.asp?ID=1982831 The User's ID is actually 923 How do you write a VB Script snippet to pull those numbers out when the script calls for the user's ID? In case you are wondering why I don't just use the ID by it's self - Depending on the script they are going into, If the user changes the number they may be able to view someone else's information. I'd rather them cause an error and get sent back to GO (without collecting $200 : ) Thanks for you help! Matt W.
Sat, 02 Feb 2002 03:00:00 GMT

Dan Pfeffe #2 / 4	Encoding - Decoding Variables Hi Matt, You could use the mid function to extract each character: zz = request.querystring("ID") id = mid(zz,2,1) & mid(zz,4,2) 'gets 1 chars starting with the 2nd and 2 chars starting with 4th In your example then id = "928" HTH, Dan Quote: > To avoid storing a variable in a Session object, I'd Like to encode a user's > ID so it can be attached to the URL and carried with them. Thing is I want > to bury it in a number or characters; such as - > ../../detail.asp?ID=1982831 The User's ID is actually 923 > How do you write a VB Script snippet to pull those numbers out when the > script calls for the user's ID? > In case you are wondering why I don't just use the ID by it's self - > Depending on the script they are going into, If the user changes the number > they may be able to view someone else's information. I'd rather them cause > an error and get sent back to GO (without collecting $200 : ) > Thanks for you help! > Matt W.
Sat, 02 Feb 2002 03:00:00 GMT

Matt W #3 / 4	Encoding - Decoding Variables That's a good point. I kind of thought maybe going through all that would be more of a hassle then it would be worth. I 'm not real sure how to get around that type of situation except by using random Replication IDs - but depending on the size of the database, that could waste a lot of storage. Any other thoughts of how to get around it? Thanks for the Heads Up! Matt W. Quote: >>In case you are wondering why I don't just use the ID by it's self - >>Depending on the script they are going into, If the user changes the number >>they may be able to view someone else's information. I'd rather them cause >>an error and get sent back to GO (without collecting $200 : ) >Until they just create a program that blindly tries all the IDs, from 0 >through whatever. Mostly, they'll get errors, but under your scheme, they >should get some valid results back. >This is a BAD thing.
Sat, 02 Feb 2002 03:00:00 GMT

Dan Pfeffe #4 / 4	Encoding - Decoding Variables Hi Matt, Why not store the users ID in a session variable? Thanks, Dan Quote: > That's a good point. I kind of thought maybe going through all that would > be more of a hassle then it would be worth. I 'm not real sure how to get > around that type of situation except by using random Replication IDs - but > depending on the size of the database, that could waste a lot of storage. > Any other thoughts of how to get around it? > Thanks for the Heads Up! > Matt W. Quote: > >>In case you are wondering why I don't just use the ID by it's self - > >>Depending on the script they are going into, If the user changes the > number > >>they may be able to view someone else's information. I'd rather them > cause > >>an error and get sent back to GO (without collecting $200 : ) > >Until they just create a program that blindly tries all the IDs, from 0 > >through whatever. Mostly, they'll get errors, but under your scheme, they > >should get some valid results back. > >This is a BAD thing.
Sat, 02 Feb 2002 03:00:00 GMT

Page 1 of 1

[ 4 post ]