query string too long

[eddie wang]

The sqlStr string is too long in the following example and the ASP
doesn't work. What is the work around? If using post method, any
simple samples? Thanks.

<a
href="ExcelExport.asp?noIncludes=yes&sqlStr=<%=replace(Server.URLEncode(
strSQl),"'","`")%>">

 

[Bin Song]

The work around is using Form Post.
If the value is from a form field, it is just ok. if not
create a hidden field to contain the value:
<form action="ExcelExport.asp?noIncludes=yes"
Method="Post">
<input type="hidden" value==<%=replace(Server.URLEncode(

strSQl),"'","`")%>>

</form>

Bin Song, MCP

 

[eddie wang]

Thanks for your post. I wrote the following to replace the query string
but it page doesn't do anything after click.

<FORM NAME='formname' METHOD=POST
ACTION='ExcelExport.asp?noIncludes=yes' target='_blank'>
<INPUT TYPE='Hidden' NAME='strSQL'
VALUE==<%=replace(server.urlencode(strsql),"'","`")%>>
<tr><td BGCOLOR=E4E4E4 ID='bodytext' COLSPAN='8' align='center'><input
TYPE=SUBMIT value='export'></td></tr>
</form>

 

[Chris Jackson]

You could just stick this into a session variable, which would also be a
much more secure way to approach it. If you truly are passing a SQL string
in this variable, do you really want somebody to be able to whip up an HTTP
page with the same fields, post to that page, and run the SQL script of
their choice?