search

Home  >  Q&A  >  body text

Possibility to store ASP Classic code as string in MYSQL database

Is it possible to store asp classic code into a MySQL database and have it execute the code when pulled? For example store the variable name into a string and have it execute ASP before displaying it? I suspect this is not possible because the MySQL request is run after the page is loaded, so the return data is not executed, just the variable names. Another thing is that it might be HTML encoding, it might be encoded after passing it to the MySQL server, but so far it's just reading the variable names. Any ideas on this, is this impossible or am I unencoding somehow:

I've tried coding it like this, using a Chr replacement function that works elsewhere, but the function is used like this:

NEWSTRING =  Server.HtmlEncode(OLDSTRING)

Regardless of whether encoding is attempted, the results will only show ASP Classic code, as shown below:

MESSAGE TO USER <%=Session("var_FOO")%>

While Encode does not appear to change the string displayed on the screen, the log results show an encoding attempt that, instead of putting the data in, converts the character type like this:

&quot;var_Foo&quot;

I may be barking up the wrong tree with my coding, but if you have a hammer you could try pounding in some screws until they go in.


This feature is currently difficult for me because an easier way would be to store the string in the database like I did and then add the variables to the string after pulling it out instead of putting Enter them into the database. Of course, this means the user can't control the error message via the variable associated with it, but I guess I can live with that.

A similar question asks to do this as a function, if you read the rest of the post you'll see there is a difference.

P粉557957970P粉557957970231 days ago495

reply all(1)I'll reply

  • P粉893457026

    P粉8934570262024-04-07 11:42:05

    Yes, it is possible. Classic ASP provides the Eval, Execute, and ExecuteGlobal methods to which you can pass a text string containing source code.

    Doing this on a public-facing website is dangerous; if a network worm knows how to write arbitrary code to your database tables, it can disrupt, corrupt, or hijack your application. You're not paranoid: proactive strangers are actually plotting against you and looking for sites that operate this way. Be careful.

    Eval(codeText) Runs an expression and returns the result. ExecuteGlobal(codeText) Run it as if it were in the top-level context. Execute(codeText) Runs it in the context (subroutine or function) in which it was called.

    reply
    0
  • Cancelreply