I wanted to do this:
<!-- #include virtual = <%=request("page")%> -->

But, that's doesn't work. Help?!

I have a static "container" asp page. Based on a querystring variable, I
want the container page to include the appropriate content from another file
in my web space.

Static includes are cake:
<!-- #include virtual="filename.htm" -->
What if I want "filename" to be a variable, read from querystring?

[ Post a follow-up to this message ]

rd wrote on 26 aug 2004 in microsoft.public.inetserver.asp.general:

> Static includes are cake:
> <!-- #include virtual="filename.htm" -->
> What if I want "filename" to be a variable, read from querystring?
>

You cannot, because #include is executed [read 'included'] before(!!!) t
he
asp interpreting.

Try:

<%
Server.execute request.querystring("blah.asp")
%>

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress,
but let us keep the discussions in the newsgroup)

[ Post a follow-up to this message ]

Thank you! I figured the order of execution was the reason. Didn't know
about server.execute.

This works:
server.execute(request("pg"))

When I refer to mypage.asp?pg=whatever.htm, it includes whatever.htm the way
I wanted.

Thanks again.

-rd



"Evertjan." <exjxw.hannivoort@interxnl.net> wrote in message
news:Xns9551EFF30A355eejj99@194.109.133.29...
> rd wrote on 26 aug 2004 in microsoft.public.inetserver.asp.general:
> 
>
> You cannot, because #include is executed [read 'included'] before(!!!)
 the
> asp interpreting.
>
> Try:
>
> <%
> Server.execute request.querystring("blah.asp")
> %>
>
> --
> Evertjan.
> The Netherlands.
> (Please change the x'es to dots in my emailaddress,
> but let us keep the discussions in the newsgroup)
>

[ Post a follow-up to this message ]

rd wrote on 26 aug 2004 in microsoft.public.inetserver.asp.general:

> Thank you! I figured the order of execution was the reason. Didn't
> know about server.execute.
>
> This works:
> server.execute(request("pg"))
>
> When I refer to mypage.asp?pg=whatever.htm, it includes whatever.htm
> the way I wanted.

Beware, this will not always execute the file you wanted.

The joy of serversidedness [like singlemindedness ;-) ] is that you have
perfect control without the client interfering.

And now you give away the key of your include back to the client, so any
hacker can include another file of yours, possibly even opening a way to
sql-injection and corrupting your database, if you are using databases.

Furthermore [if you are stil determined to do it this way] always use:
request.querystring("pg")), otherwise if the querystring 'pg' is not
found, a cookie or any other request variable could be read.

So why not restrict the choices to the ones you think are safe:

r = request.querystring("pg")
if r="whatever.htm" or r="whateverelse.htm" then
server.execute(r)
else
response.write "Hacker !":response.end
end if

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress,
but let us keep the discussions in the newsgroup)

[ Post a follow-up to this message ]