SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Zealot pixelz's Avatar
    Join Date
    Nov 2006
    Location
    Durban
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Unhappy creating an object instance inside another object

    Hi there,

    Having an interesting time with a BIG project that I'm writing to output and manipulate DB data - that doesn't really matter to the question though.

    What I'm trying to achieve is to create an array of objects with the properties of "name" and "value" from inside my main object (my uberObject as it were) with an object definition that is OUTSIDE of the main object. To clarify:

    my fieldObject def:
    Code:
    function fieldObject(name, value) {
    		this.name = name;
    		this.value = value;
    	}
    and inside the recordManager object (main big object) I have a method makeSelectArray() as below:

    Code:
    this.makeSelectArray = function() {
    		var selectArray = new Array;
    		for (i=0; i<genFieldsArray.length; i++) {	
    				if (genFieldsArray[i].includeInList == 'y')
    				{	selectArray[i] = new fieldObject(genFieldsArray[i].name,'');	}
    		}
    		for (i=0; i<selectArray.length; i++) { Response.Write(selectArray[i].name+', '); }
    		return selectArray;	
    	}
    The idea is to use this to create an array of fieldObjects from a general fields list (genFieldsArray) which is passed into the recordManager object on instatiation - this selectArray will then be used to generate a SQL string based on its name and value properties in a seperate method. Like so:

    Code:
    var selectArray = this.makeSelectArray();
    this.thisSQL = this.makeSQL('select',selectArray,this.tableName,'deleted','Y');

    My problem is that when I run this code, it doesn't seem to understand the fieldObject declaration - I get a "'name' is null or not an object" error for the line Response.Write(selectArray[i].name+', '); which I'm confused about because surely selectArray[i] is an object with "name" and "value" properties as per my fieldObject definition.

    Does my problem lie in the fact that the fieldObject definition is outside the recordManager definition? ie a scope issue? if so, how do I fix?

    Any help would be greatly appreciated! To see my full code so far, please click this link below:
    http://www.ncri.org.uk/codetests/rec...Definition.txt
    (is a txt file as the original is in ASP as you'll see)

    I would also just say that this is my first attempt at OO coding on this grand scale - any general structure tips on the above code would also be greatly appreciated!!

    Cheers!

    Pixelz

  2. #2
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is slightly off topic, but why on earth would you be creating SQL in javascript?

    Edit:


    I get it. This is serverside code.
    You can probably get better answers in the ASP forum, but I believe there are better ways to create queries in ASP, than through string-concatenation.

  3. #3
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The problem, you're having btw. is in this line:
    Code:
    selectArray[i] = new fieldObject(genFieldsArray[i].name,'');
    Since you use the index of the original array (genFieldsArray), you will get holes in the new array, when you skip because includeInList != 'Y'. Use Array.push() instead. Eg.:
    Code:
    selectArray.push(new fieldObject(genFieldsArray[i].name,''));

  4. #4
    SitePoint Zealot pixelz's Avatar
    Join Date
    Nov 2006
    Location
    Durban
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ah yes! ok that's a great help - will implement and see how it gets on.

    This is slightly off topic, but why on earth would you be creating SQL in javascript?
    Yeah I know - does sound kinda crazy, but I'm writing this object to be able to control a backend system where I can add, edit and update records in a database. I wrote a big application that worked fine, but was lonngwinded to update for any new table that I created.

    What I'm after here is on single object that I can just instantiate with a whole load of variables and I don't have to worry about trawling through the code to seek out old SQL statements etc and update them.

    fun fun fun! *sheesh*

    Thansk for the help!

  5. #5
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't know a thing about ASP or ADODB, but I'm guessing you would want to use parametrized statements. Google gave me this suggestion: http://textsnippets.com/posts/show/497

    With your current code, you're wide open for SQL-injection attacks.

  6. #6
    SitePoint Zealot pixelz's Avatar
    Join Date
    Nov 2006
    Location
    Durban
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Excellent! Starting to spit out data rather than errors!

    Thanks for the help!!

    Cheers

    pix!

  7. #7
    SitePoint Zealot pixelz's Avatar
    Join Date
    Nov 2006
    Location
    Durban
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    With your current code, you're wide open for SQL-injection attacks.
    Whoa!! jeez, sorry to sound like a n00b but what are SQL-injection attacks!???

  8. #8
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by pixelz View Post
    Whoa!! jeez, sorry to sound like a n00b but what are SQL-injection attacks!???
    sql injection

    SQL-injection is a very common vulnerability in web applications. It's easily avoided by using parametrized queries, if the language/library has such a feature.

  9. #9
    SitePoint Zealot pixelz's Avatar
    Join Date
    Nov 2006
    Location
    Durban
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hmmm... cool thanks for that mate!

    Will have to address that.
    Cheers for the help!

    Pix!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •