Hey All,

Huge thanks for the tip! I must admit that my SQL programming skills aren't that great (I usually live in the PHP world), and any thoughts you have would be great. So far, based upon your example, I have:

declare @tmpId nvarchar(4);
set @tmpId = (select userid from users where username = '[QUERYSTRING:uname]');

select @tmpId

A couple questions... let's my my URL were: http://www.dnn.com/YourProfile/tabid/137/ID/45/Default.aspx
 

How would I integrate the @tmpId into the URL string in the editor? I've tried a couple options, but what seems most probable is that there's a way to write the opening javascript and first part of the URL string, and then concant the second (ID) and third (Default.aspx and closing javascript).  However -- if there is, I can't seem to figure it out!

THe other question I have is about this esRedirect script - is that something I need to install, or is it included by default? I've tried running it alone, included into my header tags (as suggested) and embedded into the Query - but no forwarding action seems to work.

Any thoughts?

Thanks so much, all!

--Dave

Take a look at the last lines of my posted example.  These show how to use the query to pass back inline javascript that will auto-forward the user to whatever URL you specify.  So, for your example, if you want an incoming user to land on a certain page with a querystring "uid" equal to the value in "@tmpId" you'd use:
 
select '< script >window.location="http://{page URL here}?uid='+@tmpId+'"< /script >'
 
(Be sure to remove the extra spaces after the "<" and before the ">" characters.)
 
This will immediately forward the user from the redirect page to the target page.  Note that your redirect page must be an "interim" page -- it cannot be the destination page (unless you add more code to prevent an endless loop).
 
Regarding the "esRedirect" variable -- that's optional but I recommend it so you have an easy way to disable your redirect if it goes awry.  Therefore, you'd need to set esRedirect to "true" in a script block in the page header (as detailed in the posted example) and your "select" statement would be:
 
  select '< script >if(esRedirect){window.location="http://{page URL here}?uid='+@tmpId+'"}< /script >'


Also....Baatezu made a very valid point regarding SQL injection.  Although the module protects against data loss by disallowing DELETE, UPDATE, and DROP, it does allow SELECT (of course!).  Once you believe you have a working solution you'll want to try to injecting a "select" statement to see if you can force your particular query to return data other than the intended data.
 
-mamlin

Dave-
I'm glad you figured out a solution for your need.  If you think the functionality would be of benefit to the average DNN user I encourage you to add a feature request ("enhancement") to the appropriate modules' entries on Gemini:

  http://support.dotnetnuke.com/Main.aspx
 
 
Cheers!
-mamlin