 |  |  |  |  |  |  |  |
Need help displaying single database values
Please support our ASP.NET advertiser: Intel Parallel Studio Home
Thread Solved |
•
•
Join Date: Sep 2007
Posts: 1,080
Reputation: 
Solved Threads: 68
I need to figure out how to bind data and call it back anywhere on the page. Basically, this is what I am trying to do. Keep in mind that I am an asp programmer and am very new to ASP.NET.
I have build a custom login page that works. Now I need to retrieve the number of comments from a database and post it like I did in asp. Also, I need to retrieve a users id and post it in multiple places randomly on the page. Thanks.
I am converting an asp site to asp.net.
I have build a custom login page that works. Now I need to retrieve the number of comments from a database and post it like I did in asp. Also, I need to retrieve a users id and post it in multiple places randomly on the page. Thanks.
I am converting an asp site to asp.net.
ASP.NET Syntax (Toggle Plain Text)
•
•
Join Date: Feb 2005
Posts: 1,181
Reputation:
Solved Threads: 67
Drag a GridView or Repeater control onto your form in design view. In the code behind (Do your databse code which you have shown you know how to do) then just pass the resulting reader to the DataSource property of the WebControl (GridView, Repeater whatever) and call it's DataBind() method.
Example:
That's basically it.
What worries me more is that this:
Leaves you completely wide open to Sql Injection! Ecapsulate the login inplementation in a seperate class file with property accessors for loginname and password and use a stored procedure in a public method that returns a boolean for success or failure.
And this:
Means I can assume the identity of anyone by randomly typing user id's in my address bar on the end of the querystring and causing mayhem!! Store the id in a session variable where it cannot be tampered with. Golden rule: Never never never never never under any circumstances what-so-ever blindly accept user input. Validate it *server* side not on the client and bin it if it's duff before it can do any harm.
Example:
ASP.NET Syntax (Toggle Plain Text)
That's basically it.
What worries me more is that this:
ASP.NET Syntax (Toggle Plain Text)
Leaves you completely wide open to Sql Injection! Ecapsulate the login inplementation in a seperate class file with property accessors for loginname and password and use a stored procedure in a public method that returns a boolean for success or failure.
And this:
ASP.NET Syntax (Toggle Plain Text)
Last edited by hollystyles; Sep 28th, 2007 at 9:34 am.
•
•
Join Date: Sep 2007
Posts: 1,080
Reputation:
Solved Threads: 68
The querystring variable is just a cross reference. The uaid is stored in a session, but must match the querystring. It's just extra that is really, uneeded, but (to me anyway) provides better protection against hackers.
I was hoping I didn't have to use a datagrid or the like. I was hoping there was a way to declare the variable/string and recall it when needed. Seems just pointless extra code. Anyway, thanks a ton ^^
Oh, and for some reason maybe you can help on the sql part. I did the way I was supposed to by putting the following:
But the authentication always failed. When I debugged by using response.write the SQL after opening it, it always appeared just as above, with the @userName and @userPass. It never substitued the required variables. Is there something else I need?
Oh and I am using OdbcConnection.
I was hoping I didn't have to use a datagrid or the like. I was hoping there was a way to declare the variable/string and recall it when needed. Seems just pointless extra code. Anyway, thanks a ton ^^
Oh, and for some reason maybe you can help on the sql part. I did the way I was supposed to by putting the following:
ASP.NET Syntax (Toggle Plain Text)
But the authentication always failed. When I debugged by using response.write the SQL after opening it, it always appeared just as above, with the @userName and @userPass. It never substitued the required variables. Is there something else I need?
Oh and I am using OdbcConnection.
•
•
Join Date: Feb 2005
Posts: 1,181
Reputation:
Solved Threads: 67
•
•
•
•
I was hoping I didn't have to use a datagrid or the like. I was hoping there was a way to declare the variable/string and recall it when needed. Seems just pointless extra code. Anyway, thanks a ton ^^
•
•
•
•
But the authentication always failed. When I debugged by using response.write the SQL after opening it, it always appeared just as above, with the @userName and @userPass. It never substitued the required variables. Is there something else I need?
ASP.NET Syntax (Toggle Plain Text)
And you have to add the params to the command's parameters collection in the exact order they appear in the Sql Statement.
P.S just using params does not make the input safe, you must use a RegularExpression validator or your own custom method Public Sub makeSafe(input As String) As String ... to weed out ; -- and words like DROP
http://msdn2.microsoft.com/en-us/library/bb355989.aspx
Last edited by hollystyles; Sep 28th, 2007 at 11:41 am.
•
•
Join Date: Sep 2007
Posts: 1,080
Reputation:
Solved Threads: 68
Like, in ASP I could tap into the database once, and store the information in an array, or just say strField = rs("Field") and then call it any time on the page as <%= strField %>.
Heres the code for passing it along, and yes I am passing it to the command object:
One main reason why I want a string to hold the value is due to me referencing it about 4 times. I would hate to keep a connection open that long also. And if you could answer this for me.. how would I reference a value in a sub query? I will be using UAID in a query to check comments. Is my best bet just grabbing the query, setting the session to it, then referencing the session? If so, I just need to know how to set it to the session variable in VB. like:
thanks. You're saving me hours of work.
Heres the code for passing it along, and yes I am passing it to the command object:
ASP.NET Syntax (Toggle Plain Text)
One main reason why I want a string to hold the value is due to me referencing it about 4 times. I would hate to keep a connection open that long also. And if you could answer this for me.. how would I reference a value in a sub query? I will be using UAID in a query to check comments. Is my best bet just grabbing the query, setting the session to it, then referencing the session? If so, I just need to know how to set it to the session variable in VB. like:
ASP.NET Syntax (Toggle Plain Text)
thanks. You're saving me hours of work.
•
•
Join Date: Feb 2005
Posts: 1,181
Reputation:
Solved Threads: 67
Use ExecuteScalar() on the command object it is very efficient, returns just the first value in the first row of the result set. No need for an expensive DataAdapter and DataSet.
Just use a DataTable object
Those square brackets [] in that last statement may need to be parentheses () in VB syntax. I'm not sure cos VB syntax makes my teeth jangle ! yech!
ASP.NET Syntax (Toggle Plain Text)
•
•
•
•
Like, in ASP I could tap into the database once, and store the information in an array
ASP.NET Syntax (Toggle Plain Text)
Those square brackets [] in that last statement may need to be parentheses () in VB syntax. I'm not sure cos VB syntax makes my teeth jangle ! yech!
Last edited by hollystyles; Sep 28th, 2007 at 12:07 pm.
•
•
Join Date: Sep 2007
Posts: 1,080
Reputation:
Solved Threads: 68
Perfect! Thanks a ton!! I couldn't find this anywhere. 
•
•
Join Date: Sep 2007
Posts: 1,080
Reputation:
Solved Threads: 68
Hey, thanks for all your help. This is my complete code... is there any bad stuff in here that could cause major problems with me, even with security? And do I have to close Scalars()? Thanks a ton, once again!
ASP.NET Syntax (Toggle Plain Text)
 |
Similar Threads
- displaying image from database (PHP)
- Please Very Important:How to Check with Database Values (JSP)
- Displaying Images( buffered data ) from the Database using Java (Java)
- Convert database values into Dropdown List (PHP)
- Multiple images to a single bmp/jpg image (Visual Basic 4 / 5 / 6)
- I need help with Threshold data values (Visual Basic 4 / 5 / 6)
- Unable to insert form data into a database (ASP)
Other Threads in the ASP.NET Forum
- Previous Thread: linking of two aspx file
- Next Thread: asp:Menu Images Disappearing
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest ASP.NET Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
.net 2.0 3.5 activexcontrol advice ajax alltypeofvideos asp asp.net bc30451 bottomasp.net browser businesslogiclayer button c# c#gridviewcolumn checkbox child click commonfunctions compatible confirmationcodegeneration content contenttype countryselector courier css dataaccesslayer database datagrid datagridview datagridviewcheckbox datalist deadlock development dgv dropdownlist dropdownmenu edit expose feedback flash flv form formatdecimal forms formview gridview homeedition hosting iframe iis javascript jquery list listbox login menu microsoft mono mouse mssql multistepregistration nameisnotdeclared news numerical objects order panelmasterpagebuttoncontrols radio ratings rotatepage save schoolproject search security serializesmo.table silverlight smartcard sql-server sqlserver2005 suse textbox tracking typeof unauthorized validation vb.net video videos virtualdirectory vista visual-studio visualstudio web webarchitecture webdevelopemnt webservice xml youareanotmemberofthedebuggerusers
