473,320 Members | 1,848 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Need Help With QueryString & Password!

An ASP application retrieves records from a SQL Server database. In the
first page of the application, the user has to enter a password & the
columns retrieved from the DB table depends upon the password. For e.g.
if the password entered is say, pwd1, then that user should be
displayed the records of Column1 & Column2 only. If the password
entered is say, pwd2, then that user should be displayed the records of
Column1 & Column3 only. If the password entered is say, pwd3, then that
user should be displayed the records of Column1 & Column4 only.

Now after the records are displayed, the user should also be given the
option of sorting the records. I am implementing this by making the
column header a hyperlink which has the column name & the sort order as
the querystrings, something like this (the records are being displayed
in a tabular format):

----------------------------------------
<%
Dim strColName,strSortOrder,strPwd
strColName=Request.QueryString("colname")
strSortOrder=Request.QueryString("sortorder")
strPwd=Request.Form("pwd")

'assume that the user is displayed the records of Column1 &
'Column2. When the user comes to this page for the first time
'after entering his password in the previous page, both
'strColName & strSortOrder are empty strings.

Dim strSQL

If(strColName="col1" Or strColName="") Then
If(strSortOrder="" Or strSortOrder="asc") Then
If(strPwd="pwd1") Then 'columns retrieved depends on the
'password
strSQL="SELECT Col1,Col2 FROM tblSheet ORDER BY Col1 ASC"
ElseIf(strPwd="pwd2") Then
strSQL="SELECT Col1,Col3 FROM tblSheet ORDER BY Col1 ASC"
ElseIf(strPwd="pwd3") Then
strSQL="SELECT Col1,Col4 FROM tblSheet ORDER BY Col1 ASC"
End If
ElseIf(strSortOrder="desc") Then
'the same code in the If condition will come here, the
'only difference being using DESC in the ORDER BY clause.
End If
End If

'Column1 is common for both pwd1 & pwd2, thus using Or in the
'next If statement
If(strPwd="pwd1" Or strPwd="pwd2") Then
If(strColName="col1" Or strColName="") Then
If(strSortOrder="" Or strSortOrder="asc") Then
%>
<a href="Records.asp?colname=col1&sortorder=asc">Colu mn 1</a>
<%
Else
%>
<a href="Records.asp?colname=col1&sortorder=desc">Col umn 1</a>
<%
End If
End If
%>
----------------------------------------

As seen in the above code, I am passing the column name & the sort
order through the column header (which is a link) as querystrings. This
correctly sorts the columns & serves my purpose.

But the problem is since the columns displayed depends on the password
entered by the user, when it comes to sorting the records, even the
password has to be passed somehow along with the column name & the sort
order. Of course, the password can be passed as a querystring along
with the column name & the sort order but that's definitely not a wise
idea. So how do I pass the password when the user clicks one of the
column headers to sort the records?

One way of carrying the password forward is by encrypting the password
& then sending it through the querystring along with the column name &
the sort order but I would like to avoid such a solution. This solution
will be my last option.

Please keep in mind that the columns displayed to a user depends upon
the password; so the password has to be sent somehow along with the
column name & the sort order (column name & the sort order are being
passed through the querystring). For e.g. if the password entered is
pwd1, then the user sees the records of only Column1 & Column2. Next he
clicks the column header 'Column 1' (which is a hyperlink with the
column name & the sort order as the querystrings) to sort the records
based on Column 1. When the link is clicked, pwd1 also has to be
carried forward so that this user is displayed the records of Column1 &
Column2 only & not the records of the other columns.

Thanks,

Arpan

Aug 30 '05 #1
5 1784
"Arpan" <ar******@hotmail.com> wrote in message
news:11**********************@g44g2000cwa.googlegr oups.com...
[snip]
So how do I pass the password when the user clicks one of the
column headers to sort the records?

[snip]

Store the password as a session variable.
Aug 30 '05 #2
Thanks, Chris, for your response. Actually it's my fault only that I
forgot to add that I would like to avoid using Session variables as
well. Any other suggestion?

Thanks once again,

Regards,

Arpan

Aug 30 '05 #3
"Arpan" <ar******@hotmail.com> wrote in message
news:11*********************@g47g2000cwa.googlegro ups.com...
Thanks, Chris, for your response. Actually it's my fault only that I
forgot to add that I would like to avoid using Session variables as
well. Any other suggestion?


Pass the column list instead of the password.
Aug 30 '05 #4
Thanks once again, Chris, for your suggestion. Well, I guess using
Session variables looks to be the most feasible option. The last
suggestion you have given isn't a bad idea but I believe that might
lengthen the code a bit too much.

Anyways thanks a lot for your co-operation :-)

BTW, Chris, from whatever little code I have provided in this post, do
you think my approach is correct or would you suggest a better way of
tackling this issue?

Thanks once again,

Regards,

Arpan

Aug 30 '05 #5
"Arpan" <ar******@hotmail.com> wrote in message
news:11**********************@z14g2000cwz.googlegr oups.com...
[snip]
BTW, Chris, from whatever little code I have provided in this post, do
you think my approach is correct or would you suggest a better way of
tackling this issue?


Don't use dynamic sql. Instead, this logic could be encapsulated into a
stored procedure/parameterized query.
Aug 30 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Fredrik/Sweden | last post by:
Hi folks ! got this problem... i have a table 'Accounts' in my database, which contains a bunch of users. From the main menu i choose "edit user" and all users in the db are presented in a table....
0
by: collie | last post by:
Hi, I have an asp page that needs to create 2 different cookies: one for the admin and one for the user. The code that I have to work with was created by someone else. the page first requires to...
4
by: Luklrc | last post by:
Hi, I'm having to create a querysting with javascript. My problem is that javscript turns the "&" characher into "&amp;" when it gets used as a querystring in the url EG: ...
3
by: Jeremy | last post by:
I'm trying to understand the following part of a QueryString value: What does the %23 mean? I presume that the 'efefef' is a color (RGB) value. What about the '&amp;'. I thought the ampersand (&)...
2
by: Polyhedron_12 | last post by:
I am having problems calling functions in general in VB. I keep getting alot of errors. Can anybody help me out with this? I put the error message on the same line that it says it is at. I believe...
1
by: EoRaptor013 | last post by:
Not sure where to ask this question, but... I'm using a TreeView component to enable browsing file folders in a specific directory (for test purposes /Program Files/). Some users use an ampersand...
1
by: David | last post by:
Hi, I have an Access app running in our system which manages our intranet and access details for users. I want to add a button to individual users to enable us to open the login page and login...
4
by: | last post by:
Hi all, If I am reading this right, then the querystring parameters must be "&amp;" and not "&". However, IIS 6.0 and asp.net request.querystring fails to capture the values if "&amp;" is specified....
3
by: pbd22 | last post by:
Hi. I need some help with structuring my query strings. I have a form with a search bar and some links. Each link is a search type (such as "community"). The HREF for the link's anchor looks...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.