Hi, I'm sure this is a standard thing. I have a web form with several input
boxes/drop down lists and checkboxes. They all represent a field within a sql
table and I need the user to update the values on hitting submit. I have put
a submit button on the form and tested it with one field, so in the submit
code I opened a sql connection and did an UPDATE mytable SET fieldintable =
inputonwebform. text where customerid=x.
This worked! However, it just so happened that I changed the value in
'fieldontable'. Should I be creating an update statement for EVERY field on
my form, even though the user may only change one or two values at a time? I
know there is a OnTextChanged event handler of a text box, so i could capture
whether it has been changed or not (and then have to handle the drop
downs/checkboxes too presumbably using a different handler), but how can I
maintain a list of controls whose values have changed up until the point
where the user hits submit. Looking for the best practice to do this. dont
want to start keeping a comma seperated value in a hidden field, I find that
really messy. I am sure there is a really good way to do this as this seems
to be the power of web forms, I just need someone to tell me it!!!
Many thanks. 7 1377
As a side note, I am not sure of your complete architecture you might want
to read the document http://www.spidynamics.com/papers/SQ...WhitePaper.pdf. If you are
sending your form field values directly into your query, then your system
can be vulnerable to attacks.
"louise raisbeck" <lo************ @discussions.mi crosoft.com> wrote in
message news:3A******** *************** ***********@mic rosoft.com... Hi, I'm sure this is a standard thing. I have a web form with several
input boxes/drop down lists and checkboxes. They all represent a field within a
sql table and I need the user to update the values on hitting submit. I have
put a submit button on the form and tested it with one field, so in the submit code I opened a sql connection and did an UPDATE mytable SET fieldintable
= inputonwebform. text where customerid=x.
This worked! However, it just so happened that I changed the value in 'fieldontable'. Should I be creating an update statement for EVERY field
on my form, even though the user may only change one or two values at a time?
I know there is a OnTextChanged event handler of a text box, so i could
capture whether it has been changed or not (and then have to handle the drop downs/checkboxes too presumbably using a different handler), but how can I maintain a list of controls whose values have changed up until the point where the user hits submit. Looking for the best practice to do this. dont want to start keeping a comma seperated value in a hidden field, I find
that really messy. I am sure there is a really good way to do this as this
seems to be the power of web forms, I just need someone to tell me it!!!
Many thanks.
Well personally I use a different technique to update my sql database. I
just write out my sql scripts manually.
for instance:
On_Submit_Click () {
string sql = "update Customers set LoginID='" + txtLoginID.Text + "',
Password='" + txtPassword.Tex t "' where CustomerID=" + lblCustomerID.T ext;
SqlConnection con = new SqlConnection(" connection string");
SqlCommand com = new SqlCommand(sql, con);
con.Open();
com.ExecuteNonQ uery();
con.close();
}
I know this style is kind of old school but to me it just seems like you can
customize your sql scripts even more and thus allow for more complicated and
userfriendly forms.
As for how this applies to your problem... it's quite simple. All fields
are always updated with one sql statement if they haven't changed they are
just set to whatever they used to be if they have changed then they are
updated.
This method should be considerably faster to execute and less processor
intensive for both your ASP.NET applicaiton and the SQL Server.
These are just my thoughts on the subject.
Cheers!
David Kyle www.chloemag.com
"louise raisbeck" <lo************ @discussions.mi crosoft.com> wrote in
message news:3A******** *************** ***********@mic rosoft.com... Hi, I'm sure this is a standard thing. I have a web form with several input boxes/drop down lists and checkboxes. They all represent a field within a sql table and I need the user to update the values on hitting submit. I have put a submit button on the form and tested it with one field, so in the submit code I opened a sql connection and did an UPDATE mytable SET fieldintable = inputonwebform. text where customerid=x.
This worked! However, it just so happened that I changed the value in 'fieldontable'. Should I be creating an update statement for EVERY field on my form, even though the user may only change one or two values at a time? I know there is a OnTextChanged event handler of a text box, so i could capture whether it has been changed or not (and then have to handle the drop downs/checkboxes too presumbably using a different handler), but how can I maintain a list of controls whose values have changed up until the point where the user hits submit. Looking for the best practice to do this. dont want to start keeping a comma seperated value in a hidden field, I find that really messy. I am sure there is a really good way to do this as this seems to be the power of web forms, I just need someone to tell me it!!!
Many thanks.
404 file not found
"Peter Rilling" wrote: As a side note, I am not sure of your complete architecture you might want to read the document http://www.spidynamics.com/papers/SQ...WhitePaper.pdf. If you are sending your form field values directly into your query, then your system can be vulnerable to attacks.
"louise raisbeck" <lo************ @discussions.mi crosoft.com> wrote in message news:3A******** *************** ***********@mic rosoft.com... Hi, I'm sure this is a standard thing. I have a web form with several input boxes/drop down lists and checkboxes. They all represent a field within a sql table and I need the user to update the values on hitting submit. I have put a submit button on the form and tested it with one field, so in the submit code I opened a sql connection and did an UPDATE mytable SET fieldintable = inputonwebform. text where customerid=x.
This worked! However, it just so happened that I changed the value in 'fieldontable'. Should I be creating an update statement for EVERY field on my form, even though the user may only change one or two values at a time? I know there is a OnTextChanged event handler of a text box, so i could capture whether it has been changed or not (and then have to handle the drop downs/checkboxes too presumbably using a different handler), but how can I maintain a list of controls whose values have changed up until the point where the user hits submit. Looking for the best practice to do this. dont want to start keeping a comma seperated value in a hidden field, I find that really messy. I am sure there is a really good way to do this as this seems to be the power of web forms, I just need someone to tell me it!!!
Many thanks.
I did think about just doing an update for all the fields on the form..just
seemed like overkill considering they may only change 1 in 20 field values. I
know that .net is very powerful when it comes to view state, knowing when a
control has changed value etc..therefore i wondered if there was an easy way
of checking what has changed and what hasnt. Its almost as if I need a
webcontrols collection and for each one check if the value has changed.. I'm
sure that is possible. But to be honest I have to get this done like
yesterday and just dont have the time to do the research..
"David Kyle" wrote: Well personally I use a different technique to update my sql database. I just write out my sql scripts manually.
for instance:
On_Submit_Click () { string sql = "update Customers set LoginID='" + txtLoginID.Text + "', Password='" + txtPassword.Tex t "' where CustomerID=" + lblCustomerID.T ext;
SqlConnection con = new SqlConnection(" connection string"); SqlCommand com = new SqlCommand(sql, con);
con.Open(); com.ExecuteNonQ uery(); con.close(); }
I know this style is kind of old school but to me it just seems like you can customize your sql scripts even more and thus allow for more complicated and userfriendly forms.
As for how this applies to your problem... it's quite simple. All fields are always updated with one sql statement if they haven't changed they are just set to whatever they used to be if they have changed then they are updated.
This method should be considerably faster to execute and less processor intensive for both your ASP.NET applicaiton and the SQL Server.
These are just my thoughts on the subject.
Cheers!
David Kyle www.chloemag.com
"louise raisbeck" <lo************ @discussions.mi crosoft.com> wrote in message news:3A******** *************** ***********@mic rosoft.com... Hi, I'm sure this is a standard thing. I have a web form with several input boxes/drop down lists and checkboxes. They all represent a field within a sql table and I need the user to update the values on hitting submit. I have put a submit button on the form and tested it with one field, so in the submit code I opened a sql connection and did an UPDATE mytable SET fieldintable = inputonwebform. text where customerid=x.
This worked! However, it just so happened that I changed the value in 'fieldontable'. Should I be creating an update statement for EVERY field on my form, even though the user may only change one or two values at a time? I know there is a OnTextChanged event handler of a text box, so i could capture whether it has been changed or not (and then have to handle the drop downs/checkboxes too presumbably using a different handler), but how can I maintain a list of controls whose values have changed up until the point where the user hits submit. Looking for the best practice to do this. dont want to start keeping a comma seperated value in a hidden field, I find that really messy. I am sure there is a really good way to do this as this seems to be the power of web forms, I just need someone to tell me it!!!
Many thanks.
Please google sql injection attacks. Your app is vulnerable to them.
Sorry about the late reply. I'm currently working right now. None the less
I would still suggest that you use the method of building your own sql
strings to insert/update/delete/select data from your database. If you
think that the data might be a bit much to keep updating all of it every
time you could use the private property on the Page object called ViewState.
(Page.ViewState )
This will hold the information you want in a compressed string that is then
encrypted and held in every page as a hidden control named "__VIEWSTAT E".
here's an example of how I would use it:
On_PageLoad() {
DataTable dt = new DataTable("Cust omers");
if (!Page.IsPostBa ck) {
string sql = "select LoginID, Password from Customers where CustomerID=007" ;
SqlConnection con = new SqlConnection(" connection string");
SqlDataAdapter da = new SqlDataAdapter( sql, con);
con.Open();
da.Fill(dt)
con.Close();
txtLoginID.Text = (string)dt.Rows[0][0];
ViewState["LoginID"] = dt.Rows[0][0];
txtPassword.Tex t = (string)dt.Rows[0][1];
ViewState["Password"] = dt.Rows[0][1];
}
}
On_Submit_Click () {
bool execute = false;
string sql;
sql = "update Customers set ";
if (txtLoginID.Tex t != (string)ViewSta te["LoginID"]) {
sql += "LoginID='" + txtLoginID.Text +"' ";
execute = true;
}
if (txtPassword.Te xt != (string)ViewSta t["Password"]) {
if (execute)
sql += ", ";
sql += "Password=' " + txtPassword.Tex t + "' ";
}
....
sql += "where CustomerID=" + lblCustomerID.T ext;
if (execute) {
SqlConnection con = new SqlConnection(" connection string");
SqlCommand command = new SqlCommand(sql, con);
con.Open();
command.Execute NonQ();
con.Close();
}
}
"louise raisbeck" <lo************ @discussions.mi crosoft.com> wrote in
message news:71******** *************** ***********@mic rosoft.com... I did think about just doing an update for all the fields on the form..just seemed like overkill considering they may only change 1 in 20 field values. I know that .net is very powerful when it comes to view state, knowing when a control has changed value etc..therefore i wondered if there was an easy way of checking what has changed and what hasnt. Its almost as if I need a webcontrols collection and for each one check if the value has changed.. I'm sure that is possible. But to be honest I have to get this done like yesterday and just dont have the time to do the research..
"David Kyle" wrote:
Well personally I use a different technique to update my sql database. I just write out my sql scripts manually.
for instance:
On_Submit_Click () { string sql = "update Customers set LoginID='" + txtLoginID.Text + "', Password='" + txtPassword.Tex t "' where CustomerID=" + lblCustomerID.T ext;
SqlConnection con = new SqlConnection(" connection string"); SqlCommand com = new SqlCommand(sql, con);
con.Open(); com.ExecuteNonQ uery(); con.close(); }
I know this style is kind of old school but to me it just seems like you can customize your sql scripts even more and thus allow for more complicated and userfriendly forms.
As for how this applies to your problem... it's quite simple. All fields are always updated with one sql statement if they haven't changed they are just set to whatever they used to be if they have changed then they are updated.
This method should be considerably faster to execute and less processor intensive for both your ASP.NET applicaiton and the SQL Server.
These are just my thoughts on the subject.
Cheers!
David Kyle www.chloemag.com
"louise raisbeck" <lo************ @discussions.mi crosoft.com> wrote in message news:3A******** *************** ***********@mic rosoft.com... > Hi, I'm sure this is a standard thing. I have a web form with several > input > boxes/drop down lists and checkboxes. They all represent a field within > a > sql > table and I need the user to update the values on hitting submit. I > have > put > a submit button on the form and tested it with one field, so in the > submit > code I opened a sql connection and did an UPDATE mytable SET > fieldintable > = > inputonwebform. text where customerid=x. > > This worked! However, it just so happened that I changed the value in > 'fieldontable'. Should I be creating an update statement for EVERY > field > on > my form, even though the user may only change one or two values at a > time? > I > know there is a OnTextChanged event handler of a text box, so i could > capture > whether it has been changed or not (and then have to handle the drop > downs/checkboxes too presumbably using a different handler), but how > can I > maintain a list of controls whose values have changed up until the > point > where the user hits submit. Looking for the best practice to do this. > dont > want to start keeping a comma seperated value in a hidden field, I find > that > really messy. I am sure there is a really good way to do this as this > seems > to be the power of web forms, I just need someone to tell me it!!! > > Many thanks.
thanks I havent read it yet but will do so in the morning. i should be at home!
"David Kyle" wrote: Sorry about the late reply. I'm currently working right now. None the less I would still suggest that you use the method of building your own sql strings to insert/update/delete/select data from your database. If you think that the data might be a bit much to keep updating all of it every time you could use the private property on the Page object called ViewState. (Page.ViewState )
This will hold the information you want in a compressed string that is then encrypted and held in every page as a hidden control named "__VIEWSTAT E". here's an example of how I would use it:
On_PageLoad() { DataTable dt = new DataTable("Cust omers");
if (!Page.IsPostBa ck) { string sql = "select LoginID, Password from Customers where CustomerID=007" ;
SqlConnection con = new SqlConnection(" connection string"); SqlDataAdapter da = new SqlDataAdapter( sql, con);
con.Open(); da.Fill(dt) con.Close();
txtLoginID.Text = (string)dt.Rows[0][0]; ViewState["LoginID"] = dt.Rows[0][0]; txtPassword.Tex t = (string)dt.Rows[0][1]; ViewState["Password"] = dt.Rows[0][1]; } }
On_Submit_Click () { bool execute = false; string sql;
sql = "update Customers set "; if (txtLoginID.Tex t != (string)ViewSta te["LoginID"]) { sql += "LoginID='" + txtLoginID.Text +"' "; execute = true; } if (txtPassword.Te xt != (string)ViewSta t["Password"]) { if (execute) sql += ", "; sql += "Password=' " + txtPassword.Tex t + "' "; } ....
sql += "where CustomerID=" + lblCustomerID.T ext;
if (execute) { SqlConnection con = new SqlConnection(" connection string"); SqlCommand command = new SqlCommand(sql, con);
con.Open(); command.Execute NonQ(); con.Close(); } }
"louise raisbeck" <lo************ @discussions.mi crosoft.com> wrote in message news:71******** *************** ***********@mic rosoft.com...I did think about just doing an update for all the fields on the form..just seemed like overkill considering they may only change 1 in 20 field values. I know that .net is very powerful when it comes to view state, knowing when a control has changed value etc..therefore i wondered if there was an easy way of checking what has changed and what hasnt. Its almost as if I need a webcontrols collection and for each one check if the value has changed.. I'm sure that is possible. But to be honest I have to get this done like yesterday and just dont have the time to do the research..
"David Kyle" wrote:
Well personally I use a different technique to update my sql database. I just write out my sql scripts manually.
for instance:
On_Submit_Click () { string sql = "update Customers set LoginID='" + txtLoginID.Text + "', Password='" + txtPassword.Tex t "' where CustomerID=" + lblCustomerID.T ext;
SqlConnection con = new SqlConnection(" connection string"); SqlCommand com = new SqlCommand(sql, con);
con.Open(); com.ExecuteNonQ uery(); con.close(); }
I know this style is kind of old school but to me it just seems like you can customize your sql scripts even more and thus allow for more complicated and userfriendly forms.
As for how this applies to your problem... it's quite simple. All fields are always updated with one sql statement if they haven't changed they are just set to whatever they used to be if they have changed then they are updated.
This method should be considerably faster to execute and less processor intensive for both your ASP.NET applicaiton and the SQL Server.
These are just my thoughts on the subject.
Cheers!
David Kyle www.chloemag.com
"louise raisbeck" <lo************ @discussions.mi crosoft.com> wrote in message news:3A******** *************** ***********@mic rosoft.com... > Hi, I'm sure this is a standard thing. I have a web form with several > input > boxes/drop down lists and checkboxes. They all represent a field within > a > sql > table and I need the user to update the values on hitting submit. I > have > put > a submit button on the form and tested it with one field, so in the > submit > code I opened a sql connection and did an UPDATE mytable SET > fieldintable > = > inputonwebform. text where customerid=x. > > This worked! However, it just so happened that I changed the value in > 'fieldontable'. Should I be creating an update statement for EVERY > field > on > my form, even though the user may only change one or two values at a > time? > I > know there is a OnTextChanged event handler of a text box, so i could > capture > whether it has been changed or not (and then have to handle the drop > downs/checkboxes too presumbably using a different handler), but how > can I > maintain a list of controls whose values have changed up until the > point > where the user hits submit. Looking for the best practice to do this. > dont > want to start keeping a comma seperated value in a hidden field, I find > that > really messy. I am sure there is a really good way to do this as this > seems > to be the power of web forms, I just need someone to tell me it!!! > > Many thanks. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: David MacQuigg |
last post by:
Playing with Prothon today, I am fascinated by the idea of eliminating
classes in Python. I'm trying to figure out what fundamental benefit
there is to having classes. Is all this complexity unecessary?
Here is an example of a Python class with all three types of methods
(instance, static, and class methods).
# Example from Ch.23, p.381-2 of Learning Python, 2nd ed.
class Multi:
|
by: Jonathan M. Rose |
last post by:
I am looking for a script that I can sit on an HTML server (Linux,
Apache, PHP/Perl/Python/Etc.) that will allow me to do the following things:
1) Post news articles that consists of (i) a title and (ii) a body.
2) Show the last X posts (or, better yet, just the last X titles) on a
home page.
3) Show all posts on a "news" page.
4) When a news article is posted, email the news article (with the title
being the email subject and the news...
|
by: Davinder |
last post by:
can anyone recommend a good tool to convert documents to HTML on the
fly. I need to integrate this tool with a VB app so it must have an
API.
thanks in advance
Davinder
davinder@gujral.co.uk
|
by: * ProteanThread * |
last post by:
but depends upon the clique:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=954drf%24oca%241%40agate.berkeley.edu&rnum=2&prev=/groups%3Fq%3D%2522cross%2Bposting%2Bversus%2Bmulti%2Bposting%2522%26ie%3DUTF-8%26oe%3DUTF-8%26hl%3Den
...
|
by: Brett Baisley |
last post by:
Hello,
I am trying to figure out how to change the default font-family and
font-size. I tried adding this to the BODY section, but it didn't work. I
tried to the P section, but they are not enclosed in <P> tags. They are just
basic fonts.
Can anyone help? Thanks!
| |
by: Philip Herlihy |
last post by:
I'm creating a common navigation bar of text "buttons" using CSS. On each
page, I want the corresponding button to be "inert" (no hover, etc) as a
visual clue to where you are.
I thought I'd include simple <p> tags, and style them the same way as the
<a> tags, but I can't get it to work - I get different margins in each case.
I've reduced the situation to the essentials here:
http://philipherlihy.members.beeb.net/CssMargins/
|
by: Roger Walter |
last post by:
I have a .Net web page that is posting twice after the
submit button is clicked once. How can that happen? I
have turned tracing on and it writes two records to the
trace log and posts twice. Is this possible? What can I
do to stop this from happening?
|
by: m |
last post by:
Hi All,
I m extremely sorry if this is the wrong place to post it but i just need
some info on the MS Posting Acceptor.
1) Is MS Posting Acceptor available with IIS5.0 and above.
2)If so where can i download the latest version of Posting acceptor?
3)Is it ok to use Posting Acceptor with ASP.Net.
your suggestions will be extremely helpful
TIA
m
|
by: Bruce Wood |
last post by:
This subject has come up several times in this group over the last
year. Several people in this group seem to feel strongly about this
topic. Rather than derail other threads with this discussion, I
figured we could talk about it here.
Since I'm leading off here, I'll state my opinion on the matter.
I really don't care one way or the other. I use Google, and for all
its faults, does do one thing right: it hides quoted text. So, I just...
|
by: Alan T |
last post by:
I am not sure which way to go:
Want to learn C# but C# is implemented both in Windows desktop application
and ASP.NET. I am not familiar with web programming, should I start with
Windows app or ASP .NET?
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |