Problems Passing Parameter from web page 1 to web page 2.

Ranginald wrote:

Hi,

I'm having trouble passing a parameter from my default.aspx page to my
default2.aspx page.

I have values from a query in a list box and the goal is to pass the
"catID" from default.aspx to a stored procedure on the details2.aspx
page.

I can successfully pass the values from the listbox control to a
textbox on the page (done to eliminate other sources of error).

===========
DEFAULT.ASPX
============
Here is the listbox data (works fine when tested with a textbox):

listbox1.DataTextField="catDesc";
listbox1.DataValueField="catID"; <---- this is the data I will want
to use as @catID
All other things being checked (e.g. connection string), here is the
code snippet.

Am I using the parameter wrong?

cmd2.CommandType = CommandType.StoredProcedure;

SqlParameter sqlPrm = new SqlParameter("@catID",
ListBox1.SelectedValue);

cmd2.Parameters.Add(sqlPrm);

==========
DEFAULT2.ASPX
===========
I'm trying to pass the parameter (which should be an integer form the
catID) to TextBox1 to make sure that the process is working before I
mess with adding the parameter to a stored procedure. Here is the
"retrieval" code:

protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
string temp;
temp = Request.Params["catID"];
TextBox1.Text = temp;
}
}
Any advice is much appreciated.
Thanks in advance,
Ranginald

You managed to leave out most of the information that is needed to help
you with this...

1. What is the problem? What is happening, and how does that differ from
what you expect to happen?

2. Any useful code. You are creating an SQL parameter in the first page,
what are you using that for? Do you use it at all? How do you post the
form to the second page?

Ok. Sorry....

1. The problem is that I originally passed a parameter from defalt to
default2 using a query string (eg. default2.aspx?catID=X) where X is
generated from a user selection on default. X is then used to generate
a datagrid on default2.

This works fine --- except I've read that instead of passing X to page
2 using a query string, that I should protect myself from SQL injection
attacks and pass X to a stored procedure, using parameters. I read that
I shouldn't do the default2.aspx?catID=X because someone could just add
a "?catID=X; malicious code here".

2. Application Overview
It's basically a master/detail product situation
..
For the code posted above, all I want to do is run a test to get the
basics working. In the test it's just a listbox on default and I want
to pass a parameter to the stored procedure on the second page, and
create a datagrid with the results.
a)take a listbox which I have populated on page default
b) and pass the parameter, catID (an integer) to page default2
c) execute a stored procedure (as listed below) with the catID as a
parameter
d) and create a datagrid with the results.

At this point I have a test page setup to figure this out:
DEFAULT
======
Has a listbox on it, listbox1 and a textbox, textbox1.
When the user clicks on one of the items in the listbox, the catID
value appears in the textbox. I used this as a basic "control" test.

Now I want to pass this catID, (or, X, as above) to a stored procedure
on page DEFAULT2.

Let's call the Stored Procedure usp_test, and let's call the parameter
@catID.

The stored procedure will just be a test for now so, SELECT * FROM
tblCat WHERE catID=@catID.
I am having trouble getting the "catID" value off the default page to
the default2 page.

I'm not sure if I need a global variable or where to "store" the
parameter, and then how to "recover" the parameter and use it in the
stored procedure.

Thanks a lot for your help.

Ranginald wrote:

Ok. Sorry....

1. The problem is that I originally passed a parameter from defalt to
default2 using a query string (eg. default2.aspx?catID=X) where X is
generated from a user selection on default. X is then used to generate
a datagrid on default2.

This works fine --- except I've read that instead of passing X to page
2 using a query string, that I should protect myself from SQL injection
attacks and pass X to a stored procedure, using parameters. I read that
I shouldn't do the default2.aspx?catID=X because someone could just add
a "?catID=X; malicious code here".
You can't use SQL parameters to pass values between pages. You pass the
values as usual, but use parameters to protect yourself against SQL
injections. As you convert the value to an integer before putting it in
the parameter, the value can not contain any malicous SQL code.

The SQL Parameter is used when you access the database in the second page.
2. Application Overview
It's basically a master/detail product situation
.
For the code posted above, all I want to do is run a test to get the
basics working. In the test it's just a listbox on default and I want
to pass a parameter to the stored procedure on the second page, and
create a datagrid with the results.
a)take a listbox which I have populated on page default
b) and pass the parameter, catID (an integer) to page default2
c) execute a stored procedure (as listed below) with the catID as a
parameter
d) and create a datagrid with the results.

At this point I have a test page setup to figure this out:
DEFAULT
======
Has a listbox on it, listbox1 and a textbox, textbox1.
When the user clicks on one of the items in the listbox, the catID
value appears in the textbox. I used this as a basic "control" test.

Now I want to pass this catID, (or, X, as above) to a stored procedure
on page DEFAULT2.
You just pass the value as usual. Not to the stored procedure, but to
the page.
Let's call the Stored Procedure usp_test, and let's call the parameter
@catID.

The stored procedure will just be a test for now so, SELECT * FROM
tblCat WHERE catID=@catID.
I am having trouble getting the "catID" value off the default page to
the default2 page.
That is because you are trying to use an SQL parameter to pass the
value. It can't do that.
I'm not sure if I need a global variable or where to "store" the
parameter, and then how to "recover" the parameter and use it in the
stored procedure.

Thanks a lot for your help.

Thanks. I figured out. I was able to do it using a querystring
technique as well as with a session variable. I think the querystring
techinque is better -- I've read that I should be saving session
variables for things like shopping carts and userIDs and not for
passing parameters.

Thanks again for your time and help.