By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,606 Members | 2,019 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,606 IT Pros & Developers. It's quick & easy.

What if the Query String is empty?

P: n/a
MU
Hello

I have some code that sets a dropdownlist control with a parameter
from the querystring. However, when the querystring is empty, I get
an error.

Here is my code:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Me.Load
If Not Page.IsPostBack Then
Dim intProductID As Integer = Trim(Request("productid"))
If IsNumeric(intProductID) Then
drpProducts.SelectedValue = intProductID
End If
End If
End Sub

Here is the error:
Input string was not in a correct format.
Description: An unhandled exception occurred during the execution of
the current web request. Please review the stack trace for more
information about the error and where it originated in the code.

Exception Details: System.FormatException: Input string was not in a
correct format.

Source Error:
Line 18: Protected Sub Page_Load(ByVal sender As Object, ByVal e
As System.EventArgs) Handles Me.Load
Line 19: If Not Page.IsPostBack Then
Line 20: Dim intProductID As Integer =
Trim(Request("productid"))

How do I just have it continue without giving me the error?

Thanks
Nov 3 '08 #1
Share this Question
Share on Google+
24 Replies


P: n/a
My guess this line
Dim intProductID As Integer = Trim(Request("productid"))
assumes that productid is Integer....and blows when it's not (empty)

As of "how do you continue without getting an error" I would say stop
assuming it's Integer and start assuming it's String
Dim intProductID As String = Trim(Request("productid"))
George.

"MU" <mi*****@lonelyprogrammer.comwrote in message
news:4f**********************************@d10g2000 pra.googlegroups.com...
Hello

I have some code that sets a dropdownlist control with a parameter
from the querystring. However, when the querystring is empty, I get
an error.

Here is my code:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Me.Load
If Not Page.IsPostBack Then
Dim intProductID As Integer = Trim(Request("productid"))
If IsNumeric(intProductID) Then
drpProducts.SelectedValue = intProductID
End If
End If
End Sub

Here is the error:
Input string was not in a correct format.
Description: An unhandled exception occurred during the execution of
the current web request. Please review the stack trace for more
information about the error and where it originated in the code.

Exception Details: System.FormatException: Input string was not in a
correct format.

Source Error:
Line 18: Protected Sub Page_Load(ByVal sender As Object, ByVal e
As System.EventArgs) Handles Me.Load
Line 19: If Not Page.IsPostBack Then
Line 20: Dim intProductID As Integer =
Trim(Request("productid"))

How do I just have it continue without giving me the error?

Thanks
Nov 3 '08 #2

P: n/a
You just need to rearrange your logic a bit...
If Not Page.IsPostBack Then
If IsNumeric(Trim(Request("productid"))) Then
drpProducts.SelectedValue =
Trim(Request.QueryString("productid"))
End If
End If

Or if you also want to make sure the value actually exists, try
this...

If Not Page.IsPostBack Then
Dim productID As String = Request.QueryString("productID")
If
drpProducts.Items.IndexOf(drpProducts.Items.FindBy Value(productID)) >
-1 Then
drpProducts.SelectedValue = productID
End If
End If
Nov 3 '08 #3

P: n/a
"MU" <mi*****@lonelyprogrammer.comwrote in message
news:4f**********************************@d10g2000 pra.googlegroups.com...
How do I just have it continue without giving me the error?
If Not (Request.QueryString("productid") Is Nothing) Then
Dim strProductID As String = Trim(Request.QueryString("productid"))
If IsNumeric(strProductID) Then
drpProducts.SelectedValue = strProductID
End If
End If
--
Mark Rae
ASP.NET MVP
http://www.markrae.net

Nov 3 '08 #4

P: n/a
"jacerhea" <ja*******@gmail.comwrote in message
news:4f**********************************@w24g2000 prd.googlegroups.com...
You just need to rearrange your logic a bit...
And what if the QueryString is completely empty, as per the title of the
thread...?
--
Mark Rae
ASP.NET MVP
http://www.markrae.net

Nov 3 '08 #5

P: n/a
And what if the QueryString is completely empty, as per the title of the
thread...?
Than IsNumeric will not evaluate to true. I just tested it and it
works...
Nov 3 '08 #6

P: n/a
re:
!Than IsNumeric will not evaluate to true

Querystrings always are Strings, and never Numeric.

If IsNumeric(Trim(Request("productid"))) will *always* evaluate to false.


Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
"jacerhea" <ja*******@gmail.comwrote in message
news:93**********************************@w1g2000p rk.googlegroups.com...
>
>And what if the QueryString is completely empty, as per the title of the
thread...?

Than IsNumeric will not evaluate to true. I just tested it and it
works...

Nov 3 '08 #7

P: n/a
wrong....

from msdn

IsNumeric returns True if the data type of Expression is Short, Integer,
Long, Decimal, Single, or Short. It also returns True if Expression is a
String that can be successfully converted to a Double. It returns False if
Expression is of data type Date."

George

"Juan T. Llibre" <no***********@nowhere.comwrote in message
news:et**************@TK2MSFTNGP06.phx.gbl...
re:
!Than IsNumeric will not evaluate to true

Querystrings always are Strings, and never Numeric.

If IsNumeric(Trim(Request("productid"))) will *always* evaluate to false.


Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
"jacerhea" <ja*******@gmail.comwrote in message
news:93**********************************@w1g2000p rk.googlegroups.com...
>>
>>And what if the QueryString is completely empty, as per the title of the
thread...?

Than IsNumeric will not evaluate to true. I just tested it and it
works...

Nov 3 '08 #8

P: n/a
re:
!wrong....

You should be a bit more careful when accusing somebody of being "wrong".

To repeat : a querystring is *always* a string.

A query string is a NameValueCollection containing
the collection of query string variables sent by the client.

The datatype for a *query string* can never be Numeric.
The very name itself is a hint for its data type : query *string*.


Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
"George" <no*****@comcast.netwrote in message news:%2****************@TK2MSFTNGP03.phx.gbl...
wrong....

from msdn

IsNumeric returns True if the data type of Expression is Short, Integer, Long, Decimal, Single, or Short. It also
returns True if Expression is a String that can be successfully converted to a Double. It returns False if Expression
is of data type Date."

George

"Juan T. Llibre" <no***********@nowhere.comwrote in message news:et**************@TK2MSFTNGP06.phx.gbl...
>re:
!Than IsNumeric will not evaluate to true

Querystrings always are Strings, and never Numeric.

If IsNumeric(Trim(Request("productid"))) will *always* evaluate to false.


Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
"jacerhea" <ja*******@gmail.comwrote in message
news:93**********************************@w1g2000 prk.googlegroups.com...
>>>
And what if the QueryString is completely empty, as per the title of the
thread...?

Than IsNumeric will not evaluate to true. I just tested it and it
works...


Nov 3 '08 #9

P: n/a
ok , now you lost me....

I quoted MSDN where it says that IsNumeric(string) will return true if
string can be converted to Double.

You said that
IsNumeric(Trim(Request("productid")))
will always evaluate to false....

I pointed out that you wrong and it will evaluate to TRUE if
Request("productid") returns something like "123"

PS: accusing probably is a strong word.. I did not offer a jail term for
you. May be I should have said "mistaken"? Applogies then... I was in a
hurry...
George.

"Juan T. Llibre" <no***********@nowhere.comwrote in message
news:uR**************@TK2MSFTNGP02.phx.gbl...
re:
!wrong....

You should be a bit more careful when accusing somebody of being "wrong".

To repeat : a querystring is *always* a string.

A query string is a NameValueCollection containing
the collection of query string variables sent by the client.

The datatype for a *query string* can never be Numeric.
The very name itself is a hint for its data type : query *string*.


Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
"George" <no*****@comcast.netwrote in message
news:%2****************@TK2MSFTNGP03.phx.gbl...
>wrong....

from msdn

IsNumeric returns True if the data type of Expression is Short, Integer,
Long, Decimal, Single, or Short. It also returns True if Expression is a
String that can be successfully converted to a Double. It returns False
if Expression is of data type Date."

George

"Juan T. Llibre" <no***********@nowhere.comwrote in message
news:et**************@TK2MSFTNGP06.phx.gbl...
>>re:
!Than IsNumeric will not evaluate to true

Querystrings always are Strings, and never Numeric.

If IsNumeric(Trim(Request("productid"))) will *always* evaluate to
false.


Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
"jacerhea" <ja*******@gmail.comwrote in message
news:93**********************************@w1g200 0prk.googlegroups.com...

And what if the QueryString is completely empty, as per the title of
the
thread...?

Than IsNumeric will not evaluate to true. I just tested it and it
works...


Nov 3 '08 #10

P: n/a
You should be a bit more careful when accusing somebody of being "wrong".
>
To repeat : a querystring is *always* a string.

A query string is a NameValueCollection containing
the collection of query string variables sent by the client.

The datatype for a *query string* can never be Numeric.
The very name itself is a hint for its data type : query *string*.

I'm sorry, but you are in fact wrong. The querystring is a string.
We are all in agreement on that. But you said that IsNumeric(string)
will always evaluate to false, which is incorrect. If the string can
be cast to a double such as "1", "345", "6.4", or some other variant
the expression will evaluate to true. George found the appropriate
documentation and correctly pointed this out. Open VS and try it
yourself....
Nov 3 '08 #11

P: n/a
re:
!I quoted MSDN where it says that IsNumeric(string) will return true if
!string can be converted to Double.
!I pointed out that you wrong and it will evaluate to TRUE if
!Request("productid") returns something like "123"

That's a really large *if*...

Sure, but not all product id's are simple numeric strings.
You might have a product id like : w2344.

That won't evaluate the way you think it should.

re:
!Request("productid")

Request works in a funny way.

When you do a plain request, without identifying the exact type of request you want,
the ASP.NET engine cycles through all request types and will return the first one it finds.

If you ask for Request("productid"), and there's a cookie named "productid",
that's what will be returned instead of the value of the querystring named "productid".

If there's a form with a field named "productid", you may get the form field's value.

You can't trust what a simple "request" returns.

You should always specify Request.QueryString, if you want to go that way
....and you must make sure that the potential value returned can only be numeric.

re:
!May be I should have said "mistaken"?

Maybe you should have... ;-)

re:
!Apologies then... I was in a hurry...

No problem...

Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
"George" <no*****@comcast.netwrote in message news:ea**************@TK2MSFTNGP06.phx.gbl...
ok , now you lost me....

I quoted MSDN where it says that IsNumeric(string) will return true if string can be converted to Double.

You said that
IsNumeric(Trim(Request("productid")))
will always evaluate to false....

I pointed out that you wrong and it will evaluate to TRUE if Request("productid") returns something like "123"

PS: accusing probably is a strong word.. I did not offer a jail term for you. May be I should have said "mistaken"?
Applogies then... I was in a hurry...
George.

"Juan T. Llibre" <no***********@nowhere.comwrote in message news:uR**************@TK2MSFTNGP02.phx.gbl...
>re:
!wrong....

You should be a bit more careful when accusing somebody of being "wrong".

To repeat : a querystring is *always* a string.

A query string is a NameValueCollection containing
the collection of query string variables sent by the client.

The datatype for a *query string* can never be Numeric.
The very name itself is a hint for its data type : query *string*.


Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
"George" <no*****@comcast.netwrote in message news:%2****************@TK2MSFTNGP03.phx.gbl...
>>wrong....

from msdn

IsNumeric returns True if the data type of Expression is Short, Integer, Long, Decimal, Single, or Short. It also
returns True if Expression is a String that can be successfully converted to a Double. It returns False if
Expression is of data type Date."

George

"Juan T. Llibre" <no***********@nowhere.comwrote in message news:et**************@TK2MSFTNGP06.phx.gbl...
re:
!Than IsNumeric will not evaluate to true

Querystrings always are Strings, and never Numeric.

If IsNumeric(Trim(Request("productid"))) will *always* evaluate to false.


Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
"jacerhea" <ja*******@gmail.comwrote in message
news:93**********************************@w1g20 00prk.googlegroups.com...
>
>And what if the QueryString is completely empty, as per the title of the
>thread...?
>
Than IsNumeric will not evaluate to true. I just tested it and it
works...


Nov 3 '08 #12

P: n/a
re:
!I'm sorry, but you are in fact wrong

Explain to me what happens if the product id is w2344...


Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
"jacerhea" <ja*******@gmail.comwrote in message
news:69**********************************@i18g2000 prf.googlegroups.com...
>You should be a bit more careful when accusing somebody of being "wrong".

To repeat : a querystring is *always* a string.

A query string is a NameValueCollection containing
the collection of query string variables sent by the client.

The datatype for a *query string* can never be Numeric.
The very name itself is a hint for its data type : query *string*.


I'm sorry, but you are in fact wrong. The querystring is a string.
We are all in agreement on that. But you said that IsNumeric(string)
will always evaluate to false, which is incorrect. If the string can
be cast to a double such as "1", "345", "6.4", or some other variant
the expression will evaluate to true. George found the appropriate
documentation and correctly pointed this out. Open VS and try it
yourself....

Nov 3 '08 #13

P: n/a
On Nov 3, 10:51*am, "Juan T. Llibre" <nomailrepl...@nowhere.com>
wrote:
re:
!I'm sorry, but you are in fact wrong

Explain to me what happens if the product id is w2344...

You're arguing a completely different point now than what I said you
were wrong about, but ok. If you look at the original post, the
question contained the code...

"Dim intProductID As Integer = Trim(Request("productid")) "

Based on the original poster's own code, it is going to be an int. If
it is not going to be an int they should use the other piece of code
that I originally provided.
If Not Page.IsPostBack Then
Dim productID As String = Request.QueryString("productID")
If
drpProducts.Items.IndexOf(drpProducts.Items.FindBy Value(productID)) >
-1 Then
drpProducts.SelectedValue = productID
End If
End If
Nov 3 '08 #14

P: n/a
re:
!were wrong about, but ok. If you look at the original post, the
!question contained the code...

!"Dim intProductID As Integer = Trim(Request("productid")) "

See my explanantion of what a simple Request may return.
It may not necessarily return the value of the querystring.

What you both have proposed amounts to sloppy coding.
No offense intended.


Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
"jacerhea" <ja*******@gmail.comwrote in message
news:c5**********************************@x16g2000 prn.googlegroups.com...
On Nov 3, 10:51 am, "Juan T. Llibre" <nomailrepl...@nowhere.com>
wrote:
re:
!I'm sorry, but you are in fact wrong

Explain to me what happens if the product id is w2344...

You're arguing a completely different point now than what I said you
were wrong about, but ok. If you look at the original post, the
question contained the code...

"Dim intProductID As Integer = Trim(Request("productid")) "

Based on the original poster's own code, it is going to be an int. If
it is not going to be an int they should use the other piece of code
that I originally provided.
If Not Page.IsPostBack Then
Dim productID As String = Request.QueryString("productID")
If
drpProducts.Items.IndexOf(drpProducts.Items.FindBy Value(productID)) >
-1 Then
drpProducts.SelectedValue = productID
End If
End If
Nov 3 '08 #15

P: n/a
See my explanantion of what a simple Request may return.
It may not necessarily return the value of the querystring.
I never said otherwise. I provided two solutions, one merely adjusted
the logic the OP had provided, which did have the
Request["productid']. This was not my code, and I was merely
providing some guidance to prevent the problem they posted about.

I than provided my own solution which did use
Request.QueryString("productid").

Nov 3 '08 #16

P: n/a
Protected Sub Page_Load(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Me.Load
If Not Page.IsPostBack Then

Dim o as Object = Request("productid")

If Not (o is Nothing) Then

Dim intProductID As Integer = Trim(o.ToString())

If IsNumeric(intProductID) Then
drpProducts.SelectedValue = intProductID
End If

Else
'What do you do when this happens
End If

End If
End Sub

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://feeds.feedburner.com/GregoryBeamer#

or just read it:
http://feeds.feedburner.com/GregoryBeamer

********************************************
| Think outside the box! |
********************************************
"MU" <mi*****@lonelyprogrammer.comwrote in message
news:4f**********************************@d10g2000 pra.googlegroups.com...
Hello

I have some code that sets a dropdownlist control with a parameter
from the querystring. However, when the querystring is empty, I get
an error.

Here is my code:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Me.Load
If Not Page.IsPostBack Then
Dim intProductID As Integer = Trim(Request("productid"))
If IsNumeric(intProductID) Then
drpProducts.SelectedValue = intProductID
End If
End If
End Sub

Here is the error:
Input string was not in a correct format.
Description: An unhandled exception occurred during the execution of
the current web request. Please review the stack trace for more
information about the error and where it originated in the code.

Exception Details: System.FormatException: Input string was not in a
correct format.

Source Error:
Line 18: Protected Sub Page_Load(ByVal sender As Object, ByVal e
As System.EventArgs) Handles Me.Load
Line 19: If Not Page.IsPostBack Then
Line 20: Dim intProductID As Integer =
Trim(Request("productid"))

How do I just have it continue without giving me the error?

Thanks
Nov 4 '08 #17

P: n/a
"Cowboy (Gregory A. Beamer)" <No************@comcast.netNoSpamMwrote in
message news:uL**************@TK2MSFTNGP03.phx.gbl...
Dim o as Object = Request("productid")
If Not (o is Nothing) Then
Dim intProductID As Integer = Trim(o.ToString())
And what if Request("productid") is "ABCD" ?
--
Mark Rae
ASP.NET MVP
http://www.markrae.net

Nov 4 '08 #18

P: n/a
Are we back to this????

What if the sun will not come up tomorrow.....
Any programming is based on assumptions.... And it's good to have those
assumptions.

Let say ProductId is id in MsSql database which is marked as integer. Then
the page will return an error trying to convert productid to integer and
database will be protected from virus that hits your site with urls like
this

/product.aspx?id=31147'%20and%20char(124)%2Buser%2B char(124)=0%20and%20''='
Again, let me repeat myself that any programming is based on assumptions.
Assumptions can be as simple as for example in DB first name is only limited
to 250 characters. It's an assumption. Very realistic but still it is.
George.
"Mark Rae [MVP]" <ma**@markNOSPAMrae.netwrote in message
news:uO**************@TK2MSFTNGP06.phx.gbl...
"Cowboy (Gregory A. Beamer)" <No************@comcast.netNoSpamMwrote in
message news:uL**************@TK2MSFTNGP03.phx.gbl...
>Dim o as Object = Request("productid")
If Not (o is Nothing) Then
Dim intProductID As Integer = Trim(o.ToString())

And what if Request("productid") is "ABCD" ?
--
Mark Rae
ASP.NET MVP
http://www.markrae.net
Nov 4 '08 #19

P: n/a
I do not think you need this IF
If IsNumeric(intProductID) Then

Since you already did
Dim intProductID As Integer = Trim(o.ToString())

Not sure if VB will eats this line like this though... I know C# compiler
will throw an error.

I would do something like this
Dim intProductID As Integer = Int32.Parse(Trim(o.ToString()))
George.
"Cowboy (Gregory A. Beamer)" <No************@comcast.netNoSpamMwrote in
message news:uL**************@TK2MSFTNGP03.phx.gbl...
Protected Sub Page_Load(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Me.Load
If Not Page.IsPostBack Then

Dim o as Object = Request("productid")

If Not (o is Nothing) Then

Dim intProductID As Integer = Trim(o.ToString())

If IsNumeric(intProductID) Then
drpProducts.SelectedValue = intProductID
End If

Else
'What do you do when this happens
End If

End If
End Sub

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://feeds.feedburner.com/GregoryBeamer#

or just read it:
http://feeds.feedburner.com/GregoryBeamer

********************************************
| Think outside the box! |
********************************************
"MU" <mi*****@lonelyprogrammer.comwrote in message
news:4f**********************************@d10g2000 pra.googlegroups.com...
>Hello

I have some code that sets a dropdownlist control with a parameter
from the querystring. However, when the querystring is empty, I get
an error.

Here is my code:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Me.Load
If Not Page.IsPostBack Then
Dim intProductID As Integer = Trim(Request("productid"))
If IsNumeric(intProductID) Then
drpProducts.SelectedValue = intProductID
End If
End If
End Sub

Here is the error:
Input string was not in a correct format.
Description: An unhandled exception occurred during the execution of
the current web request. Please review the stack trace for more
information about the error and where it originated in the code.

Exception Details: System.FormatException: Input string was not in a
correct format.

Source Error:
Line 18: Protected Sub Page_Load(ByVal sender As Object, ByVal e
As System.EventArgs) Handles Me.Load
Line 19: If Not Page.IsPostBack Then
Line 20: Dim intProductID As Integer =
Trim(Request("productid"))

How do I just have it continue without giving me the error?

Thanks
Nov 4 '08 #20

P: n/a
"George" <no*****@comcast.netwrote in message
news:eC**************@TK2MSFTNGP02.phx.gbl...
Are we back to this????

What if the sun will not come up tomorrow.....
Any programming is based on assumptions.... And it's good to have those
assumptions.
Utter rubbish! Utter, utter garbage!

Robust programming (look it up on Google) is based on doing whatever you can
to make sure that exceptions are handled.

Trying to instantiate an integer from something which cannot be converted
into an integer will cause an exception.

Trapping for that eventualilty will not...
--
Mark Rae
ASP.NET MVP
http://www.markrae.net

Nov 4 '08 #21

P: n/a
"exceptions are handled" and "exceptions are not happening" 2 different
things...

I did not say that user needs to get ASP.NET error screen with bunch of
information if something is not integer.
But if user decided to play with QueryString by hand and put into ProductId
his name instead of number he deserves to be redirected to the default.aspx
how I do it in case of exception that is caught in Application_OnError

So it's perfectly OK to assume that ProductId is a number (if it's in
database) and do a conversion without tipping-toeing around.
George.

"Mark Rae [MVP]" <ma**@markNOSPAMrae.netwrote in message
news:ew**************@TK2MSFTNGP04.phx.gbl...
"George" <no*****@comcast.netwrote in message
news:eC**************@TK2MSFTNGP02.phx.gbl...
>Are we back to this????

What if the sun will not come up tomorrow.....
Any programming is based on assumptions.... And it's good to have those
assumptions.

Utter rubbish! Utter, utter garbage!

Robust programming (look it up on Google) is based on doing whatever you
can to make sure that exceptions are handled.

Trying to instantiate an integer from something which cannot be converted
into an integer will cause an exception.

Trapping for that eventualilty will not...
--
Mark Rae
ASP.NET MVP
http://www.markrae.net
Nov 4 '08 #22

P: n/a
George,

I think the point is that we can't assume a general rule for product id's.

Even if in this case it were to be numeric,
programmers simply can't assume that to be the general case.

Why base your programming logic on an assumption which might not be true ?
Why not write code which will work regardless of whether the product id is a number or a string ?


Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
"George" <no*****@comcast.netwrote in message news:eC**************@TK2MSFTNGP02.phx.gbl...
Are we back to this????

What if the sun will not come up tomorrow.....
Any programming is based on assumptions.... And it's good to have those assumptions.

Let say ProductId is id in MsSql database which is marked as integer. Then the page will return an error trying to
convert productid to integer and database will be protected from virus that hits your site with urls like this

/product.aspx?id=31147'%20and%20char(124)%2Buser%2B char(124)=0%20and%20''='
Again, let me repeat myself that any programming is based on assumptions.
Assumptions can be as simple as for example in DB first name is only limited to 250 characters. It's an assumption.
Very realistic but still it is.
George.
"Mark Rae [MVP]" <ma**@markNOSPAMrae.netwrote in message news:uO**************@TK2MSFTNGP06.phx.gbl...
>"Cowboy (Gregory A. Beamer)" <No************@comcast.netNoSpamMwrote in message
news:uL**************@TK2MSFTNGP03.phx.gbl...
>>Dim o as Object = Request("productid")
If Not (o is Nothing) Then
Dim intProductID As Integer = Trim(o.ToString())

And what if Request("productid") is "ABCD" ?
--
Mark Rae
ASP.NET MVP
http://www.markrae.net

Nov 4 '08 #23

P: n/a
re:
!So it's perfectly OK to assume that ProductId is a number (if it's in database)

I'd hate to be in your shoes when the time comes you have to eat those words. <g>


Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
"George" <no*****@comcast.netwrote in message news:uf**************@TK2MSFTNGP02.phx.gbl...
"exceptions are handled" and "exceptions are not happening" 2 different things...

I did not say that user needs to get ASP.NET error screen with bunch of information if something is not integer.
But if user decided to play with QueryString by hand and put into ProductId his name instead of number he deserves to
be redirected to the default.aspx how I do it in case of exception that is caught in Application_OnError

So it's perfectly OK to assume that ProductId is a number (if it's in database) and do a conversion without
tipping-toeing around.
George.

"Mark Rae [MVP]" <ma**@markNOSPAMrae.netwrote in message news:ew**************@TK2MSFTNGP04.phx.gbl...
>"George" <no*****@comcast.netwrote in message news:eC**************@TK2MSFTNGP02.phx.gbl...
>>Are we back to this????

What if the sun will not come up tomorrow.....
Any programming is based on assumptions.... And it's good to have those assumptions.

Utter rubbish! Utter, utter garbage!

Robust programming (look it up on Google) is based on doing whatever you can to make sure that exceptions are
handled.

Trying to instantiate an integer from something which cannot be converted into an integer will cause an exception.

Trapping for that eventualilty will not...
--
Mark Rae
ASP.NET MVP
http://www.markrae.net

Nov 4 '08 #24

P: n/a

"George" <no*****@comcast.netwrote in message
news:eC**************@TK2MSFTNGP02.phx.gbl...
Are we back to this????

What if the sun will not come up tomorrow.....
Any programming is based on assumptions.... And it's good to have those
assumptions.

Let say ProductId is id in MsSql database which is marked as integer. Then
the page will return an error trying to convert productid to integer and
database will be protected from virus that hits your site with urls like
this

/product.aspx?id=31147'%20and%20char(124)%2Buser%2B char(124)=0%20and%20''='
Again, let me repeat myself that any programming is based on assumptions.
Assumptions can be as simple as for example in DB first name is only
limited to 250 characters. It's an assumption. Very realistic but still it
is.
George.
"Mark Rae [MVP]" <ma**@markNOSPAMrae.netwrote in message
news:uO**************@TK2MSFTNGP06.phx.gbl...
>"Cowboy (Gregory A. Beamer)" <No************@comcast.netNoSpamMwrote in
message news:uL**************@TK2MSFTNGP03.phx.gbl...
>>Dim o as Object = Request("productid")
If Not (o is Nothing) Then
Dim intProductID As Integer = Trim(o.ToString())

And what if Request("productid") is "ABCD" ?
--
Mark Rae
ASP.NET MVP
http://www.markrae.net
I would point out that unless there is a good case for it the Options Strict
and Explict should be set to on. This will help to ensure that this kind of
problem is pointed out prior to testing.

The line Dim intProductID As Integer = Trim(o.ToString()) will be flagged
indicating that since o is an object (could be just about anything) needs to
be converted to an integer.

LS

Nov 4 '08 #25

This discussion thread is closed

Replies have been disabled for this discussion.