I'm using Visual Web Developer 2005 Express Edition with SQL Express and I'm
a beginner.
I'm developing pages for my churches website which allow users to select
attributes for a class (e.g. time, focus of class, class size, etc.). I want
to take the user's selections, query the database, find the matching classes
and display the results in another page.
I'm currently building a SQL string in the first page and passing it to the
second page. Based on what I've read, it sounds like this leaves the site
open to an attack.
My questions are:
1. Is it possible in asp.net to take input from one form and post the
results to a second form?
2. How can I use the SQL string to query the database in the second form?
I hope my questions make sense, like I said I'm very new to ASP.Net so any
and all help is greatly appreciated. If anyone can recommend some websites
that help walk me through the steps, I would appreciate that as well.
Thanks for you time!
Lisa C.
3  1022 
Lisa
Are you sure that the strings are in the Web page as the user sees those. To
show this I will try to tell in short how ASPNET is working.
Tier 1
The browser holds a HTML page with a lot of javascript. That page is send to
your ASPNET application, which serves all the clients for that application.
Tier 2
The ASPNET webapllication does 2 things for all clients who uses this. It
creates HTML/JavaScript pages and it access the database to get the
information from. That later information is got with SQL script.
Tier 3
The SQL server processes the commands it gets by SQL Script (even if this is
a command to process a stored procedure) and gives the results back to your
Tier in the middle: the ASPNET application.
Therefore are you sure that the SQL scripts reach the HTML/JavaScript pages?
Cor
"Lisa C." <Lisa C.@discussions. microsoft.comsc hreef in bericht
news:7A******** *************** ***********@mic rosoft.com...
I'm using Visual Web Developer 2005 Express Edition with SQL Express and
I'm
a beginner.
I'm developing pages for my churches website which allow users to select
attributes for a class (e.g. time, focus of class, class size, etc.). I
want
to take the user's selections, query the database, find the matching
classes
and display the results in another page.
I'm currently building a SQL string in the first page and passing it to
the
second page. Based on what I've read, it sounds like this leaves the site
open to an attack.
My questions are:
1. Is it possible in asp.net to take input from one form and post the
results to a second form?
2. How can I use the SQL string to query the database in the second form?
I hope my questions make sense, like I said I'm very new to ASP.Net so any
and all help is greatly appreciated. If anyone can recommend some websites
that help walk me through the steps, I would appreciate that as well.
Thanks for you time!
Lisa C.
Cor,
No, I'm not sure the SQL scripts are reaching the HTML/JavaScript page. I
can display the actual string on the 2nd page in a label. I don't know how to
assign the string to the SQL command.
Thanks for responding so quickly to my post! I really appreciate the help.
Lisa
"Cor Ligthert [MVP]" wrote:
Lisa
Are you sure that the strings are in the Web page as the user sees those. To
show this I will try to tell in short how ASPNET is working.
Tier 1
The browser holds a HTML page with a lot of javascript. That page is send to
your ASPNET application, which serves all the clients for that application.
Tier 2
The ASPNET webapllication does 2 things for all clients who uses this. It
creates HTML/JavaScript pages and it access the database to get the
information from. That later information is got with SQL script.
Tier 3
The SQL server processes the commands it gets by SQL Script (even if this is
a command to process a stored procedure) and gives the results back to your
Tier in the middle: the ASPNET application.
Therefore are you sure that the SQL scripts reach the HTML/JavaScript pages?
Cor
"Lisa C." <Lisa C.@discussions. microsoft.comsc hreef in bericht
news:7A******** *************** ***********@mic rosoft.com...
I'm using Visual Web Developer 2005 Express Edition with SQL Express and
I'm
a beginner.
I'm developing pages for my churches website which allow users to select
attributes for a class (e.g. time, focus of class, class size, etc.). I
want
to take the user's selections, query the database, find the matching
classes
and display the results in another page.
I'm currently building a SQL string in the first page and passing it to
the
second page. Based on what I've read, it sounds like this leaves the site
open to an attack.
My questions are:
1. Is it possible in asp.net to take input from one form and post the
results to a second form?
2. How can I use the SQL string to query the database in the second form?
I hope my questions make sense, like I said I'm very new to ASP.Net so any
and all help is greatly appreciated. If anyone can recommend some websites
that help walk me through the steps, I would appreciate that as well.
Thanks for you time!
Lisa C.
Lisa,
The later I certainly would not do, but I and probably most of us, don't
really not understand what you are doing, than that you are showing two
pages one after the other, therefore explain it a little bit?
Cor
"Lisa C." <Li***@discussi ons.microsoft.c omschreef in bericht
news:07******** *************** ***********@mic rosoft.com...
Cor,
No, I'm not sure the SQL scripts are reaching the HTML/JavaScript page. I
can display the actual string on the 2nd page in a label. I don't know how
to
assign the string to the SQL command.
Thanks for responding so quickly to my post! I really appreciate the help.
Lisa
"Cor Ligthert [MVP]" wrote:
>Lisa
Are you sure that the strings are in the Web page as the user sees those.
To
show this I will try to tell in short how ASPNET is working.
Tier 1
The browser holds a HTML page with a lot of javascript. That page is send
to
your ASPNET application, which serves all the clients for that
application.
Tier 2
The ASPNET webapllication does 2 things for all clients who uses this. It
creates HTML/JavaScript pages and it access the database to get the
information from. That later information is got with SQL script.
Tier 3
The SQL server processes the commands it gets by SQL Script (even if this
is
a command to process a stored procedure) and gives the results back to
your
Tier in the middle: the ASPNET application.
Therefore are you sure that the SQL scripts reach the HTML/JavaScript
pages?
Cor
"Lisa C." <Lisa C.@discussions. microsoft.comsc hreef in bericht
news:7A******* *************** ************@mi crosoft.com...
I'm using Visual Web Developer 2005 Express Edition with SQL Express
and
I'm
a beginner.
I'm developing pages for my churches website which allow users to
select
attributes for a class (e.g. time, focus of class, class size, etc.). I
want
to take the user's selections, query the database, find the matching
classes
and display the results in another page.
I'm currently building a SQL string in the first page and passing it to
the
second page. Based on what I've read, it sounds like this leaves the
site
open to an attack.
My questions are:
1. Is it possible in asp.net to take input from one form and post the
results to a second form?
2. How can I use the SQL string to query the database in the second
form?
I hope my questions make sense, like I said I'm very new to ASP.Net so
any
and all help is greatly appreciated. If anyone can recommend some
websites
that help walk me through the steps, I would appreciate that as well.
Thanks for you time!
Lisa C.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Keith |
last post by:
I am fairly new to SQL so sorry if this is a really dumb question.
I have a small (still) SQL database, which I am trying to query from an ASP
page.
The field I am querying is of DATETIME data type, and is populated
automatically using the GetDate() function as a default value.
When I try and search on this field, using a date/time in the format
dd/mm/yyyy hh:mm:ss as the search criteria, it fails with the following
|
by: Hakan Akkas |
last post by:
Hello all,
I need to build a search engine wherewith users can query huge Xml
Documents (+/- 100 MB) in a user friendly way. The searcher shouldn't
be aware of the underlying structure of the Xml Document. Furthermore,
he doesn't have to know anything about Xml, neither of path
expressions. The Xml data is semistructured and data-centric. The data
remains in a Native Xml Database.
Do you have any experience on this subject? Any...
|
by: Greg |
last post by:
I am working on a project that will have about 500,000 records in an XML
document. This document will need to be queried with XPath, and records
will need to be updated. I was thinking about splitting up the XML into
several XML documents (perhaps 50,000 per document) to be more efficient but
this will make things a lot more complex because the searching needs to go
accross all 500,000 records. Can anyone point me to some best practices...
|
by: Chris |
last post by:
Hi all,
I have a web site which allows our customers to write data via forms
into an access table stored on our ISP's remote server. My question is
how do I efficiently retrieve the data?
ISP tells me I am only allowed access to the web site via Frontpage.
Even if I could set up a linked table from my desktop PC I understand
that querying access tables over the internet would be inviting data
loss and corruption. The only way I can...
|
by: Shane |
last post by:
I wonder if someone has any ideas about the following.
I am currently producing some reports for a manufacturing company who work
with metal.
A finished part can contain multiple sub-parts to make up the finished part.
The sub-parts can also be made up of sub-parts and those sub-parts can also
be made up of sub-parts etc etc.
All parts are contained within the same table and I have a seperate table
| | |
by: roiavidan |
last post by:
Hi,
I'm having a bit of a problem with a small application I wrote in C#,
which uses an Access database (mdb file) for storing financial data.
After looking for a similiar topic and failing to find one, I'm posting
the question in hope some one of you guys out there will have the
answer for me...!
I'll start with what I have, then I'll continue to the problem itself.
|
by: MDB |
last post by:
I'd normally Google for a question like this, and hope to snag a few
examples along with the answer, but this time I can't see to get the
keywords specific enough.
Or I'd ask coworkers, but they're just as new to ASP.NET as I am.
Is it possible to have a dataset filled with all the records in an SQL table
(on the small side, maybe three hundred records total), and then query that
table for subsets of data, e.q. a simple WHERE clause,...
|
by: Job Lot |
last post by:
i am querying excel file as follows
Dim conn As New OleDbConnection("provider=Microsoft.Jet.OLEDB.4.0; " & _
"data source='" &
"C:\Temp\SSPortfolio.xls" & " '; " & _
"Extended Properties=Excel 8.0;" &
"HDR=Yes;" & "IMEX=1")
'! Select the data from Sheet1 of the workbook.
|
by: paulb |
last post by:
I was wondering if it is possible to continuously query a real-time
datastream using SQL Server. Does anyone have any experience of this? I
have found LINUX based systems such as Borealis and STREAM. I would
prefer to use a Windows based system as the program using the query
results is Windows based.
|
by: sql_er |
last post by:
Guys,
I have an XML file which is 233MB in size. It was created by loading 6
tables from an sql server database into a dataset object and then
writing out the contents from this dataset into an XML file.
Once my application starts, I load this XML file into a DataSet object
using "ReadXML" function. This creates a dataset in memory with 6
tables.
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| | |
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
