I'm using Visual Web Developer 2005 Express Edition with SQL Express and I'm
a beginner.
I'm developing pages for my churches website which allow users to select
attributes for a class (e.g. time, focus of class, class size, etc.). I want
to take the user's selections, query the database, find the matching classes
and display the results in another page.
I'm currently building a SQL string in the first page and passing it to the
second page. Based on what I've read, it sounds like this leaves the site
open to an attack.
My questions are:
1. Is it possible in asp.net to take input from one form and post the
results to a second form?
2. How can I use the SQL string to query the database in the second form?
I hope my questions make sense, like I said I'm very new to ASP.Net so any
and all help is greatly appreciated. If anyone can recommend some websites
that help walk me through the steps, I would appreciate that as well.
Thanks for you time!
Lisa C.
3  1017 
Lisa
Are you sure that the strings are in the Web page as the user sees those. To
show this I will try to tell in short how ASPNET is working.
Tier 1
The browser holds a HTML page with a lot of javascript. That page is send to
your ASPNET application, which serves all the clients for that application.
Tier 2
The ASPNET webapllication does 2 things for all clients who uses this. It
creates HTML/JavaScript pages and it access the database to get the
information from. That later information is got with SQL script.
Tier 3
The SQL server processes the commands it gets by SQL Script (even if this is
a command to process a stored procedure) and gives the results back to your
Tier in the middle: the ASPNET application.
Therefore are you sure that the SQL scripts reach the HTML/JavaScript pages?
Cor
"Lisa C." <Lisa C.@discussions.microsoft.comschreef in bericht
news:7A**********************************@microsof t.com...
I'm using Visual Web Developer 2005 Express Edition with SQL Express and
I'm
a beginner.
I'm developing pages for my churches website which allow users to select
attributes for a class (e.g. time, focus of class, class size, etc.). I
want
to take the user's selections, query the database, find the matching
classes
and display the results in another page.
I'm currently building a SQL string in the first page and passing it to
the
second page. Based on what I've read, it sounds like this leaves the site
open to an attack.
My questions are:
1. Is it possible in asp.net to take input from one form and post the
results to a second form?
2. How can I use the SQL string to query the database in the second form?
I hope my questions make sense, like I said I'm very new to ASP.Net so any
and all help is greatly appreciated. If anyone can recommend some websites
that help walk me through the steps, I would appreciate that as well.
Thanks for you time!
Lisa C.
Cor,
No, I'm not sure the SQL scripts are reaching the HTML/JavaScript page. I
can display the actual string on the 2nd page in a label. I don't know how to
assign the string to the SQL command.
Thanks for responding so quickly to my post! I really appreciate the help.
Lisa
"Cor Ligthert [MVP]" wrote:
Lisa
Are you sure that the strings are in the Web page as the user sees those. To
show this I will try to tell in short how ASPNET is working.
Tier 1
The browser holds a HTML page with a lot of javascript. That page is send to
your ASPNET application, which serves all the clients for that application.
Tier 2
The ASPNET webapllication does 2 things for all clients who uses this. It
creates HTML/JavaScript pages and it access the database to get the
information from. That later information is got with SQL script.
Tier 3
The SQL server processes the commands it gets by SQL Script (even if this is
a command to process a stored procedure) and gives the results back to your
Tier in the middle: the ASPNET application.
Therefore are you sure that the SQL scripts reach the HTML/JavaScript pages?
Cor
"Lisa C." <Lisa C.@discussions.microsoft.comschreef in bericht
news:7A**********************************@microsof t.com...
I'm using Visual Web Developer 2005 Express Edition with SQL Express and
I'm
a beginner.
I'm developing pages for my churches website which allow users to select
attributes for a class (e.g. time, focus of class, class size, etc.). I
want
to take the user's selections, query the database, find the matching
classes
and display the results in another page.
I'm currently building a SQL string in the first page and passing it to
the
second page. Based on what I've read, it sounds like this leaves the site
open to an attack.
My questions are:
1. Is it possible in asp.net to take input from one form and post the
results to a second form?
2. How can I use the SQL string to query the database in the second form?
I hope my questions make sense, like I said I'm very new to ASP.Net so any
and all help is greatly appreciated. If anyone can recommend some websites
that help walk me through the steps, I would appreciate that as well.
Thanks for you time!
Lisa C.
Lisa,
The later I certainly would not do, but I and probably most of us, don't
really not understand what you are doing, than that you are showing two
pages one after the other, therefore explain it a little bit?
Cor
"Lisa C." <Li***@discussions.microsoft.comschreef in bericht
news:07**********************************@microsof t.com...
Cor,
No, I'm not sure the SQL scripts are reaching the HTML/JavaScript page. I
can display the actual string on the 2nd page in a label. I don't know how
to
assign the string to the SQL command.
Thanks for responding so quickly to my post! I really appreciate the help.
Lisa
"Cor Ligthert [MVP]" wrote:
>Lisa
Are you sure that the strings are in the Web page as the user sees those.
To
show this I will try to tell in short how ASPNET is working.
Tier 1
The browser holds a HTML page with a lot of javascript. That page is send
to
your ASPNET application, which serves all the clients for that
application.
Tier 2
The ASPNET webapllication does 2 things for all clients who uses this. It
creates HTML/JavaScript pages and it access the database to get the
information from. That later information is got with SQL script.
Tier 3
The SQL server processes the commands it gets by SQL Script (even if this
is
a command to process a stored procedure) and gives the results back to
your
Tier in the middle: the ASPNET application.
Therefore are you sure that the SQL scripts reach the HTML/JavaScript
pages?
Cor
"Lisa C." <Lisa C.@discussions.microsoft.comschreef in bericht
news:7A**********************************@microso ft.com...
I'm using Visual Web Developer 2005 Express Edition with SQL Express
and
I'm
a beginner.
I'm developing pages for my churches website which allow users to
select
attributes for a class (e.g. time, focus of class, class size, etc.). I
want
to take the user's selections, query the database, find the matching
classes
and display the results in another page.
I'm currently building a SQL string in the first page and passing it to
the
second page. Based on what I've read, it sounds like this leaves the
site
open to an attack.
My questions are:
1. Is it possible in asp.net to take input from one form and post the
results to a second form?
2. How can I use the SQL string to query the database in the second
form?
I hope my questions make sense, like I said I'm very new to ASP.Net so
any
and all help is greatly appreciated. If anyone can recommend some
websites
that help walk me through the steps, I would appreciate that as well.
Thanks for you time!
Lisa C.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Keith |
last post by:
I am fairly new to SQL so sorry if this is a really dumb question.
I have a small (still) SQL database, which I am trying to query from an ASP
page.
The field I am querying is of DATETIME data...
|
by: Hakan Akkas |
last post by:
Hello all,
I need to build a search engine wherewith users can query huge Xml
Documents (+/- 100 MB) in a user friendly way. The searcher shouldn't
be aware of the underlying structure of the...
|
by: Greg |
last post by:
I am working on a project that will have about 500,000 records in an XML
document. This document will need to be queried with XPath, and records
will need to be updated. I was thinking about...
|
by: Chris |
last post by:
Hi all,
I have a web site which allows our customers to write data via forms
into an access table stored on our ISP's remote server. My question is
how do I efficiently retrieve the data?
ISP...
|
by: Shane |
last post by:
I wonder if someone has any ideas about the following.
I am currently producing some reports for a manufacturing company who work
with metal.
A finished part can contain multiple sub-parts to...
| | |
by: roiavidan |
last post by:
Hi,
I'm having a bit of a problem with a small application I wrote in C#,
which uses an Access database (mdb file) for storing financial data.
After looking for a similiar topic and failing to...
|
by: MDB |
last post by:
I'd normally Google for a question like this, and hope to snag a few
examples along with the answer, but this time I can't see to get the
keywords specific enough.
Or I'd ask coworkers, but...
|
by: Job Lot |
last post by:
i am querying excel file as follows
Dim conn As New OleDbConnection("provider=Microsoft.Jet.OLEDB.4.0; " & _
"data source='" &
"C:\Temp\SSPortfolio.xls" & " '; " & _
"Extended Properties=Excel...
|
by: paulb |
last post by:
I was wondering if it is possible to continuously query a real-time
datastream using SQL Server. Does anyone have any experience of this? I
have found LINUX based systems such as Borealis and...
|
by: sql_er |
last post by:
Guys,
I have an XML file which is 233MB in size. It was created by loading 6
tables from an sql server database into a dataset object and then
writing out the contents from this dataset into an...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
| | |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |
