I've been reading up on SQL Injection and want to go back and implement some measures to prevent these kinds of potential attacks.For example, on our company intranet, we have an address book feature and a search function so the user is able to look a company or a person up from the database/The user will enter their query into a TextBox control and click the Submit button, calling the following function:addybookDS1.SelectCommand = "SELECT * FROM [addressbook] WHERE COMPANY LIKE '%" + search1 + "%' OR CONTACT LIKE '%" + search1 + "%' OR LASTNAME LIKE '%" + search1 + "%' OR EMAIL LIKE '%" + search1 + "%'"search1 is the TextBox controlI had previously implemented this measure:search1 = Replace(search1, "'", "''")But I want to know if there is more I can do here and how I can go about doing it.
I have SqlDataSource with a few parameters (code below). If I understand this code correctly if parameter is NULL I should receive all items from the query. It works fine with query editor. But when I try to use this query on my page - with DropDownList and Textbox controls as source of parameters - it doesn't work. I suspect that main reason of problem is value which these controls pass to the query. Instead of NULL this is an empty string. Is it possible to pass NULL value from DropDownList or TextBox to the SqlDataSource?
I have created a SQL DB in Visual Web Developer Express Edition and i am using a aspx form with connection strings and grid views to call the information but the problem i have is that i wish to insert an image into the database and i have tried numorus ways and i can't seem to even put the image in the DB let alone call it in the grid view.
i'm not sure what datatype to select and i'm not sure what i'm supposed to write in the data field to call the image, can i use a image saved on my computer or have i got to use a image that is already posted on the internet some where?
I have a GV that is populated via a reader: Using reader As SqlDataReader = cmd.ExecuteReader() I have autogenerate edit button=T but it will not go into editmode. Must I create template to handle this?
So far i've populated my grid view with my roomID. however using data reader I don't seem to be able to get more than one column to auto generate even though i'm now looking for three values : SELECT tt_roomEquip.roomID, tt_room.roomCapacity, tt_equip.equipTitle is my select bit of the sql, though it's only putting roomID into my grid view.
Is there a simple way of putting all list items from a listbox into a textfield? I'm not interested in selecting individual items, I want all items in the box to appear. I'd like the items to appear in the textbox as x, y, z, or x y z. The seperator type / format isn't important as long as long as there is some sort of spacing between each item.
I have 3 webforms controls: 3 checkboxes and 1 textbox. When I check checkbox1 and checkbox2, then in the textbox it should appear as 1,2. How can this be done using ASP.NET webforms controls?
I'm using a textbox in my asp.net project with a date extender to allow someone to enter a date. If they want to type in a date rather than select from the calendar, how can i include the slashes in the textbox for the person to enter the date as shown? such as __/__/____
1. I have a GridView on my page and it uses sqldatasource with parameterized query. What I want to do is, on page load (where nothing has been selected so no parameter supplied), I want it to query everything (something like SELECT * FROM [this_table]) but since my SelectCommand is something like
SELECT * FROM [this_table] WHERE [this_column] = @someParameters AND [that_column] = @someParameters.
Can I play around with default value to achieve something like that but how ? Now, when the page loads, it doesn't show anything (No Gridview).
2. On my page, I made something like (username, gender, address, and more) and one single search button. That means, no single control enable auto postback. What I am trying to accomplish is building dynamic query
(if username specifed -> SELECT * FROM [this_table] WHERE [username] LIKE @username).
If both username and gender are specified (SELECT * FROM [this_table] WHERE [username] LIKE @username AND [gender] = @gender) and you know the rest. How can I do this using GridView and SqlDataSource ? To my knowledge, I can only specify one SELECT statement in a sqldatasource.
By right clicking on my database i created a query in server explorer. But where are this query stored can't find them back. I should aspect that their is a folder query's like there is a folder tables but this isn't the case.
Dim MediaQuery = From m In dB.DOWNLOADS _Where m.ID = id _Select
which returns a record from the database. One of the fields in the record is a FK to another table. I need to read this value to be able to set a dropdown based on the ID but I can't work out how to access it. For a standard record I can just do the following txtTitle.Text = MediaQuery.FirstOrDefault().TITLE
However with the foreign key it doesn't work like that. I've tried drpGroup.SelectedIndex = MediaQuery.FirstOrDefault().DOWNLOAD_GROUPS.ID where DOWNLOAD_GROUPS is the FK field but it returns Object reference not set to an instance of an object. If you're simply wanting to read some values from a single db record in the entitiy framework and one is a foreign key how should I go about getting the value?
I'm trying to use a javascript Date and Time calendar in my Insert and Edit templates in a Detailsview that is bound to SQL Fields. The reason I am trying the javascript date time selector is that I need to have the date and time, the asp.net one is just the date part.
I tried using it with an asp:textbox on just a plain aspx page and it works like a charm, however when I add it to the detailsview i keep on getting the "Error: Object required" am I missing a step here? That and seeing as I'm using a site master page where exactly do I put the:
i have asp page. i did the connection with connection string. the query is to search name, id and phone numbers. i wand to display these data in 3 textboxs. how can i display these results in textbox.
this is the connection code.
SqlConnection con = new SqlConnection(); SqlCommand cmd = new SqlCommand(); SqlDataReader reader; con.ConnectionString = "server=localhost;uid=sa;pwd=sa;database=mydatabase"; cmd.CommandText = "select ename, id phone from emp";
now i want to display these data in 3 textboxs. how can i do it.
I am using Querystring "ddl4" to pass on value of a drop down list to the next page where I am using that value in the WHERE clause of a SQL command. I also need to check whether ddl4 is blank or not which I do using If Else in SQL command. I am not able to run the query where the Querystring ddl4 IS NULL
This is the sample link with the Querystring ddl4 carrying a blank value:
How Can Redirect Search TextBox  Value to default page On Search Button Click Asp.net..Here is my Code
div> <asp:TextBox ID="TextBox1" runat="server" Height="37px" Width="526px" style="background-color: #CCFFFF"></asp:TextBox> <asp:Button ID="btnsearch" runat="server" placeholder="Search By Brand Name" Text="Search" OnClick="btnsearch_Click" Style="font-weight: 700; color: #0000CC; background-color: #FF6600;" Height="39px" Width="108px" /> <asp:Label ID="Label4" runat="server" Text=""></asp:Label> </div> Â I Have A TextBox for Search Box And A button On My About Us Page ...i want to redirect The Search Box Value On default Page With Search Data from My Datalist That is belongs to Default Page.When I Click On Search Button The Value of Search Box Redirect To Default Page And Show value Data from DatalistÂ
I have one query in my project (saved in folder SQLQueryes, Query.sql) and i need to execute it. Also, i have one parameter in script and i need to include him also. How?
i want to know that should first name and last should be kept as sperate field or merged into single attribute. The Basic problem i am facing to keep first name and last name in seperate fields is that i cannot effectively use like query for searching a record by name
