C# - What Is Passing Parameters To SQL
Jul 9, 2010
In this answer to my question of how to insert data into SQL Server he mentioned passing parameters instead of string concatenation like I currently have.
Is this really necessary for security? If so, what exactly is passing parameters? When i google it I get a lot about stored procedures. Is that what I want, I do not know about stored procedures....yet.
EDIT:
Ok, here is what I got. It seems to update the database correctly and eventually I will change the hard coded ints to inputs from a label. confirm if how I did this is not vulnerable to any sql injection or hacks.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Security;
using System.Data;
using System.Data.Sql;
using System.Data.SqlClient;
public partial class Stats : System.Web.UI.Page
{
public SqlDataReader DataReader;
public SqlCommand Command;
string queryString = ("INSERT INTO UserData (UserProfileID, ConfidenceLevel, LoveLevel, HappinessLevel) VALUES (@UID, @CL, @LL, @HL);");
//string queryString = ("INSERT INTO UserData (UserProfileID, ConfidenceLevel, LoveLevel, HappinessLevel) VALUES ('a051fc1b-4f51-485b-a07d-0f378528974e', 2, 2, 2);");
protected void Page_Load(object sender, EventArgs e)
{
LabelUserID.Text = Membership.GetUser().ProviderUserKey.ToString();
}
protected void Button1_Click(object sender, EventArgs e)
{
//connect to database
MySqlConnection database = new MySqlConnection();
database.CreateConn();
//create command object
Command = new SqlCommand(queryString, database.Connection);
//add parameters. used to prevent sql injection
Command.Parameters.Add("@UID", SqlDbType.UniqueIdentifier);
Command.Parameters["@UID"].Value = Membership.GetUser().ProviderUserKey;
Command.Parameters.Add("@CL", SqlDbType.Int);
Command.Parameters["@CL"].Value = 9;
Command.Parameters.Add("@LL", SqlDbType.Int);
Command.Parameters["@LL"].Value = 9;
Command.Parameters.Add("@HL", SqlDbType.Int);
Command.Parameters["@HL"].Value = 9;
Command.ExecuteNonQuery();
}
}
View 7 Replies
Similar Messages:
Apr 21, 2010
when i worked in .NET 1.1 i used to pass parameters to user control using the method- (if the name of the usercontrol is "tables")
dim r As tables =
CType(Page.LoadControl("~/usercontrol/tables.ascx"), tables)
and calling public property of the usercontrols.
the problem is that i can't the way to do it in 2008 ver of .NET, it is not recognize the usercontrol.... how can i pass parameters to the usercontrol in run time?
View 10 Replies
Oct 9, 2010
[Code]....
and my Index
[Code]....
View 1 Replies
Aug 3, 2010
i have a dropdownlist with seven different optins like (date, subject, press, cia, media...) and user will select one of the item from the dropdownlist and click on search button to get the results.here is my repository class GetInquires method which accepts 7 parameters but it will pass only one prameters at a time to the storeproc and in case of Date (it will pass both from/to)
public List<Inquiry> GetInquiries(string fromDate, string toDate,
string subject, string press,
string cia, string media,
[code]...
View 6 Replies
Aug 24, 2010
I am trying to use a parameter field where there is a subreport in my main report but i keep getting the error "subreport cannot be shown" when running the report.
p.s - I have just set the parameters the same in the subreport as the main report.
View 2 Replies
May 23, 2010
I have a page with a lot of pictures on it. I want the user to be able to click on the picture and either bring up a popup type of window passing it the Param name and value , or to have the picture be replaced with this object.
<object id="ADR2" type="application/x-Autodesk-DWF"
width="250" height="250"> <param name="dwffilename"
value="path" /> </object>
I have found a number of places describing how to bring up a popup window, but not on how to pass it the values.
View 2 Replies
Nov 8, 2010
I have a custom ExpressionBuilder in whixh I'm trying to add a list of optional parameters. My method would be declared as follows:
public static string GetResource(string expression, params object[] parameters) { }
The way I'm calling this method from an ASP.NET page is this at the moment:
<ext:Button ID="btnEdit" runat="server" Text="<%$ AppResources : edit_text %>">
Does anyone know how to perform this method call, but using optional parameters?
View 6 Replies
Oct 6, 2010
I have a simple Web Service method defined as:
[WebMethod]
[ScriptMethod(ResponseFormat = ResponseFormat.Json)]
public string MyWebMethod(string foo, string bar)
{
// DataContractJsonSerializer to deserialize foo and bar to
// their respective FooClass and BarClass objects.
return "{"Message":"Everything is a-ok!"}";
}
I'll call it from the client via:
var myParams = { "foo":{"name":"Bob Smith", "age":50},"bar":{"color":"blue","size":"large","quantity":2} };
$.ajax({
type: 'POST',
url: 'https://mydomain.com/WebServices/TestSvc.asmx/MyWebMethod',
data: JSON.stringify(myParams),
contentType: 'application/json; charset=utf-8',
dataType: 'json',
success: function (response, status) {
alert('Yay!');
},
error: function (xhr, err) {
alert('Boo-urns!');
}
});
However, this yields the following error (a breakpoint on the first line in MyWebMethod() is never hit):
{"Message":"No parameterless
constructor defined for type of
u0027System.Stringu0027.","StackTrace":"
at
System.Web.Script.Serialization.ObjectConverter.ConvertDictionaryToObject(IDictionary2
dictionary, Type type,
JavaScriptSerializer serializer,
Boolean throwOnError, Object&
convertedObject)
at
System.Web.Script.Serialization.ObjectConverter.ConvertObjectToTypeInternal(Object
o, Type type, JavaScriptSerializer
serializer, Boolean throwOnError,
Object& convertedObject)
at
System.Web.Script.Serialization.ObjectConverter.ConvertObjectToTypeMain(Object
o, Type type, JavaScriptSerializer
serializer, Boolean throwOnError,
Object& convertedObject)
at
System.Web.Script.Services.WebServiceMethodData.StrongTypeParameters(IDictionary2
rawParams)
at
System.Web.Script.Services.RestHandler.InvokeMethod(HttpContext
context, WebServiceMethodData
methodData, IDictionary`2
rawParams)
at
System.Web.Script.Services.RestHandler.ExecuteWebServiceCall(HttpContext
context, WebServiceMethodData
methodData)","ExceptionType":"System.MissingMethodException"}
I'd like to pass in two string parameters and use DataContractJsonSerializer to write new Foo and Bar objects. Am I missing something?
View 3 Replies
Nov 12, 2010
I am creating a DataSet to attach to a report (*.rdlc). In the DataSet is a TableAdapter that has the GetData(@start, @end) function. Can someone please explain how I get values in to @start and @end? I have searched and seen that it might have something to do with overriding the Fill function in the DataSet code behind file. Please let me know.
View 1 Replies
Mar 13, 2011
I have used a sql data source to connect to ORACLE.
Select command is working fine, as soon as I try to provide a parameter, it doesn;t work.
Getting following error " ORA-01036: illegal variable name/number"
Tried searching for error message -- but It says the parameters name has to be less then 32 characters, which is what I have.
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:DevConnection %>"
ProviderName="<%$ ConnectionStrings:DevConnection.ProviderName %>" SelectCommand="Select ID, Name from Employee where state = @stateid">
<SelectParameters>
<asp:ControlParameter Name ="stateid" ControlID = "drdState" PropertyName = "SelectedValue" />
</SelectParameters>
View 2 Replies
Aug 18, 2010
I want to develop a windows service which will be accepting a datatable from an aspx page. Both the windows service and the website are hosted on same machine.
Also I need to set a date and time on which this service is to work. this date and time are to change according to customer needs. once again the date and time are to be fed from the aspx page.
View 6 Replies
Mar 6, 2013
I have a dynamic created drop down list - and I set the event of it to be like this:
ddlAnswer.ID = "ddlistAnswer" + QuestionID;
ddlAnswer.SelectedIndexChanged += new EventHandler(ddlAnswer_SelectedIndexChanged);
Please note that drop down list is dynamic, and in selectedIndexChanged, I would like to pass the "QuestionID" to that selectedindexchanged to work on my logic. Is there a way to pass it to that method as command argument or something?
Code:
protected void ddlAnswer_SelectedIndexChanged(object sender, EventArgs e)
{
//wanting that question id here
}
View 1 Replies
Jun 9, 2012
STR= "SELCT * from tbl1 ";
if (drpyrsal.SelectedValue != "--Select--")
{
STR= STR+ " and Year([frmdt])=" + drpyrsal.SelectedValue + " ";
}
if (drpmonth.SelectedValue != "--Select--")
{
STR= STR+ "and Month([frmdt])=" + drpmonth.SelectedValue + " ";
}
and execute it with dataset
how can i do the same with SP
SqlCommand cmd = new SqlCommand("usp_SP1", con); // Stored procedure
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@yr", drpyrsal.SelectedValue);
cmd.Parameters.AddWithValue("@mon", drpmonth.SelectedValue);
View 1 Replies
Jun 11, 2010
passing parameters from a datalist to another page.
this is how my app works:
i have a database ( access) a table with the following columns: id,title,desc,photo.
another table with the following columns: (startsin, endsin,price,tId)
on the first page (tourpack.aspx) i have a datalist, when user clicks on a button that is in the templateitem of the datalist, he will be transfered to another page called (showtour.aspx). what im trying to do is passing the ID parameter from the first page (table 1) to the second page (showtour.aspx) with the id number so he can see the specific details of that "tour" that are located In the second table.
View 8 Replies
Jan 7, 2010
Im wonding what the correct syntax is to pass 2 parameters from a Ascx control into a Vb.net function? Heres what I currently have:
<asp:Literal
ID="CommentFooterLiteral1"
Visible='<%# Eval("Approved") Or IsModerator() %>'
Text='<%# FormatFooter(Eval("Anonymous"), Eval("DisplayName"), Eval("CreatedDate")) + "
" + GetModeratorStatus(Eval("UserId")) %>'
runat="server"
/>
The Function "FormatFooter", needs to pass in Anonymous and DisplayName parameters. Anyone know the correct syntax for doing this?
View 2 Replies
Sep 20, 2010
I am trying to pass parameters in the hyperlink.
The code in sending page is as below
[Code]....
View 2 Replies
Aug 9, 2010
I followd Brian Orrell LINQ tutorial for paging/sorting and created a gridview bound to an ObjectDataSource through a method call which gets data from adatabase. My form includes two buttons with a textbox next to each one of them. I need to be able to populatte th egridview depending on the button that was pressed, I cannot figure out how signal my method which button was pressed.
[Code]....
[URL]
View 1 Replies
Oct 23, 2010
I'm trying to do a form submit to my controller through jQuery Ajax. The following code works for the most part, however, the ThreadId parameter does not get passed. If I call the controller directly without using jQuery, it gets passed, but when using jquery, I don't see the ThreadId after form.serialize(). WHat would be the easiest way to pass parameters (like ThreadId) to jQuery form post?
[code]....
View 1 Replies
Jan 24, 2011
I need to execute the following exe file with multiple arguments from asp.net web application
"C:Program FilesSysteminvoke.exe" /project "UPLOAD" /app "Default App" /task "XMLGEN" /parm.OutputDirectory "c: emp"
I tried the following asp.net code,
[code]....
View 4 Replies
Jun 3, 2010
I am trying to pass the parameters dynamically thru Sqldatasource and get the results in grid view. Based on the dropdown list selection it has to show the results in grid view. When I hard code its giving correct results but when passing thru parameters i'm unable to get the results in grid view.
Output shud be something like this:
Select the value: 123
124
125.
Lets say user selects '123', the query it runs in sqldatasource is Select col1,col2,col3 from table1 where col1 LIKE '123%'
results will be 12301,12302,12303 with other columns in grid view.
[code]....
View 6 Replies
Aug 5, 2010
I am looking for someone to provide guidance as to whether the following solution is the prescribed way of going about this. Yesterday I started working on a problem that, at first blush, seemed pretty simple and straightforward. I need to pass a few parameters from an ASPX code-behind, which hosts a Silverlight object tag, to the code-behind of one, or more, of the Silverlight user controls within the hosted Silverlight application. So, after doing some research, this is the basic solution I developed.
I found out that an attribute can be added to the object tag called initParams, a comma delimited list of parameter names and values can be added to this attribute. Like so.
<object data="data:application/x-silverlight-2," type="application/x-silverlight-2" width="100%" height="100%">
<param name="source" value="ClientBin/SampleApplication.xap"/>
<param name="onError" value="onSilverlightError" />
<param name="background" value="white" />
<param name="minRuntimeVersion" value="3.0.40624.0" />
<param name="autoUpgrade" value="true" />
<param name="initParams" value='DealerId=17' />
</object>
This is fine, except that the DealerId parameter is basically hard-coded in the object tag, not real useful. The next thing that I did was replace this object tag with a literal control, and set the text of the literal control within the page's code-behind to the value of a StringBuilder (where I built up the full object tag along with dynamically adding the correct DealerId value). In the following example, the DealerId is hard-coded, but you get the idea.
var sb = new StringBuilder();
sb.Append(@"<object data=""data:application/x-silverlight-2,"" type=""application/x-silverlight-2"" width=""90%"" height=""80%"">");
sb.Append(@"<param name=""source"" value=""ClientBin/Ascend.SilverlightViewer.xap""/>");
sb.Append(@"<param name=""onError"" value=""onSilverlightError"" />");
sb.Append(@"<param name=""background"" value=""white"" />");
sb.Append(@"<param name=""minRuntimeVersion"" value=""3.0.40624.0"" />");
sb.Append(@"<param name=""autoUpgrade"" value=""true"" />");
sb.Append(@"<param name=""initParams"" value='");
sb.Append(@"ServiceUrl=");
sb.AppendFormat("http://{0}{1}", Request.Url.Authority, ResolveUrl("~/ReportService.svc"));
sb.Append(@",DebugMode=Full");
sb.AppendFormat(@",DealerId={0}' />", 40);
sb.Append(@"</object>");
litObjectTag.Text = sb.ToString();
My goal, if this initial design is sane, is to then pull this object tag creation into a server control, which will have a DealerId property, which in turn will be set within the hosts code-behind. At this point, I have the host dynamically adding parameter values to the object tag's initParams attribute, the next step is to get these values and leverage them within the hosted Silverlight application. I found a few articles to help out with this; I'm creating a public dictionary within the App.xaml.cs, and setting it within the Application_Startup event.
public IDictionary<string, string> InitConfigDictionary;
private void Application_Startup(object sender, StartupEventArgs e)
{
InitConfigDictionary = e.InitParams;
this.RootVisual = new MainPage();
}
Now, I can access this public dictionary from the code-behind of any .xaml user control, like this.
App app = (App)Application.Current;
var dealerId = app.InitConfigDictionary["DealerId"];
This design works just fine, I'm just looking for some guidance, since I'm new to Silverlight. Once again, the implementation works, but it seems like a whole lot of work to go through just to pass a dynamic value from the host to the .xaml files. Because I'm new to Silverlight, I'm hoping that someone with more experience can say that either:
a) Patrick, you're insane, why are you going through all this work when clearly in Silverlight you would accomplish this through the use of "xxxxxx".
b) Yeah, Patrick, it's a drag, but this design is basically what you have to do in Silverlight.
View 1 Replies
Apr 1, 2011
i have a report and i want to display it on a webform. Reports without parameters are working nice and fine. Reports with parameters are creating headache for me. this is the code i have written in BindReport method, which is called on page load event of the form.
[Code]....
i have tried variety of things like assigning ParameterFieldInfo to reportviewer control but, it shows me prompt on page load asking for parameter values of the report. i m using .NET 4.0 EDIT i m using push model for crystal reports. does it change the way we can pass parameters to report from asp.net
View 2 Replies
Mar 19, 2011
I have a modal popup that displays detail info based on a grid view selection. The SELECT requires a id and a year. The year is displayed in a drop downon the main page and the popup seems to be able to read it OK. BUt the ID is part of the grid view and I am not usre how to pass it to the popup.
[Code]....
I thought that I would set theID in the lnkRank_Click event, but the code seemd to pop the modal without ever going to that event.
[Code]....
I can set a debug break on this method and it never hits it. So, somehow clicking the image button does trigger the popup but does not set the text field to the desired ID. How is this supposed to work?
View 5 Replies
Nov 2, 2010
I am trying to pass parameters to a popup window via query string(a hidden field id & a textbox id). However, since I am using master pages the id's are very long (ct100_someid). Is there a way to elegantly pass my ids ? Can I shorten my id's or not show them to the user at all?
View 2 Replies
Feb 5, 2010
I am having problems getting my first report to show data when passing 2 DateTime session and 1 string session parameters to my report. When I remove the 2 DateTime parameters returns data, but with DateTime Parameters, no data. The SQL statement returns correctly. It seems my 2 date params get to the report as NULL. [Code]....
Report Parameters:
dtFromSelect = string - internal
dtToSelect = string - internal
qreStorename = string - internal
For report parameters, if I use DateTime instead of String, I get this error
The definition of the report 'Main Report' is invalid.
The property 'DefaultValue' of report parameter 'dtToSelect' doesn't have the expected type
View 4 Replies