C# - What Is Passing Parameters To SQL

Jul 9, 2010

In this answer to my question of how to insert data into SQL Server he mentioned passing parameters instead of string concatenation like I currently have.

Is this really necessary for security? If so, what exactly is passing parameters? When i google it I get a lot about stored procedures. Is that what I want, I do not know about stored procedures....yet.

EDIT:

Ok, here is what I got. It seems to update the database correctly and eventually I will change the hard coded ints to inputs from a label. confirm if how I did this is not vulnerable to any sql injection or hacks.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Security;
using System.Data;
using System.Data.Sql;
using System.Data.SqlClient;
public partial class Stats : System.Web.UI.Page
{
public SqlDataReader DataReader;
public SqlCommand Command;
string queryString = ("INSERT INTO UserData (UserProfileID, ConfidenceLevel, LoveLevel, HappinessLevel) VALUES (@UID, @CL, @LL, @HL);");
//string queryString = ("INSERT INTO UserData (UserProfileID, ConfidenceLevel, LoveLevel, HappinessLevel) VALUES ('a051fc1b-4f51-485b-a07d-0f378528974e', 2, 2, 2);");
protected void Page_Load(object sender, EventArgs e)
{
LabelUserID.Text = Membership.GetUser().ProviderUserKey.ToString();
}
protected void Button1_Click(object sender, EventArgs e)
{
//connect to database
MySqlConnection database = new MySqlConnection();
database.CreateConn();
//create command object
Command = new SqlCommand(queryString, database.Connection);
//add parameters. used to prevent sql injection
Command.Parameters.Add("@UID", SqlDbType.UniqueIdentifier);
Command.Parameters["@UID"].Value = Membership.GetUser().ProviderUserKey;
Command.Parameters.Add("@CL", SqlDbType.Int);
Command.Parameters["@CL"].Value = 9;
Command.Parameters.Add("@LL", SqlDbType.Int);
Command.Parameters["@LL"].Value = 9;
Command.Parameters.Add("@HL", SqlDbType.Int);
Command.Parameters["@HL"].Value = 9;
Command.ExecuteNonQuery();
}
}

View 7 Replies


Similar Messages:

Passing Parameters To Usercontrol?

Apr 21, 2010

when i worked in .NET 1.1 i used to pass parameters to user control using the method- (if the name of the usercontrol is "tables")

dim r As tables =
CType(Page.LoadControl("~/usercontrol/tables.ascx"), tables)

and calling public property of the usercontrols.

the problem is that i can't the way to do it in 2008 ver of .NET, it is not recognize the usercontrol.... how can i pass parameters to the usercontrol in run time?

View 10 Replies

MVC :: Passing Parameters To ListView

Oct 9, 2010

[Code]....
and my Index
[Code]....

View 1 Replies

C# - Passing Parameters With Conditionally?

Aug 3, 2010

i have a dropdownlist with seven different optins like (date, subject, press, cia, media...) and user will select one of the item from the dropdownlist and click on search button to get the results.here is my repository class GetInquires method which accepts 7 parameters but it will pass only one prameters at a time to the storeproc and in case of Date (it will pass both from/to)

public List<Inquiry> GetInquiries(string fromDate, string toDate,
string subject, string press,
string cia, string media,

[code]...

View 6 Replies

SQL Reporting :: Passing Parameters Through Sub Reports?

Aug 24, 2010

I am trying to use a parameter field where there is a subreport in my main report but i keep getting the error "subreport cannot be shown" when running the report.

p.s - I have just set the parameters the same in the subreport as the main report.

View 2 Replies

Web Forms :: Passing Parameters To New Window

May 23, 2010

I have a page with a lot of pictures on it. I want the user to be able to click on the picture and either bring up a popup type of window passing it the Param name and value , or to have the picture be replaced with this object.

<object id="ADR2" type="application/x-Autodesk-DWF"
width="250" height="250"> <param name="dwffilename"
value="path" /> </object>

I have found a number of places describing how to bring up a popup window, but not on how to pass it the values.

View 2 Replies

Web Forms :: Passing Parameters To ExpressionBuilder

Nov 8, 2010

I have a custom ExpressionBuilder in whixh I'm trying to add a list of optional parameters. My method would be declared as follows:
public static string GetResource(string expression, params object[] parameters) { }

The way I'm calling this method from an ASP.NET page is this at the moment:
<ext:Button ID="btnEdit" runat="server" Text="<%$ AppResources : edit_text %>">
Does anyone know how to perform this method call, but using optional parameters?

View 6 Replies

Passing Multiple Parameters To Web Service

Oct 6, 2010

I have a simple Web Service method defined as:

[WebMethod]
[ScriptMethod(ResponseFormat = ResponseFormat.Json)]
public string MyWebMethod(string foo, string bar)
{
// DataContractJsonSerializer to deserialize foo and bar to
// their respective FooClass and BarClass objects.
return "{"Message":"Everything is a-ok!"}";
}
I'll call it from the client via:
var myParams = { "foo":{"name":"Bob Smith", "age":50},"bar":{"color":"blue","size":"large","quantity":2} };
$.ajax({
type: 'POST',
url: 'https://mydomain.com/WebServices/TestSvc.asmx/MyWebMethod',
data: JSON.stringify(myParams),
contentType: 'application/json; charset=utf-8',
dataType: 'json',
success: function (response, status) {
alert('Yay!');
},
error: function (xhr, err) {
alert('Boo-urns!');
}
});
However, this yields the following error (a breakpoint on the first line in MyWebMethod() is never hit):
{"Message":"No parameterless
constructor defined for type of
u0027System.Stringu0027.","StackTrace":"
at
System.Web.Script.Serialization.ObjectConverter.ConvertDictionaryToObject(IDictionary2
dictionary, Type type,
JavaScriptSerializer serializer,
Boolean throwOnError, Object&
convertedObject)
at
System.Web.Script.Serialization.ObjectConverter.ConvertObjectToTypeInternal(Object
o, Type type, JavaScriptSerializer
serializer, Boolean throwOnError,
Object& convertedObject)
at
System.Web.Script.Serialization.ObjectConverter.ConvertObjectToTypeMain(Object
o, Type type, JavaScriptSerializer
serializer, Boolean throwOnError,
Object& convertedObject)
at
System.Web.Script.Services.WebServiceMethodData.StrongTypeParameters(IDictionary2
rawParams)
at
System.Web.Script.Services.RestHandler.InvokeMethod(HttpContext
context, WebServiceMethodData
methodData, IDictionary`2
rawParams)
at
System.Web.Script.Services.RestHandler.ExecuteWebServiceCall(HttpContext
context, WebServiceMethodData
methodData)","ExceptionType":"System.MissingMethodException"}

I'd like to pass in two string parameters and use DataContractJsonSerializer to write new Foo and Bar objects. Am I missing something?

View 3 Replies

ADO.NET :: Passing Values To TableAdapter Parameters?

Nov 12, 2010

I am creating a DataSet to attach to a report (*.rdlc). In the DataSet is a TableAdapter that has the GetData(@start, @end) function. Can someone please explain how I get values in to @start and @end? I have searched and seen that it might have something to do with overriding the Fill function in the DataSet code behind file. Please let me know.

View 1 Replies

AJAX :: Passing The Parameters In Sql Datasource?

Mar 13, 2011

I have used a sql data source to connect to ORACLE.

Select command is working fine, as soon as I try to provide a parameter, it doesn;t work.

Getting following error " ORA-01036: illegal variable name/number"

Tried searching for error message -- but It says the parameters name has to be less then 32 characters, which is what I have.

<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:DevConnection %>"
ProviderName="<%$ ConnectionStrings:DevConnection.ProviderName %>" SelectCommand="Select ID, Name from Employee where state = @stateid">
<SelectParameters>
<asp:ControlParameter Name ="stateid" ControlID = "drdState" PropertyName = "SelectedValue" />
</SelectParameters>

View 2 Replies

C# - Passing Parameters In Windows Service?

Aug 18, 2010

I want to develop a windows service which will be accepting a datatable from an aspx page. Both the windows service and the website are hosted on same machine.

Also I need to set a date and time on which this service is to work. this date and time are to change according to customer needs. once again the date and time are to be fed from the aspx page.

View 6 Replies

Dynamic DropdownList Passing Parameters

Mar 6, 2013

I have a dynamic created drop down list - and I set the event of it to be like this:

ddlAnswer.ID = "ddlistAnswer" + QuestionID;
ddlAnswer.SelectedIndexChanged += new EventHandler(ddlAnswer_SelectedIndexChanged);

Please note that drop down list is dynamic, and in selectedIndexChanged, I would like to pass the "QuestionID" to that selectedindexchanged to work on my logic. Is there a way to pass it to that method as command argument or something?

Code:
protected void ddlAnswer_SelectedIndexChanged(object sender, EventArgs e)
{
//wanting that question id here
}

View 1 Replies

Web Forms :: Passing Parameters To SP With Condition?

Jun 9, 2012

STR= "SELCT * from tbl1 ";
if (drpyrsal.SelectedValue != "--Select--")
{
STR= STR+ " and Year([frmdt])=" + drpyrsal.SelectedValue + " ";
}
if (drpmonth.SelectedValue != "--Select--")
{
STR= STR+ "and Month([frmdt])=" + drpmonth.SelectedValue + " ";
}

and execute it with dataset

how can i do the same with SP

SqlCommand cmd = new SqlCommand("usp_SP1", con); // Stored procedure
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@yr", drpyrsal.SelectedValue);
cmd.Parameters.AddWithValue("@mon", drpmonth.SelectedValue); 

View 1 Replies

Web Forms :: Passing Parameters From A Datalist To Another Page?

Jun 11, 2010

passing parameters from a datalist to another page.

this is how my app works:

i have a database ( access) a table with the following columns: id,title,desc,photo.

another table with the following columns: (startsin, endsin,price,tId)

on the first page (tourpack.aspx) i have a datalist, when user clicks on a button that is in the templateitem of the datalist, he will be transfered to another page called (showtour.aspx). what im trying to do is passing the ID parameter from the first page (table 1) to the second page (showtour.aspx) with the id number so he can see the specific details of that "tour" that are located In the second table.

View 8 Replies

Web Forms :: Passing Multiple Parameters To VB.net Function

Jan 7, 2010

Im wonding what the correct syntax is to pass 2 parameters from a Ascx control into a Vb.net function? Heres what I currently have:

<asp:Literal
ID="CommentFooterLiteral1"
Visible='<%# Eval("Approved") Or IsModerator() %>'
Text='<%# FormatFooter(Eval("Anonymous"), Eval("DisplayName"), Eval("CreatedDate")) &#43; "
" &#43; GetModeratorStatus(Eval("UserId")) %>'
runat="server"
/>

The Function "FormatFooter", needs to pass in Anonymous and DisplayName parameters. Anyone know the correct syntax for doing this?

View 2 Replies

Web Forms :: Passing Multiple Parameters In The Hyperlink?

Sep 20, 2010

I am trying to pass parameters in the hyperlink.

The code in sending page is as below

[Code]....

View 2 Replies

DataSource Controls :: Passing Parameters To ObjectDataSource

Aug 9, 2010

I followd Brian Orrell LINQ tutorial for paging/sorting and created a gridview bound to an ObjectDataSource through a method call which gets data from adatabase. My form includes two buttons with a textbox next to each one of them. I need to be able to populatte th egridview depending on the button that was pressed, I cannot figure out how signal my method which button was pressed.
[Code]....
[URL]

View 1 Replies

C# - Passing Parameters When Submitting A Form Via JQuery In MVC?

Oct 23, 2010

I'm trying to do a form submit to my controller through jQuery Ajax. The following code works for the most part, however, the ThreadId parameter does not get passed. If I call the controller directly without using jQuery, it gets passed, but when using jquery, I don't see the ThreadId after form.serialize(). WHat would be the easiest way to pass parameters (like ThreadId) to jQuery form post?

[code]....

View 1 Replies

Web Forms :: Passing Multiple Parameters To An Exe From Web Application

Jan 24, 2011

I need to execute the following exe file with multiple arguments from asp.net web application

"C:Program FilesSysteminvoke.exe" /project "UPLOAD" /app "Default App" /task "XMLGEN" /parm.OutputDirectory "c: emp"

I tried the following asp.net code,

[code]....

View 4 Replies

Web Forms :: Passing Parameters In Dropdownlist And Sqldatasource

Jun 3, 2010

I am trying to pass the parameters dynamically thru Sqldatasource and get the results in grid view. Based on the dropdown list selection it has to show the results in grid view. When I hard code its giving correct results but when passing thru parameters i'm unable to get the results in grid view.

Output shud be something like this:

Select the value: 123

124

125.

Lets say user selects '123', the query it runs in sqldatasource is Select col1,col2,col3 from table1 where col1 LIKE '123%'

results will be 12301,12302,12303 with other columns in grid view.

[code]....

View 6 Replies

Dynamically Passing Parameters From ASPX Host

Aug 5, 2010

I am looking for someone to provide guidance as to whether the following solution is the prescribed way of going about this. Yesterday I started working on a problem that, at first blush, seemed pretty simple and straightforward. I need to pass a few parameters from an ASPX code-behind, which hosts a Silverlight object tag, to the code-behind of one, or more, of the Silverlight user controls within the hosted Silverlight application. So, after doing some research, this is the basic solution I developed.

I found out that an attribute can be added to the object tag called initParams, a comma delimited list of parameter names and values can be added to this attribute. Like so.

<object data="data:application/x-silverlight-2," type="application/x-silverlight-2" width="100%" height="100%">
<param name="source" value="ClientBin/SampleApplication.xap"/>
<param name="onError" value="onSilverlightError" />
<param name="background" value="white" />
<param name="minRuntimeVersion" value="3.0.40624.0" />
<param name="autoUpgrade" value="true" />
<param name="initParams" value='DealerId=17' />
</object>

This is fine, except that the DealerId parameter is basically hard-coded in the object tag, not real useful. The next thing that I did was replace this object tag with a literal control, and set the text of the literal control within the page's code-behind to the value of a StringBuilder (where I built up the full object tag along with dynamically adding the correct DealerId value). In the following example, the DealerId is hard-coded, but you get the idea.

var sb = new StringBuilder();
sb.Append(@"<object data=""data:application/x-silverlight-2,"" type=""application/x-silverlight-2"" width=""90%"" height=""80%"">");
sb.Append(@"<param name=""source"" value=""ClientBin/Ascend.SilverlightViewer.xap""/>");
sb.Append(@"<param name=""onError"" value=""onSilverlightError"" />");
sb.Append(@"<param name=""background"" value=""white"" />");
sb.Append(@"<param name=""minRuntimeVersion"" value=""3.0.40624.0"" />");
sb.Append(@"<param name=""autoUpgrade"" value=""true"" />");
sb.Append(@"<param name=""initParams"" value='");
sb.Append(@"ServiceUrl=");
sb.AppendFormat("http://{0}{1}", Request.Url.Authority, ResolveUrl("~/ReportService.svc"));
sb.Append(@",DebugMode=Full");
sb.AppendFormat(@",DealerId={0}' />", 40);
sb.Append(@"</object>");
litObjectTag.Text = sb.ToString();

My goal, if this initial design is sane, is to then pull this object tag creation into a server control, which will have a DealerId property, which in turn will be set within the hosts code-behind. At this point, I have the host dynamically adding parameter values to the object tag's initParams attribute, the next step is to get these values and leverage them within the hosted Silverlight application. I found a few articles to help out with this; I'm creating a public dictionary within the App.xaml.cs, and setting it within the Application_Startup event.

public IDictionary<string, string> InitConfigDictionary;
private void Application_Startup(object sender, StartupEventArgs e)
{
InitConfigDictionary = e.InitParams;
this.RootVisual = new MainPage();
}

Now, I can access this public dictionary from the code-behind of any .xaml user control, like this.

App app = (App)Application.Current;
var dealerId = app.InitConfigDictionary["DealerId"];

This design works just fine, I'm just looking for some guidance, since I'm new to Silverlight. Once again, the implementation works, but it seems like a whole lot of work to go through just to pass a dynamic value from the host to the .xaml files. Because I'm new to Silverlight, I'm hoping that someone with more experience can say that either:

a) Patrick, you're insane, why are you going through all this work when clearly in Silverlight you would accomplish this through the use of "xxxxxx".
b) Yeah, Patrick, it's a drag, but this design is basically what you have to do in Silverlight.

View 1 Replies

Passing Parameters To Crystal Report From Webforms?

Apr 1, 2011

i have a report and i want to display it on a webform. Reports without parameters are working nice and fine. Reports with parameters are creating headache for me. this is the code i have written in BindReport method, which is called on page load event of the form.

[Code]....

i have tried variety of things like assigning ParameterFieldInfo to reportviewer control but, it shows me prompt on page load asking for parameter values of the report. i m using .NET 4.0 EDIT i m using push model for crystal reports. does it change the way we can pass parameters to report from asp.net

View 2 Replies

AJAX :: Passing Parameters To A Modal Popup?

Mar 19, 2011

I have a modal popup that displays detail info based on a grid view selection. The SELECT requires a id and a year. The year is displayed in a drop downon the main page and the popup seems to be able to read it OK. BUt the ID is part of the grid view and I am not usre how to pass it to the popup.

[Code]....

I thought that I would set theID in the lnkRank_Click event, but the code seemd to pop the modal without ever going to that event.

[Code]....

I can set a debug break on this method and it never hits it. So, somehow clicking the image button does trigger the popup but does not set the text field to the desired ID. How is this supposed to work?

View 5 Replies

Javascript - Passing Parameters To Popup Window ?

Nov 2, 2010

I am trying to pass parameters to a popup window via query string(a hidden field id & a textbox id). However, since I am using master pages the id's are very long (ct100_someid). Is there a way to elegantly pass my ids ? Can I shorten my id's or not show them to the user at all?

View 2 Replies

SQL Reporting :: Passing DateTime Parameters To ReportViewer

Feb 5, 2010

I am having problems getting my first report to show data when passing 2 DateTime session and 1 string session parameters to my report. When I remove the 2 DateTime parameters returns data, but with DateTime Parameters, no data. The SQL statement returns correctly. It seems my 2 date params get to the report as NULL. [Code]....

Report Parameters:

dtFromSelect = string - internal

dtToSelect = string - internal

qreStorename = string - internal

For report parameters, if I use DateTime instead of String, I get this error

The definition of the report 'Main Report' is invalid.

The property 'DefaultValue' of report parameter 'dtToSelect' doesn't have the expected type

View 4 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved