SitePoint Sponsor

User Tag List

Results 1 to 2 of 2

Hybrid View

  1. #1
    boiler up blackdog's Avatar
    Join Date
    Jul 2002
    Location
    Purdue
    Posts
    1,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Using variables in the aspx file

    I am very new to asp.net and vb so please bare with me. I used the datagrid tool and typed in an SQL query to populate the grid with. The issue is that this is a dynamic page, so the query needs to contain a variable. I went into the source of the aspx file and found:
    SelectCommand
    ="SELECT table..... etc

    I need to add a variable to the where statement but I can't figure out how to do it. if i were in the aspx.vb file, i would just use " & variable & " but that doesn't seem to work in the aspx file

    any help would be appreciated.

  2. #2
    SitePoint Wizard
    Join Date
    Feb 2007
    Posts
    1,274
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by blackdog View Post
    ... if i were in the aspx.vb file, i would just use " & variable & " but that doesn't seem to work in the aspx file.
    No you wouldn't, because that is the express route to SQL injection vulnerabilities in your app.

    Instead use a parameter in the select query. A parameter is specified by a @ prefix. Then include a <SelectParameters> sub element to the SQL datasource. Under this element you have a choice of several parameter types which can directly bind to URI parameters, control values etc.

    The wizard will also help you build these type of queries. Just "configure datasource" and be sure to click the advanced|parameters buttons.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •