RE: Simple Variable Passing between HTML and ASP

From: Vishnu-Chivukula (VishnuChivukula_at_discussions.microsoft.com)
Date: 02/21/05 

Date: Mon, 21 Feb 2005 06:47:09 -0800

Hi John,

Not too sure what problems you ran into.
> I have an HTML Text Box which I have
> named HireInput, and a table (Access Table in fact) that has on it a field called >HIREID. I wish to select records where the two match! It sounds simple, but I >am having trouble
> setting up the text box name so that it is recognized in the query.

There are a couple of whays to solve this...

One is by using a simple Select Query and the other is by using a Stored
procedure.
In case you want to go with the Query way,
"Select Column1, Column2, Column3 from TableName Where HIREID ='" +
TextBox1.Text + '"
This should be fine..
***Remember, This is not a recomemded way as this code is subject to SQL
Injection. ***

The other way is to write a a stored procedure and Pass the textBox1.Text
value as an input. To Avoid SQL Injection dont directly send the textbox
value to the SP. But use SQL Parameters...

Hope this Helps...

Need any help, Do post a msg back...

Happy Coding

"John Baker" wrote:

> Hi:7
>
> Newby here to ASP, and using the ASP.NET Web Matrix development tool. While that tool
> looks great for a Newby, I have run into a snag. I have an HTML Text Box which I have
> named HireInput, and a table (Access Table in fact) that has on it a field called HIREID.
> I wish to select records where the two match! It sounds simple, but I am having trouble
> setting up the text box name so that it is recognized in the query.
>
> Can someone tell me the simple way to do this?
>
> Thanks
>
> John Baker
>

Relevant Pages

  • IBM Informix Web DataBlade: SQL injection
    ... SQL code is executed under the uid that webdriver connects as. ... This query is vulnerable to SQL ... processed HTML. ...
    (Bugtraq)
  • Re: Converting Perl Web Report to Python
    ... by allowing the user to pass in an SQL query parameter to the sql ...
    (comp.lang.python)
  • [NEWS] IBM Informix Web DataBlade Vulnerability Allows SQL Injection
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... When a user makes a page request, webdriver executes a query that will ... This query is vulnerable to SQL injection ... returns some processed HTML. ...
    (Securiteam)
  • IBM Informix Web DataBlade: Auto-decoding HTML entities
    ... IBM Informix Web DataBlade: Auto-decoding HTML entities ... IDS and WDB versions seem to be irrelevant). ... Malicious user may insert SQL code in form input and have it ... $'ed it should thus be safe to use it in an SQL query, ...
    (Bugtraq)
  • Re: DBMS and lisp, etc.
    ... Naively implemented with SQL, again for 10 ... (1 query for the initial orders, 1 query for each order for its ... soon as you upgrade to the SQL database. ... (eq (order-customer orderA) ...
    (comp.lang.lisp)