amen. uisng stored procedures and typed parameters also can help avoid this kind of mischief
http://www.sitepoint.com/article/sql-injection-attacks-safe On 10/24/05, Mischa Kroon <[EMAIL PROTECTED]> wrote: > ehm, guys this isn't a wise thing to do. > > If you do it this way please do someting like this: > > Dim strSQL as string = "select * from publishers where PubID=" & > cint(Request.Querystring("PubID")) > > to make sure that someone doesn't do this: > > publisher.aspx?PubID=1=1;delete * from publisher;-- > > Don't trust input which can be altered please. > > > > > > > ----- Original Message ----- > From: "Anna Leon" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Monday, October 24, 2005 8:47 PM > Subject: Re: [AspNetAnyQuestionIsOk] Edit Form on 2 pages > > > > Thank you! > > > > Mark E <[EMAIL PROTECTED]> wrote:Pass your PubID in the querystring > > to the second page and this would work: > > > > Dim strSQL as string = "select * from publishers where PubID=" & > > Request.Querystring("PubID") > > > > Mark > > > > sas0riza <[EMAIL PROTECTED]> wrote: > > Hello, > > > > I have a datagrid that show all records and hyperlink to a record in > > a database. > > > > When I click on a hyperlink, I am taken to a second page where I can > > do the editing. > > > > > > I have one question though...on my second page (where I do the > > editing), how should I write the WHERE clause? > > > > e.g. > > > > If NOT IsPostBack Then > > > > Dim strConn as string =_ > > > > Dim strSQL as string = "select * from publishers where PubID=?" > > > > > > Any help is greatly appreciated. > > > > Thanks! > > > > > > > > > > > > SPONSORED LINKS > > Basic programming language Computer programming languages Programming > > languages Java programming language > > > > --------------------------------- > > YAHOO! GROUPS LINKS > > > > > > Visit your group "AspNetAnyQuestionIsOk" on the web. > > > > To unsubscribe from this group, send an email to: > > [EMAIL PROTECTED] > > > > Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. > > > > > > --------------------------------- > > > > > > > > > > [Non-text portions of this message have been removed] > > > > > > > > SPONSORED LINKS > > Basic programming language Computer programming languages Programming > > languages Java programming language > > > > --------------------------------- > > YAHOO! GROUPS LINKS > > > > > > Visit your group "AspNetAnyQuestionIsOk" on the web. > > > > To unsubscribe from this group, send an email to: > > [EMAIL PROTECTED] > > > > Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. > > > > > > --------------------------------- > > > > > > > > > > > > --------------------------------- > > Yahoo! FareChase - Search multiple travel sites in one click. > > > > [Non-text portions of this message have been removed] > > > > > > > > > > > > Yahoo! Groups Links > > > > > > > > > > > > > > > > > > Yahoo! Groups Links > > > > > > > -- Dean Fiala Very Practical Software, Inc http://www.vpsw.com ------------------------ Yahoo! Groups Sponsor --------------------~--> Fair play? Video games influencing politics. Click and talk back! http://us.click.yahoo.com/T8sf5C/tzNLAA/TtwFAA/saFolB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/AspNetAnyQuestionIsOk/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
