[thelist] simple asp.net question

Ken Schaefer Ken at adOpenStatic.com
Thu Aug 2 06:01:33 CDT 2007

The code could not be downloaded - it's trying to be executed by the server. You'd need to change the extension to something like .txt (that's handled by the static file handler in IIS)

Secondly, that SQL statement is vulnerable to SQL injection. Use parameters.


-----Original Message-----
From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Jeremy Coulson
Sent: Thursday, 2 August 2007 1:55 PM
To: thelist at lists.evolt.org
Subject: [thelist] simple asp.net question

I'm 100% certain I'm missing something really simple on this search I've
been trying to build for our phone directory on our intranet.  Everything is
working correctly except one thing.  When a user enters a search that
returns no result, a label tells the user there were no results.
Unfortunately, the program never makes it to the second half of the
conditional statement and all searches - even successful ones - return the
same message.

You can see the whole code (there's not much!) at
http://www.co.frederick.va.us/coulson/phoneExtensions.aspx (but you have to
download it because that server is running an older framework that doesn't
know gridview).  This is the specific function that is not working:


    Sub nameHandler(ByVal sender As Object, ByVal e As EventArgs)

        If strSearch.Text = "" Then

            lbl1.Text = "<br /><font color='red'>Please enter a search term
in the box above!</font>"


            AccessDataSource1.SelectCommand = "SELECT [lastName],
[firstName], [dept], [ext], [email] FROM [tblPhones] WHERE [lastName] = '" +
strSearch.Text + "' OR [firstName] = '" + strSearch.Text + "' ORDER BY
[dept], [lastName]"

            If GridView1.Rows.Count = 0 Then

                lbl1.Text = "<br />Your search for " & strSearch.Text & "
found no results."


                lbl1.Text = "<br />Search string: " & strSearch.Text & "."

            End If

        End If

    End Sub


 Why does it never get to the Else half of that If?  I'm thinking this is
either a failure of my ability to nest conditional statements, a failure of
my logic, or a failure of my understanding of GridView.Rows.Count.  I've
been beating this dead horse for three hours now and I'm going to bed.
Hopefully I will find a solution tomorrow.  If you know it, feel free to
share!  Thanks!

Jeremy Coulson

PC Technician/Webmaster, Frederick County

(540) 722-8211

jcoulson at co.frederick.va.us

More information about the thelist mailing list