Extension changed. I'm not so worried about that security right now since our intranet is not available to the outside world. If I get this version working, I'll beef up the security later when we move our intranet to our web server. That, however, is many months off and they desire the phone list searching ability ASAP. Jeremy Coulson PC Technician/Webmaster, Frederick County (540) 722-8211 jcoulson at co.frederick.va.us -----Original Message----- From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Ken Schaefer Sent: Thursday, August 02, 2007 7:02 AM To: thelist at lists.evolt.org Subject: Re: [thelist] simple asp.net question The code could not be downloaded - it's trying to be executed by the server. You'd need to change the extension to something like .txt (that's handled by the static file handler in IIS) Secondly, that SQL statement is vulnerable to SQL injection. Use parameters. Cheers Ken -----Original Message----- From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Jeremy Coulson Sent: Thursday, 2 August 2007 1:55 PM To: thelist at lists.evolt.org Subject: [thelist] simple asp.net question I'm 100% certain I'm missing something really simple on this search I've been trying to build for our phone directory on our intranet. Everything is working correctly except one thing. When a user enters a search that returns no result, a label tells the user there were no results. Unfortunately, the program never makes it to the second half of the conditional statement and all searches - even successful ones - return the same message. You can see the whole code (there's not much!) at http://www.co.frederick.va.us/coulson/phoneExtensions.aspx (but you have to download it because that server is running an older framework that doesn't know gridview). This is the specific function that is not working: ----------------------> Sub nameHandler(ByVal sender As Object, ByVal e As EventArgs) If strSearch.Text = "" Then lbl1.Text = "<br /><font color='red'>Please enter a search term in the box above!</font>" Else AccessDataSource1.SelectCommand = "SELECT [lastName], [firstName], [dept], [ext], [email] FROM [tblPhones] WHERE [lastName] = '" + strSearch.Text + "' OR [firstName] = '" + strSearch.Text + "' ORDER BY [dept], [lastName]" If GridView1.Rows.Count = 0 Then lbl1.Text = "<br />Your search for " & strSearch.Text & " found no results." Else lbl1.Text = "<br />Search string: " & strSearch.Text & "." End If End If End Sub ----------------------> Why does it never get to the Else half of that If? I'm thinking this is either a failure of my ability to nest conditional statements, a failure of my logic, or a failure of my understanding of GridView.Rows.Count. I've been beating this dead horse for three hours now and I'm going to bed. Hopefully I will find a solution tomorrow. If you know it, feel free to share! Thanks! Jeremy Coulson PC Technician/Webmaster, Frederick County (540) 722-8211 jcoulson at co.frederick.va.us -- * * Please support the community that supports you. * * http://evolt.org/help_support_evolt/ For unsubscribe and other options, including the Tip Harvester and archives of thelist go to: http://lists.evolt.org Workers of the Web, evolt !