[thelist] simple asp.net question

Jeremy Coulson jcoulson at co.frederick.va.us
Thu Aug 2 06:39:04 CDT 2007


Extension changed.

I'm not so worried about that security right now since our intranet is not
available to the outside world.  If I get this version working, I'll beef up
the security later when we move our intranet to our web server.  That,
however, is many months off and they desire the phone list searching ability
ASAP.

Jeremy Coulson
PC Technician/Webmaster, Frederick County
(540) 722-8211
jcoulson at co.frederick.va.us


-----Original Message-----
From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org] On Behalf Of Ken Schaefer
Sent: Thursday, August 02, 2007 7:02 AM
To: thelist at lists.evolt.org
Subject: Re: [thelist] simple asp.net question

The code could not be downloaded - it's trying to be executed by the server.
You'd need to change the extension to something like .txt (that's handled by
the static file handler in IIS)

Secondly, that SQL statement is vulnerable to SQL injection. Use parameters.

Cheers
Ken

-----Original Message-----
From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org] On Behalf Of Jeremy Coulson
Sent: Thursday, 2 August 2007 1:55 PM
To: thelist at lists.evolt.org
Subject: [thelist] simple asp.net question

I'm 100% certain I'm missing something really simple on this search I've
been trying to build for our phone directory on our intranet.  Everything is
working correctly except one thing.  When a user enters a search that
returns no result, a label tells the user there were no results.
Unfortunately, the program never makes it to the second half of the
conditional statement and all searches - even successful ones - return the
same message.



You can see the whole code (there's not much!) at
http://www.co.frederick.va.us/coulson/phoneExtensions.aspx (but you have to
download it because that server is running an older framework that doesn't
know gridview).  This is the specific function that is not working:



---------------------->



    Sub nameHandler(ByVal sender As Object, ByVal e As EventArgs)

        If strSearch.Text = "" Then

            lbl1.Text = "<br /><font color='red'>Please enter a search term
in the box above!</font>"

        Else

            AccessDataSource1.SelectCommand = "SELECT [lastName],
[firstName], [dept], [ext], [email] FROM [tblPhones] WHERE [lastName] = '" +
strSearch.Text + "' OR [firstName] = '" + strSearch.Text + "' ORDER BY
[dept], [lastName]"

            If GridView1.Rows.Count = 0 Then

                lbl1.Text = "<br />Your search for " & strSearch.Text & "
found no results."

            Else

                lbl1.Text = "<br />Search string: " & strSearch.Text & "."

            End If

        End If

    End Sub



---------------------->

 Why does it never get to the Else half of that If?  I'm thinking this is
either a failure of my ability to nest conditional statements, a failure of
my logic, or a failure of my understanding of GridView.Rows.Count.  I've
been beating this dead horse for three hours now and I'm going to bed.
Hopefully I will find a solution tomorrow.  If you know it, feel free to
share!  Thanks!





Jeremy Coulson

PC Technician/Webmaster, Frederick County

(540) 722-8211

jcoulson at co.frederick.va.us


-- 

* * Please support the community that supports you.  * *
http://evolt.org/help_support_evolt/

For unsubscribe and other options, including the Tip Harvester 
and archives of thelist go to: http://lists.evolt.org 
Workers of the Web, evolt ! 




More information about the thelist mailing list