Develop Reference

Load DropDownList from Database, then get the Value

I'm not sure how ASP.NET works since I'm still very new to it, coming from a PHP background where most things are done with POST. I'm using VB.NET behind the code. Mainly because the main program used here is written in VB.NET and I want to keep the code portable without compiling a library.
My issue is as follows. I have a DropDownList on the page. I populate it with data from the database. That seems to work fine.
I have a button that should change the CLIENTCODE to whatever has been selected in the DropDownBox. This doesn't work. Instead the Index is always -1.
Page Code
<%# Page Title="" Language="vb" AutoEventWireup="false" MasterPageFile="~/MasterPage.Master" CodeBehind="Admin.aspx.vb" Inherits="WOTC_CP.Admin" %>
<asp:Content ID="Content1" ContentPlaceHolderID="head" runat="server">
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="RightBody" runat="server">
<%
Load_UserList_List()
%>
<h1 class="sub-header">Administration Toolbox</h1>
<p>If you are not an Administrator, please send us an alert and leave this page at once.</p>
<div class="row">
<div class="form-group">
<div class="col-md-4">
<asp:Label ID="Label1" runat="server" Text="Label">Change my Clientcode;</asp:Label>
<asp:DropDownList ID="cboClientList" class="form-control" runat="server" >
</asp:DropDownList>
<asp:Button ID="cmdChangeClientCode" class="btn btn-primary" runat="server" Text="Change" />
</div>
</div>
</div>
Behind Code
Public Sub Load_CLIENTCODE_List()
If IsPostBack = False Then
Using DB As New wotcDB
Dim r = (From t In DB.client_main Order By t.CLIENTCODE Select t.CLIENTCODE).Distinct
For Each Client In r
Dim input As New ListItem
input.Text = Client
input.Value = Client
cboClientList.Items.Add(input)
Next
End Using
End If
End Sub
Private Sub cmdChangeClientCode_Click(sender As Object, e As EventArgs) Handles cmdChangeClientCode.Click
Dim CLIENTCODE As String = CType(Session("CLIENTCODE"), String)
Dim UserName As String = CType(Session("UserName"), String)
Using DB As New wotcDB
Dim u = (From t In DB.website_users Where t.UserName = UserName).FirstOrDefault
If u IsNot Nothing Then
Dim TempID As Integer = cboClientList.SelectedIndex
Dim TempValue As String = cboClientList.SelectedValue
u.CLIENTCODE = cboClientList.SelectedValue
DB.SaveChanges()
End If
End Using
End Sub
I've tried other answers here on stack, but nothing seems to work. Any Ideas?

In asp.net the dropdown list has two key properties that you want to set. DataTextField = Display Name and DataValueField = value to store to DB.
With that said, you need to capture the "SelectedValue" if you want to get the DataValueField.

The issue was that I was loading the script that populated the DropDownList before getting it's value. So it was always empty. The solution was to load the list on Page_Load instead.

ASP.net auto complete works in local, but not working in live server

We have an ASP website that has the auto complete function for textbox. When we test on local, the function able to work. After we host the website on live server, we found that the auto complete function is not working anymore. We need to make that function works on the live server as well. We develop the website using Visual Studio tool. However, our live server did not have Visual Studio. We hosted the website using IIS 8 on the server. We need help on this issue.
Below are the details of codes.
We created a class called AutoComplete.vb in the App_Code folder. Below are the coding.
AutoComplete.vb
Imports System
Imports System.Collections
Imports System.Linq
Imports System.Web
Imports System.Web.Services
Imports System.Web.Services.Protocols
Imports System.Xml.Linq
Imports System.Collections.Generic
Imports System.Data
Imports System.Data.SqlClient
' To allow this Web Service to be called from script, using ASP.NET AJAX,
' uncomment the following line.
<System.Web.Script.Services.ScriptService()> _
<WebService(Namespace:="http://tempuri.org/")> _
<WebServiceBinding(ConformsTo:=WsiProfiles.BasicProfile1_1)> _
Public Class AutoComplete
Inherits System.Web.Services.WebService
Dim cn As New SqlClient.SqlConnection()
Dim ds As New DataSet
Dim dt As New DataTable
<WebMethod()> _
Public Function GetCompletionList(ByVal prefixText As String, _
ByVal count As Integer) As String()
'ADO.Net
Dim strCn As String = _
"Data Source=.\SQLEXPRESS;AttachDbFilename=F:\MSDRepairWebDB\App_Data\Errorcode.mdf;Integrated Security=True;User Instance=True"
cn.ConnectionString = strCn
Dim cmd As New SqlClient.SqlCommand
cmd.Connection = cn
cmd.CommandType = CommandType.Text
'Compare String From Textbox(prefixText)
'AND String From Column in DataBase(CompanyName)
'If String from DataBase is equal to String from TextBox(prefixText)
'then add it to return ItemList
'-----I defined a parameter instead of passing value
'directly to prevent SQL injection--------'
cmd.CommandText = "select * from Errorcode Where Test like #myParameter"
cmd.Parameters.AddWithValue("#myParameter", prefixText + "%")
Try
cn.Open()
cmd.ExecuteNonQuery()
Dim da As New SqlDataAdapter(cmd)
da.Fill(ds)
Catch ex As Exception
Finally
cn.Close()
End Try
dt = ds.Tables(0)
'Then return List of string(txtItems) as result
Dim txtItems As New List(Of String)
Dim dbValues As String
For Each row As DataRow In dt.Rows
''String From DataBase(dbValues)
dbValues = row("Test").ToString()
dbValues = dbValues.ToLower()
txtItems.Add(dbValues)
Next
Return txtItems.ToArray()
End Function
End Class
This the coding for the web service we created
AutoComplete.asmx
`<%# WebService Language="vb" CodeBehind="F:\MSDRepairWebDB\App_Data\Errorcode.mdf" Class="AutoComplete" %`>
This is the code for the actual page that using the autocomplete textbox
SearchErrorCode.aspx
<%# Page Title="" Language="vb" AutoEventWireup="false" MasterPageFile="~/MasterPage.Master" CodeBehind="SearchErrorCode.aspx.vb" Inherits="MSDRepairWebDB.SearchErrorCode" EnableEventValidation="false" %>
<%# Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit" TagPrefix="asp" %>
<h2>
Search Error Code</h2>
<asp:ToolkitScriptManager ID="ToolkitScriptManager1" runat="server">
<Services>
<asp:ServiceReference Path="AutoComplete.asmx"/>
</Services>
</asp:ToolkitScriptManager>
<asp:AutoCompleteExtender ID="autoComplete1" runat="server"
EnableCaching="true"
BehaviorID="AutoCompleteEx"
MinimumPrefixLength="1"
TargetControlID="tbDGNTestingErrorCode"
ServicePath="AutoComplete.asmx"
ServiceMethod="GetCompletionList"
CompletionInterval="0"
CompletionSetCount="10"
CompletionListCssClass="autocomplete_completionListElement"
CompletionListItemCssClass="autocomplete_listItem"
CompletionListHighlightedItemCssClass="autocomplete_highlightedListItem"
DelimiterCharacters=";, :"
ShowOnlyCurrentWordInCompletionListItem="true">
<Animations>
<OnShow>
<Sequence>
<%-- Make the completion list transparent and then show it --%>
<OpacityAction Opacity="0" />
<HideAction Visible="true" />
<%--Cache the original size of the completion list the first time
the animation is played and then set it to zero --%>
<ScriptAction Script="// Cache the size and setup the initial size
var behavior = $find('AutoCompleteEx');
if (!behavior._height) {
var target = behavior.get_completionList();
behavior._height = target.offsetHeight - 2;
target.style.height = '12px';
}" />
<%-- Expand from 0px to the appropriate size while fading in --%>
<Parallel Duration=".4">
<FadeIn />
<Length PropertyKey="height" StartValue="0"
EndValueScript="$find('AutoCompleteEx')._height" />
</Parallel>
</Sequence>
</OnShow>
<OnHide>
<%-- Collapse down to 0px and fade out --%>
<Parallel Duration=".4">
<FadeOut />
<Length PropertyKey="height" StartValueScript=
"$find('AutoCompleteEx')._height" EndValue="0" />
</Parallel>
</OnHide>
</Animations>
</asp:AutoCompleteExtender>
<tr align=left>
<th class="style2" >
Error Code
</th>
<td>
<asp:TextBox ID="tbDGNTestingErrorCode" autocomplete ="off" runat="server"
Width="190px" MaxLength="5" ></asp:TextBox>
<asp:RequiredFieldValidator ID="RequiredFieldValidator2" runat="server" ControlToValidate="tbDGNTestingErrorCode"
ErrorMessage="Error Code Required!" InitialValue=""
ForeColor="#FF3300"></asp:RequiredFieldValidator>
</td>
</tr>
</asp:Content>
This is the database table structure.
Database : Errorcode.mdf
Table : Errorcode
Can anyone help me to advise to make the auto complete work on the live server?
Thanks

vbCode is autocomplete is not working

I am new to VB.net I want get list of names from my DB with auto complete. I am trying to follow the following example.
But My problem is it not working and I was not getting any error can any one tell me where I am doing wrong.
My home.aspx
<%# Page Title="Home Page" Language="VB" CodeFile="~/home.aspx.vb" AutoEventWireup="true" Inherits="_home"%>
<%# Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit" TagPrefix="asp" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
</head>
<body>
<form id="form1" runat="server">
<asp:ToolkitScriptManager ID="ScripManager1" runat="server"/>
<asp:UpdatePanel ID="autoupdate" runat="server">
<ContentTemplate>
<asp:TextBox ID="txtSearch" runat="server"></asp:TextBox>
<asp:AutoCompleteExtender ID="AutoCompleteExtender2" runat="server"
TargetControlID="txtSearch" ServiceMethod="GetList" MinimumPrefixLength="3"
UseContextKey="True" >
</asp:AutoCompleteExtender>
</ContentTemplate>
</asp:UpdatePanel>
</form>
</body>
</html>
This is my home.aspx.vb
Imports System.Configuration
Imports System.Data
Imports System.Data.SqlClient
Imports System.Threading
Imports System.Web.Services
Partial Class _Default
Inherits System.Web.UI.Page
<WebMethod()> _
Public Shared Function GetCompletionList(ByVal prefixText As String, ByVal count As Integer, ByVal contextKey As String) As String()
Try
Dim con As New SqlConnection(ConfigurationManager.ConnectionStrings("Test").ConnectionString)
con.Open()
Dim cmd As New SqlCommand("select LoginName from users where LoginName like '#Name' +'%' ", con)
cmd.Parameters.AddWithValue("#Name", prefixText)
'Dim da As New SqlDataAdapter(cmd)
'Dim dt As New DataTable()
'da.Fill(dt)
'Dim InviteSearchListresult As New List(Of String)()
'For i As Integer = 1 To dt.Rows.Count
' InviteSearchListresult.Add(dt.Rows(i)(1).ToString())
' Next
Dim result As New List(Of String)()
Dim dr As SqlDataReader = cmd.ExecuteReader()
While dr.Read()
result.Add(dr("LoginName").ToString())
End While
Return (
From m In result
Where m.StartsWith(prefixText, StringComparison.CurrentCultureIgnoreCase)
Select m).Take(count).ToArray()
Catch ex As Exception
End Try
End Function
End Class
Please help how to solve this issuse.

Your service method is GetList but your actual method name is GetCompletionList.
Try getting the method names to match up and see if that's the problem. You're trying to call a method that doesn't exist.

SQL Injection prevention with Microsoft Access and VB.NET

I'm a beginner in ASP.NET so I have some questions about how to prevent SQL injection in ASP.NET. My programming language is VB.NET, not C#, and I'm using Microsoft Access as my database.
My questions are:
How to protect my database from SQL injection?
I have been reading postings from other forums and they said using
parameters with stored procedures, parameters with dynamic SQL. Can they be implemented in a Microsoft Access database?

Here is a very simple ASP.NET example using a parameterized query via OleDb in VB.NET:
Default.aspx
<%# Page Title="Home Page" Language="vb" MasterPageFile="~/Site.Master" AutoEventWireup="false"
CodeBehind="Default.aspx.vb" Inherits="vbOleDbSite._Default" %>
<asp:Content ID="HeaderContent" runat="server" ContentPlaceHolderID="HeadContent">
</asp:Content>
<asp:Content ID="BodyContent" runat="server" ContentPlaceHolderID="MainContent">
<p>
First Name: <asp:TextBox ID="FirstName" runat="server"></asp:TextBox><br />
Last Name: <asp:TextBox ID="LastName" runat="server"></asp:TextBox><br />
<br />
<asp:Button ID="btnAddUser" runat="server" Text="Add User" />
<br />
Status: <span id="spanStatus" runat="server">Awaiting submission...</span>
</p>
</asp:Content>
Default.aspx.vb
Public Class _Default
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
End Sub
Protected Sub btnAddUser_Click(sender As Object, e As EventArgs) Handles btnAddUser.Click
Dim newID As Long = 0
Using con As New OleDb.OleDbConnection
con.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\__tmp\testData.accdb;"
con.Open()
Using cmd As New OleDb.OleDbCommand
cmd.Connection = con
cmd.CommandText = "INSERT INTO UsersTable (LastName, FirstName) VALUES (?, ?);"
cmd.Parameters.AddWithValue("?", Me.LastName.Text)
cmd.Parameters.AddWithValue("?", Me.FirstName.Text)
cmd.ExecuteNonQuery()
End Using
Using cmd As New OleDb.OleDbCommand
cmd.Connection = con
cmd.CommandText = "SELECT ##IDENTITY"
newID = cmd.ExecuteScalar()
End Using
con.Close()
End Using
Me.spanStatus.InnerText = "User """ & Me.FirstName.Text & " " & Me.LastName.Text & _
""" has been added (ID: " & newID.ToString() & ")."
End Sub
End Class
Notes:
The parameterized query uses "?" instead of "real" names for the parameters because Access OLEDB ignores parameter names. The parameters must be defined in the exact order that they appear in the OleDbCommand.CommandText.
The [UsersTable] table has an AutoNumber primary key, and SELECT ##IDENTITY retrieves the new key value created by the INSERT INTO statement.

Can the results of my search be links to pages?

I have a search engine on my ASP.net 4.0 VB site that in which I need to link the search results with their individual pages. I understand that this can be done simply with a submit button after the search textbox but a submit button wouldn't fit next to the search bar on my page, plus it wouldn't look right.
The old way, the results were stored in a hidden div where they became links to their pages. I was hoping that the code I have of the old search could be incorporated into the new search, but I do not know where it would go. The only way I can think of to do it is to place the code in the webservice in a while or for loop. I may be way off base here, but that is why I am asking what the best way to go about this would be?
<WebMethod()> _
Public Function GetCompletionList(ByVal prefixText As String, ByVal count As Integer) As String()
Dim ProductSql As String = "Select ProductName FROM Product WHERE ProductName LIKE '" & prefixText & "%'"
Dim sqlConn As New SqlConnection
sqlConn.Open()
Dim myCommand As New SqlCommand(ProductSql, sqlConn)
Dim myReader As SqlDataReader = myCommand.ExecuteReader()
Dim myTable As New DataTable
myTable.TableName = "ProductSearch"
myTable.Load(myReader)
sqlConn.Close()
Dim items As String() = New String(myTable.Rows.Count - 1) {}
Dim i As Integer = 0
For Each dr As DataRow In myTable.Rows
items.SetValue(dr("ProductName").ToString(), i)
i += 1
Next
Return items
End Function
<asp:ScriptManager ID="ScriptManager1" runat="server">
<Services>
<asp:ServiceReference Path="ProductSearch.asmx" />
</Services>
</asp:ScriptManager>
<asp:TextBox ID="Search" runat="server" AutoComplete="off"></asp:TextBox>
<asp:AutoCompleteExtender ID="AutoCompleteExtender1" runat="server" TargetControlID="Search" ServicePath="~/ProductSearch.asmx" ServiceMethod="GetCompletionList" MinimumPrefixLength="1" CompletionSetCount="120" EnableCaching="true" CompletionListCssClass="results">
</asp:AutoCompleteExtender>

I used a little javascript to make links out of the results of my search engine query. This is what I have now - although the For Each loop in the Web Service doesn't work properly.
<asp:Content ID="Content1" ContentPlaceHolderID="head" Runat="Server">
<script type="text/javascript">
function AutoCompleteClientMethod(source, eventArgs) {
var value = eventArgs.get_value();
window.location = ("/Product/Default.aspx?id=" + value)
}
</script>
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="body" Runat="Server">
<asp:ScriptManager ID="ScriptManager1" runat="server">
<Services>
<asp:ServiceReference Path="ProductSearch.asmx" />
</Services>
</asp:ScriptManager>
<asp:TextBox ID="Search" runat="server" AutoComplete="off"></asp:TextBox>
<asp:AutoCompleteExtender ID="AutoCompleteExtender1" runat="server" TargetControlID="Search" ServicePath="~/ProductSearch.asmx" ServiceMethod="GetProducts" MinimumPrefixLength="1" CompletionSetCount="120" EnableCaching="true" OnClientItemSelected="AutoCompleteClientMethod">
</asp:AutoCompleteExtender>
</asp:Content>
<WebMethod()> _
Public Function GetProducts(ByVal prefixText As String, ByVal count As Integer) As String()
Dim ProductSql As String = "Select ProductID, ProductName FROM Product WHERE ProductName LIKE '" & prefixText & "%'"
Dim sqlConn As New SqlConnection
sqlConn.Open()
Dim myCommand As New SqlCommand(ProductSql, sqlConn)
Dim myReader As SqlDataReader = myCommand.ExecuteReader()
Dim myTable As New DataTable
myTable.TableName = "ProductSearch"
myTable.Load(myReader)
sqlConn.Close()
Dim items As String() = New String(myTable.Rows.Count - 1) {}
Dim i As Integer = 0
For Each dr As DataRow In myTable.Rows
items.SetValue(dr("ProductName").ToString(), i)
i += 1
Next
Return items
End Function
End Class