I am trying to make a small, data-driven widget that is populated with data from a database on the fly. I can load it initially just fine, but when the index of an ASP DropDownMenu is changed, the widget returns a 404.
This could be a symptom of how I am using the Javascript, or how I am using the ASP. I honestly don't know for sure.
Javascript: http://pastebin.com/f127d6b84
ASP: http://pastebin.com/f38c73708
VB.NET codebehind: http://pastebin.com/f7881a903
If the postback is returning 404, I'd look at the url that you're sending the postback to.
http://webwidgetstest.reeceandnichols.com/rDeskWidgetMLSt.aspx?agentname=jendene
Also your widget has some security issues going on, namely SQL Injection.
Dim SelectString As String = "select
ListingNumber, ListingSearchHitCount,
ListingDetailHitCount,
VirtualTourHitCount from
FNIS.dbo.ListingHitCountCurrent,
RAN.dbo.Heartland_Residential where
Heartland_Residential.LIST_AGENT_1_ID
= '" & Request("agentname") & "' and Heartland_Residential.MLS_Number =
FNIS.dbo.ListingHitCountCurrent.ListingNumber
and Heartland_Residential.Status =
'A'"
This inline SQL statement is not parameterizing the Request("agentname") field.
Related
Does this redirection method have a specific name, and how do I set it up for an ASP based site?
http://www.example.com/?URL=www.redirecteddomain.com
Ok, in that case, it not really the web server, but simply your code that can do this.
so, if you web page was:
http://localhost/MyJumpPage.aspx?URL=www.google.com
So, in your code, all you have to do is grab that 1st parameter, and then run code to jump/navigate to that page.
EG:
string strURL = "";
strURL = Request.QueryString("URL");
Response.Redirect("http://" + strURL);
So, the code behind a button, or even on page load can simply pull the query value from the url string, and then jump to that URL.
I've deployed my ASP.NET application today. It's a web application (I am using forms, etc.). I was happy with all my functionalities. For example, I had part of the of the code that says
if c.results = " " then MsgBox("Error! No record was returned)
Then I clear all my text boxes.
That MsgBox was working when I was running my application locally, but now that I've deployed it I get a server run error! I read some similar posts that said MsgBox is not supported with web applications, but all their answers were with JavaScript. I am not familiar with it, but I don't understand how to put my JavaScript in my Visual Basic class instead of where I am calling the MsgBox- is there a way fixing the above issue with VB.NET code?
Here is the code:
Dim results = customer.getCustomerDetails(txtCustomerNumber.Text, txtDOB.Text)
If (results.customerNumber = "") Then
Response.Write("<script>alert('Customer record not found')</script>")
txtCustomerNumber.Text = ""
txtDOB.Text = ""
Else
( Do the other stuff)
End if
MsgBox is server side so it can't show up to the client which is only seeing the client side of the ASP.NET webform, hence use the following if you want to access a JavaScript alert from code behind or simply alert in JavaScript:
Page.ClientScript.RegisterStartupScript(Page.GetType(), "alert", "<script
language=JavaScript>alert('your wanted message');</script>")
You can generate client code from your server side VB as such:
If c.results = " " Then
Response.Write("<script>alert('Error! No record was returned')</script>")
End If
I have a classic ASP page, and I need to create a loop for each row on a table and then create an html document and save it to the hard drive, but I want to create a template so I just send the two variables to the template so I don't have to write the HTML document each time on the loop.
This is what I have so far:
SQL = "select Title, Article from [ASPTest].[dbo].[articles]"
set rs = conn.execute(SQL)
arrRecs = rs.GetRows
For row = 0 To UBound(arrRecs, 2) 'Rows
For col = 0 To UBound(arrRecs, 1) 'Columns
Response.Write rs.Fields(col).Name & " = " & arrRecs(col, row) & " "
dim fs,f
set fs=Server.CreateObject("Scripting.FileSystemObject")
set f=fs.CreateTextFile("C:\Users\User\Documents\ASP Pages\"+arrRecs(col, row)+".html",true)
f.write("<html><body><div>It kinda works</div></body></html>")
f.close
set f=nothing
set fs=nothing
Next
Response.Write "<br />"
Next
Is there a way to use a template that has 2 variable holders and send the article name and title to the template and then save it to the disk?
Thank you.
I think you could probably achieve what you want using a template stored as a text file, and the Replace function.
Your template should be a fully-formed html page, but with placeholder values for the title and article. The placeholders need to be unique, so something like [[[~~~Title~~~]]] or a similar sequence that will not occur in your actual titles, articles, or the template itself.
<html>
<head><title>[[[~~~Title~~~]]]</title></head>
<body>
<h1>[[[~~~Title~~~]]]</h1>
<div id="article">[[[~~~Article~~~]]]</div>
</body>
</html>
In your code, read the template from the file and store it in a variable. (So technically, you could just write it to a variable in the first place, but VBScript is bad at string concatenation... anyway.) Get your array of titles & articles and loop through it (though only once: I'm not sure why you're looping through both rows and columns in your attempt). For each row, make a copy of the template, replace the title placeholder with the current row's title, replace the article placeholder with the current row's article, and write the result to a file.
Dim template, t
Dim fso, file
Dim rs, conn, SQL
Dim records, row
SQL = "SELECT ID, Title, Article FROM [ASPTest].[dbo].[articles]"
'[...database stuff...]
records = rs.GetRows
'[...close database...]
Set fso = Server.CreateObject("Scripting.FileSystemObject")
Set file = fso.OpenTextFile("path/to/template.txt",1) '- 1 = For reading
template = file.ReadAll
file.Close
Set file = Nothing
For row = 0 to UBound(records,2)
t = template
t = Replace(t,"[[[~~~Title~~~]]]",records(1,row))
t = Replace(t,"[[[~~~Article~~~]]]",records(2,row))
Set file = fso.CreateTextFile("path/to/html/" & records(0,row) & ".html")
file.Write(t)
file.Close
Set file = Nothing
Next
Set fso = Nothing
Back in the day I created the KudzuASP template engine to solve this rather complex deficiency in Classic ASP. In KudzuASP you can have ASP code pages that have absolutely NO HTML in them.
KudzuASP is as small include file roughly under 1000 lines of code that turns your hosting ASP page into an event driven object used by the template engine.
In short you create an instance of the template engine, set some variables, install custom code objects, and invoke it after which the template engine reads your template and make callbacks to your ASP page when and where appropriate. It has a library system so you can load libraries of custom tags handlers/components via code or by tags placed in your HTML template.
One of the best features is that for those still under the Classic ASP umbrella it makes 100% separation of application code and logic from presentation possible. Coding Classic ASP pages using KudzuASP is much easier than without and because of the way ASP compiles pages the callbacks are "native" and very fast.
You can find it here KudzuASP where the project is still maintained.
I am using ASP javascript to select from a MySQL database using a parameter passed by the user.
I would like to do this using a prepared statement. I have seen examples in VB script but can't figure it out in ASP JS.
I would normally do it in the following way:
var adoConnection = Server.CreateObject("ADODB.Connection");
adoConnection.Open("dsn=my-dsn;uid=userid;pwd=password;");
var getAdmin = "SELECT * FROM users WHERE username = '"+String(Request.QueryString("username"))+"'";
var rsAdmin = adoConnection.Execute(getAdmin);
I would like to change this to pass the user data in a safer way, can anyone help?
to parametrize correctly in ASP your Queries, you need to use "ADODB.Command" to execute your queries instead of using ADODB.Connection directly. ADODB.Command has method named ".CreateParameter()" that permits that you want.
Example code
'-------------------------------------------------------------------'
var oCmd = Server.CreateObject("ADODB.Command")
var sSQL = "SELECT username, action FROM userlog WHERE event_date < ? ;";
oCmd.CommandText = sSQL
oCmd.ActiveConnection= oConn
'-------------------------------------------------------------------'
var oPar = oCmd.CreateParameter("event_date",7,1,,dDate); 'Date
oCmd.Parameters.Append(oPar);
'-------------------------------------------------------------------'
.... do this until you have all the parameters appended and ....
var oRS = oCmd.Execute();
and you manipule the recordset as you wish
Aditional resources
ADODB Documentation
MSDN Example
ASP javascript is usually reffered to as JScript. If you search for '[jscript] [mysql]' on stackoverflow it will show you a question which will probably answer your question:
ADODB Command failing Execute with parameterised SQL query
You could also google 'msdn jscript ado' for additional samples.
Although calling into a database directly from browser-side code isn't a preferred method of retrieving data into the page (most folks prefer AJAX/JSON requests these days...), you could definitely improve the security of your code by converting the SQL statement to a stored procedure call.
For details, see http://andrewu.co.uk/clj/stored_procedures_with_jscript/
I'm creating a time sheet for work to learn more about asp and making database connections I am also using this time to prepare for my next C# and database design class which start on Wednesday. I'd like to know how I can get data from default.aspx and display it in timesheetdisplay.aspx, and I would also like to know how I can make it so the person doesn't have to enter the full id "100000111" as it appears in the database just the last 3.
<asp:TextBox id="xBadgeTextBox" runat="server" width="100px"></asp:TextBox>
As far as passing data between pages you can pass it via QueryString, Session variables, or by persisting it to some sort of data store such as a Database. In the situation above I would look at passing via Querystring parameter. Be sure that if you do do this that you validate the data on the new page to ensure its safety and validity before using it (think SQL Injection Attack).
How to: Pass Values Between ASP.NET Web Pages
As far as your second question goes I would say that this could be handled on the server side if you are sure that the last 3 digits will always be unique. Or were you looking to prompt the user entering data similar to Google? If so look at the AutoComplete Extender in the AJAX Control Toolkit or look at doing something similar in JQuery.
If you're redirecting from page to page, consider using the Server.Transfer("timesheetdisplay.aspx", true) method when navigating away from your default.aspx page. Note the second parameter, true, which will persist all ViewState and QueryString data across from page to page.
I would generate a unique key, store the value you are transfering in the users session, redirect the user and include the key in the query string, grab the key, and then get the value. Something like this:
//---On Default---
var value = "can be a single string or even a complext object...";
var keyName = Guid.NewGuid().ToString();
HttpContext.Current.Session[keyName] = value;
HttpContext.Current.Response.Redirect("timesheetdisplay.aspx?SID=" + keyName);
//---On TimeSheet---
var getKeyName = HttpContext.Current.Request.QueryString["sid"].ToString();
var myValue = HttpContext.Current.Session[keyName];
To get the id from a partial ID I would do it just like Muhammad Akhtar said:
select * From yourtable where id like '%111'