1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

sending data between pages?

Discussion in 'C#' started by cemo, Jun 29, 2006.

  1. #1
    hi, i want to send a data by using href. like this sample.aspx?data=14 but i don't know how to get this tada back on the other page? thanks
    SEMrush
     
    cemo, Jun 29, 2006 IP
    SEMrush
  2. benjymouse

    benjymouse Peon

    Messages:
    39
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Request.QueryString["data"]
     
    benjymouse, Jun 29, 2006 IP
  3. ludwig

    ludwig Notable Member

    Messages:
    2,253
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    225
    #3
    strData = Request("data")
     
    ludwig, Jun 30, 2006 IP
  4. vectorgraphx

    vectorgraphx Guest

    Messages:
    545
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    0
    #4
    also, if you're using it to update/add data to a database, you might go ahead and cleanse your data to avoid sql injection. can be done in one line real easy - slight mod to ludwig's suggestion.

    strData = replace(Request("data"), "'", "''")

    if you're not updating/modifying/adding to a database, there's no need to double the apostrophes.

    VG
     
    vectorgraphx, Jun 30, 2006 IP
  5. ludwig

    ludwig Notable Member

    Messages:
    2,253
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    225
    #5
    usually I replace all of the following:

    strData = trim(request("data"))
    strData = replace(strData, "&", "&") 'replacing with a Web Safe Numeric Character
    strData = replace(strData, "'", "'") 'not doubleing like VG said, but replacing with a WSNC
    strData = replace(strData, """", """) 'for SQL statement to work properly
    strData = replace(strData, vbCrLf, "<br>") 'if sending from a textarea field
     
    ludwig, Jun 30, 2006 IP
  6. WayTooAwesome

    WayTooAwesome Peon

    Messages:
    36
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Just a question that's mostly on-topic... How would you send data between pages without using a querystring? Like, if you needed to pass sensitive information from page to page, but didn't want people seeing it?
     
    WayTooAwesome, Jun 30, 2006 IP
  7. ludwig

    ludwig Notable Member

    Messages:
    2,253
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    225
    #7
    use method="post" and not get
     
    ludwig, Jun 30, 2006 IP
  8. vectorgraphx

    vectorgraphx Guest

    Messages:
    545
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    0
    #8
    also, if you used method = "post", you would use request.form to retrieve the data.
     
    vectorgraphx, Jun 30, 2006 IP
  9. ludwig

    ludwig Notable Member

    Messages:
    2,253
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    225
    #9
    I think we did greate with VG on this.

    Good luck
     
    ludwig, Jun 30, 2006 IP
  10. dodolls

    dodolls Well-Known Member

    Messages:
    282
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    108
    #10
    passing sensitive data is very crucial. use method="post" and combining the proper filters will somehow eliminate or atleast have a degree of security against sql injection, but still injection would be possible in the form elements u are using.
     
    dodolls, Jul 1, 2006 IP
  11. ludwig

    ludwig Notable Member

    Messages:
    2,253
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    225
    #11
    Also yesterday I had someone who wanted a job at my company and he used a very simepl method for protecting the data.

    What he did was very simple. When you click the submit button, a JavaScript code works which encodes the password character and only then sends the info to the LOGIN file. The login file decodes the characters encoded by JavaScript and then checks whetether it mathches the data or no :)

    Nice way, haven't thought about it before.

    Surely you'll have to use METHOD="POST"
     
    ludwig, Jul 2, 2006 IP
  12. dodolls

    dodolls Well-Known Member

    Messages:
    282
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    108
    #12


    :D i think it is also better to have a server side protection too, cause client side filtration can be bypass by removing the javascript in view source.
     
    dodolls, Jul 2, 2006 IP
  13. benjymouse

    benjymouse Peon

    Messages:
    39
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #13
    Oh my God, no! This is a piece of very bad advice.

    1) it will only protect you against some kind of injections, others may be wide open, giving you a false sense of security.
    2) the data will effectively be in a form where it can only be used for sql, i.e. not for display/calculations, if not converted back.
    3) it is not portable. some database systems may allow/require other escaping mechanisms.

    I see where this is coming from: magic_quotes in PHP. That is a piece of cr&%&%/¤ language design, on par with register_globals.

    Do not do this. Never. Ever. And never advice anyone else to do it, unless you want to be able to hack into their site afterwards.

    Instead, use parameterized queries. They are guaranteed to protect against sql injections.
     
    benjymouse, Jul 3, 2006 IP
  14. ludwig

    ludwig Notable Member

    Messages:
    2,253
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    225
    #14
    Man I have been using the replace method for quite a while and no problems I had till now
     
    ludwig, Jul 3, 2006 IP
  15. vectorgraphx

    vectorgraphx Guest

    Messages:
    545
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    0
    #15
    great suggestion benjymouse. you're right, parameterized queries are more secure. they're also difficult for the amateur to handle, especially someone who is amateur enough to not know how to pass/retrieve variables from page to page. Stored procedures are quite a bit more advanced to wrestle with, but there's no doubt about it - parameterized queries are the way to go if you can handle them. you wouldnt happen to have any links on-hand to some walkthroughs/guidelines on stored procedure handling/parameterized queries would ya? here's one that might help - if you've got others i'm sure they would benefit the DP community as well :D

    http://www.4guysfromrolla.com/webtech/111798-1.shtml

    later -

    VG
     
    vectorgraphx, Jul 3, 2006 IP