posted
20 gridviews? *blink* I don't think you understand how a datagrid is supposed to work.
There are multiple ways to display query data in a textbox in ASP.NET after hitting a button. The easiest probably is a gridview. You can also bind the textbox to a field in your datasource, assuming you have a datasource.
But since you're talking about 20 gridviews, I'm going to assume that you don't understand how datasources (or datasets) work.
How are you holding the data that comes back out of the query -- and are you using SQLDataReader or another method?
(BTW, you aren't seriously inserting the contents of a textbox into your query string, are you? Google "SQL insertion attack" to understand why this is a bad idea.)
Posts: 37449 | Registered: May 1999
| IP: Logged |
posted
The worst case scenario is that you write code in the click even of the button to run the query, read the dataset manually, and set the value of the text box. This is actually better in some circumstances.
In .Net, there are fewer circumstances where such "manual" population of controls is better, though, so it's probably better to simply bind the controls to a dataset that gets reset on each click. There are many, many examples of this out there.
Posts: 26071 | Registered: Oct 2003
| IP: Logged |
posted
I personally don't use gridviews or data binding myself... When I'm doing database work, I have a tendency to want to be in complete and total control of what happens, so I do it the "old fashion" way similar to what Dagonee describes: in the "Page_Load" (by checking "IsPostBack") or in the event handler, I run my query and fill in the text box.
I also have my own database class I use that returns me data structures and arrays that are easier to use and, in some cases, strong typed.
And an "SQL Insertion Attack" is only an issue if he isn't filtering the string before using it in an actual query. The only reason I wouldn't recommend it is because it can be easily screwed with and is unsightly.
Posts: 3486 | Registered: Sep 2002
| IP: Logged |
posted
He was filtering against SQL injection with his perl put-your-name-here script.
Of course, he wasn't filtering against HTML injection . . . I'm still sad it went offline before anyone seemed to have noticed the bit I injected to make the table of names slowly move across the screen . . .
Posts: 15770 | Registered: Dec 2001
| IP: Logged |
Blayne Bradley
unregistered
posted
this isnt for an actual website its more inregards to my milestone III but my notes on the matter aren't presiely clear on how to get a textbox to display the results of a query.
Dim myobj As New clsGeneral Dim dt As Data.DataTable ^-> local pointer dt=myobj.GetQuery("select... from where " & textbox1.text) ^-> function/method Gridview1.datasource=dt gridview1.databind()
Public function GtQuery( ByVal qry As String ) as Datatable ^return type
Dim dt as Datatable //your connection Dim objcmd as new oledbcommand //your sql dim objdatareader as oledataReader //your answer ^--> your catcher of results of sql //set up connection
dim connstr as string connstr = configurationsettings.Appsettings("connectionstring") objconn.connectionstring=connstr
objconn.open()
//set up the command
objcmd.commandtext=qry
//the objcmd knows now what to do but how does it know on what database?
objcmd.connection = objconn
//aha! no objcmd knows. //now we run the command and somehing jas to hold the results
objdatareader=objcmd.executereader(commandbehavior.closeconnection) ^ ^-----^-->means run the command.' | in the .commandtext property your results //mess: your datareader must be converted // to a datatable before it can be sent // back to the datagrid (this is gridview1's datasource
This is roughly the pseudo code for making a datagrid work onclick on the button, but how do I get a textbox to dsplay particular rows of the datagrid.
IP: Logged |
posted
Your last sentence reveals the fundamental problem: you do not get a textbox to display particular rows of your datagrid, at least not in the way you mean.
A datagrid arranges the contents of a dataset or datatable. Since you've got a datagridview called Gridview1 bound to the datatable you'll eventually populate, it is unnecessary to manually place or fill any textboxes with this information; by default, the datagridview will display all the fields returned in your SELECT statement.
Now, this isn't to say that returning a value to a specific textbox isn't a good thing to know -- but from your notes, that's not what your professor is having you do.
(As a side note, can I just observe that I am horrified by the fact that your professor is giving you a maketablefromreader() method?)
Posts: 37449 | Registered: May 1999
| IP: Logged |
Blayne Bradley
unregistered
posted
Yes indeed he is, this was notes for Milestone 2, Mile3 has it so that some textboxes will show more spefic information, as with my above example.
"Please enter Query, enter the stock number:[ textbox ]"
Say I enter a stock number "4" and hit enter.
I want to run a query on a database on disk and return say the name field of the item found. In this case a walk man.
posted
Your professor does not inspire trust in me. For what you are doing, it is far simpler to merely use the datareader itself without converting it to a datatable; you don't need a datagrid at all.
In fact, if you're searching on something like a stock number (which will return a single unique item) and have written your SELECT statement to return only the field you want, you can output the datareader directly.
Try something like:
code:
objdatareader.Open() If objdatareader.Read() Then txtFieldname.Text = objdatareader("Fieldname") End If objdatareader.Close()
Note that this example does not incorporate any error-handling.
Posts: 37449 | Registered: May 1999
| IP: Logged |
It looks to me like you don't understand what meta means. Using it or other basic terminology can be a semi-serious problem in programming, because many people are going to take that as a sign that you don't generally know what you are doing.
If you use meta incorrecly in a job interview, for example, it is likely going to be a black mark against you.
Posts: 10177 | Registered: Apr 2001
| IP: Logged |
Blayne Bradley
unregistered
posted
I said the above post as a joke, I am not entirely sure what it means, I know how to use it in a sentence and I know this may not be bah I'll just wiki it.
IP: Logged |
quote:Originally posted by Blayne Bradley: this isnt for an actual website its more inregards to my milestone III but my notes on the matter aren't presiely clear on how to get a textbox to display the results of a query.
Blayne, do you know how dangerous that is? What if I were to type this into your textbox (assuming that you changed "WHERE" to "WHERE x = ":
code:
I killed your table'; drop table tablename--
That's called SQL insertion, or SQL injection. It's why you should always use parameters and the command object in your code to make SQL queries. .NET has SQL objects built in to make this easy.
posted
its an harddisk assignment, the actual assignment will never see the light of day on the net so SQL/html injection is not an issue at this stage security will be discussed at a later date.
IP: Logged |
quote:Originally posted by MrSquicky: I think you might be thinking of mu.
It looks to me like you don't understand what meta means. Using it or other basic terminology can be a semi-serious problem in programming, because many people are going to take that as a sign that you don't generally know what you are doing.
If you use meta incorrecly in a job interview, for example, it is likely going to be a black mark against you.
I've been programming for over twenty years and I don't think I have *ever* used the word "meta" in conversation.
quote:Originally posted: its an harddisk assignment, the actual assignment will never see the light of day on the net so SQL/html injection is not an issue at this stage security will be discussed at a later date.
As far as SQL injection... if you turned that in and the teacher doesn't point out the obvious flaw, your teacher's a tool. If I were the teacher, I'd take that flaw and beat you over the head with it; it's a fundamental necessity to know things like that, moreso than syntax or a lot of other things they might teach you. If you do such a mistake in the real world and someone exploits it, you will get fired or sued.
Besides, don't students go the extra mile anymore? Wouldn't it be nice to acknowledge the potential injection and do something about it first? You think your teacher won't notice your effort to do things right from the start?
Posts: 3486 | Registered: Sep 2002
| IP: Logged |
quote:I've been programming for over twenty years and I don't think I have *ever* used the word "meta" in conversation.
I'm going to make a couple of guesses. 1) You're self-taught. 2) You've never worked with interpreted languages. How'd I do?
Posts: 10177 | Registered: Apr 2001
| IP: Logged |
posted
Why would "meta" come up in conversation, Squicky? Once you know the concept, it's not like you need to talk about it -- especially during a job interview. Posts: 37449 | Registered: May 1999
| IP: Logged |
quote:I've been programming for over twenty years and I don't think I have *ever* used the word "meta" in conversation.
Really? Weird. I probably hear "meta" at least a few times a week where I work. Maybe it's a domain thing.
Posts: 3275 | Registered: May 2007
| IP: Logged |
quote:Originally posted by TomDavidson: Why would "meta" come up in conversation, Squicky? Once you know the concept, it's not like you need to talk about it -- especially during a job interview.
Well, if you think it's a cool sounding word, but you don't know what it really means, you might be likely to use it in contexts where it's not actually appropriate, such as in the title of this thread or in a job interview. Posts: 3275 | Registered: May 2007
| IP: Logged |
posted
I'm not saying it would. There's various places, however, where the concept could be talked about though, from metasyntatical examples, meta-programming with interpreted languages, meta-information in document formats and processing, the role of meta information in web page search engine optimization, etc.
Also, my warning was about Blayne using the word incorrectly. If he started talking about, I don't know, the meta assignment threads he posted here or whatever, he'd be striking a wrong note.
Posts: 10177 | Registered: Apr 2001
| IP: Logged |
posted
Have you never done SEO, Nighthawk? I'd gotten the impression from somewhere that you do primarily web-based stuff.
Posts: 10177 | Registered: Apr 2001
| IP: Logged |
posted
I'm doing primarily web development work because that's what the customers want, but deep down I'm a core application developer. I also do game development on the side, which is application based.
I've never directly done SEO myself, but there's always someone who handles that aspect of the business and, if has any tech requirements in order to properly do SEO (such as URL redirection to avoid parameterized URLs) then I give him what he needs, but generally I'm not the one modifying the raw HTML pages for this.
A lot of my customers simply don't care much about SEO, no matter what I tell them. Those that do create static HTML pages to submit to search engines, and those pages are generally hosted outside of the application pages I'm working on anyhow.
Posts: 3486 | Registered: Sep 2002
| IP: Logged |
quote:A lot of my customers simply don't care much about SEO, no matter what I tell them.
That can be a bit of a blessing (although, yeah, it is really important). You wouldn't beleive some of the crazy requests one of my clients has been making due to their SEO consultants recommendations.
Posts: 10177 | Registered: Apr 2001
| IP: Logged |
quote:Originally posted by Nighthawk: As far as SQL injection... if you turned that in and the teacher doesn't point out the obvious flaw, your teacher's a tool. If I were the teacher, I'd take that flaw and beat you over the head with it; it's a fundamental necessity to know things like that, moreso than syntax or a lot of other things they might teach you. If you do such a mistake in the real world and someone exploits it, you will get fired or sued.
Besides, don't students go the extra mile anymore? Wouldn't it be nice to acknowledge the potential injection and do something about it first? You think your teacher won't notice your effort to do things right from the start?
Well, in all honesty, a lot of teachers start off teaching programming that's wrong simply because you don't want to overwhelm students with details right at the beginning. No one teaches on the assumption that students are going to start using it in the real world immediately, before the course has ended.
So it could be that his teacher isn't a tool; just a step-by-step kind of guy.
That said, there are teachers who are über-tools, who take points off from students who do things other than what has already been covered in class, even when those things are more correct than what's been taught in class. Unless Blayne knows that his teacher isn't that kind of schmuck, he's probably better off going with the flow.
Posts: 12266 | Registered: Jul 2005
| IP: Logged |
posted
I've got to agree with that part. In a teaching situation, you don't necessarily get all the things you need right up front.
Sometimes (e.g. bubble sort), you'll get taught things that are you should never use.
Not covering SQL injection at the very beginning of UIs that query databases doesn't seem like a big deal to me, assuming that this is taught later and its importance is made clear.
Posts: 10177 | Registered: Apr 2001
| IP: Logged |
quote:You wouldn't beleive some of the crazy requests one of my clients has been making due to their SEO consultants recommendations.
We remapped .html to so it would be treated as .asp on the client's server at his insistence once. We kept the whole query string after the "?" because the client was convinced it was just the extension that mattered. All attempts at explaining why this wouldn't help were futile.
Posts: 26071 | Registered: Oct 2003
| IP: Logged |
quote:We remapped .html to so it would be treated as .asp on the client's server at his insistence once.
Done that more than once myself. Also was forced to remap ".gif" and ".jpg", with entertaining results, because the customer was convinced that images *must* have those extensions.
quote:We kept the whole query string after the "?" because the client was convinced it was just the extension that mattered. All attempts at explaining why this wouldn't help were futile.
I elected to not even discuss this and do it my way anyway, using Microsoft's "URLRedirector" class under .NET. When 90% of the URLs end up not having a question mark at all, the customer thinks you're a freakin' magician.
"Wait... how does this work anyway?"
"I'd tell you, but then I'd have to kill you."
Posts: 3486 | Registered: Sep 2002
| IP: Logged |
Blayne Bradley
unregistered
posted
Okay assuming I have 2 drop down lists in ASP.
Customer Name: Customer Code:
With code being a primary key and I have my db all set up.
So I look at the 2 lists and there's 10 items in both of them, 10 codes and 10 names.
How would I get it so that when I selected something in 1 list it would automatically set the current selected item in the second one to its corresponding thing.
If I select cu_code 1, it should select say cu_name Halo 3 in the other one automatically.
code:
Dim dt As Data.DataTable Dim dt2 As Data.DataTable Dim myobj As New mile2class
How should I handle this under Handles DropDownListcu_code.SelectedIndexChanged
So far I run a query for what I need but how do i switch what the Dropdownlist is currently looking at, I am unfamiliar with Dropdownlist methods.
IP: Logged |
posted
In the time it took you to write that, I did a Goggle search that returned a whole mess of results on exactly how to do this.
Posts: 10177 | Registered: Apr 2001
| IP: Logged |
Blayne Bradley
unregistered
posted
I had used google for many asp related things before and I got results that did it in a much more complicated fashion that I got lost.
IP: Logged |
(As a side note, if you're trying to do exactly what you're describing, you're going to have to change the default Postback behavior of the first dropdownlist.)
Posts: 37449 | Registered: May 1999
| IP: Logged |
Blayne Bradley
unregistered
posted
ya I have to set the default postback to false. Note sure how to do that.
IP: Logged |
Blayne Bradley
unregistered
posted
or wait a second i think I am supposed to ENable it..... damn these notes.
IP: Logged |
Blayne Bradley
unregistered
posted
Okay I am not sure what to do here.
say to test I have it so that a textbox displays what the current select value is and auto post back is enabled.
I select "2"
Instead of displaying 2 it keeps displaying "1" is this WAD or am I missing something.
IP: Logged |
posted
You're missing something related to your postback situation.
Think for a second what happens on a postback and page_load.
You select something from a dropdownlist. The page posts back. The page loads. ddl.Items is rebuilt. The textbox.text is set to ddl.SelectedValue.
You need to check for a Page.IsPostBack event in your PageLoad to avoid resetting your dropdownlist every time the page posts back.
Posts: 37449 | Registered: May 1999
| IP: Logged |
Blayne Bradley
unregistered
posted
Also about my earlier question inregards to displaying query results to a textbox/label my teacher gave us code on how to make a datatable as a general class, is there a way to use your code tom ignoring that class or does yours require I start taking lines out of it?
IP: Logged |
Public Function GetQuery(ByVal qry As String) As DataTable
Dim dt As DataTable Dim objcmd As New OleDb.OleDbCommand Dim objdatareader As OleDb.OleDbDataReader
Dim connstr As String Dim objconn As New OleDb.OleDbConnection connstr = System.Configuration.ConfigurationManager.AppSettings("ConnectionString") objconn.ConnectionString = connstr objconn.Open()
posted
I would actually advise that you not use that sample code until you understand it well enough to not need to ask that question.
Do you understand what a datareader is? What about a datatable? Do you know the difference between these two things, and why it's necessary to convert a reader to a table if you want to use a datatable?
Posts: 37449 | Registered: May 1999
| IP: Logged |
Blayne Bradley
unregistered
posted
I would assume a datatable is a table with data and a reader is a method inwhich to read it.
IP: Logged |
Blayne Bradley
unregistered
posted
Like currently especially in regards to the drop down lists, If I select an item in one of them, it will do a query on the database in the table, then return what it found, from there I make it so that the second drop down list displays this item.
So if I select cu_code 5, I get cu_name 'BESTBUY117'
so the query i would use for example would be query = "select cu_name from customer where cu_code = " & DDLCode.selectedvalue & ";"
How would I execute this query in such a way as to get
Printer-friendly view of this topic
![[Smile]](smile.gif)
![[Wink]](wink.gif)
![[Razz]](tongue.gif)
.
