Beginning Web Development, Silverlight, and ASP.NET AJAX

More documents

Recommendations

Info

90 CHAPTER 4 ■ DATA BINDING WITH ASP.NET Using Parameters in Commands Now, this is all very well for a fixed SQL statement like the one we had hard-coded to query for postal code 98011. But what happens if you want the user to specify the postal code that they are searching for You achieve this using parameters. Thus, you can provide an application where the user specifies (using text input, request parameters, or other input mechanisms) what they want, and your application responds accordingly. Be careful when using parameters in SQL statements that are derived from user input, as this is a common source of SQL injection attacks. This type of hacker attack involves a cleverly crafted parameter value on the user’s part and an insecure application that doesn’t validate user input. This attack can allow a malicious user to access private data or even destroy your database. To use a parameter in SQL, you specify a placeholder for the parameter by prefixing it with the @ character. So, for example, our hard-coded query from earlier could be changed to this: sqlComm.CommandText = "SELECT AddressLine1 FROM Person.Address WHERE (PostalCode = @strZIP)"; Then, before executing, you add the value of the parameter to the command, like this: sqlComm.Parameters.Add("@strZIP", strParamZIP); The value you’ll assign to the parameterized postal code is contained in the variable strParamZIP. The value can be the result of text input, or, if you prefer, taken directly off the query string. The code to access it from the query string will look like this: string strParamZIP = "98011"; if (Request.Params["ZIP"] != null) strParamZIP = Request.Params["ZIP"]; But if you use code like this, don’t forget to sanitize strParamZIP before passing it to the database to avoid injection attacks. By sanitize, I mean that you should evaluate the value contained within strParamZIP and make sure it’s a valid postal code, not some other (invalid) text. Now if you run your application, your query string can contain a postal code, and the query results for that postal code will be displayed. Figure 4-18 shows an example of this where I used a postal code of 14111.
CHAPTER 4 ■ DATA BINDING WITH ASP.NET 91 Figure 4-18. Using a parameterized query Data Binding with Server Controls You’ve seen in the previous sections how ASP.NET and ADO.NET can be used to connect to databases and manipulate the data therein through connections, commands, and readers. However, most modern applications require flexible, graphical access to the same data. As a developer, you aren’t going to want to develop all of this complex data access and binding code from the ground up. ASP.NET provides controls that give you visual- and designer-based access to data through data binding, but all of them use a DataSource control to provide access to the underlying database. Because we are using SQL Server data in this example, the SQL Server–specific DataSource control will be used. You aren’t limited to using this control, because .NET provides several others, such as ObjectDataSource and XMLDataSource, but these go beyond the scope of this chapter. Still, the principles that you learn from the SqlDataSource control will apply across all data sources when data binding is taken into context.
Page 1:
The EXPERT’s VOIce ® in .NET Beg
Page 4 and 5:
Beginning Web Development, Silverli
Page 6 and 7:
2ca983ba3745582e6151dc1b079b2db0
Page 9 and 10:
Contents About the Author . . . . .
Page 11 and 12:
■CONTENTS ix ■CHAPTER 5 ASP.NET
Page 13 and 14:
■CONTENTS xi ■CHAPTER 11 Ajax A
Page 15 and 16:
■CONTENTS xiii ■CHAPTER 15 Enha
Page 17:
About the Author ■LAURENCE MORONE
Page 21 and 22:
Introduction This book is aimed at
Page 23:
PART 1 Building Web Applications
Page 26 and 27:
4 CHAPTER 1 ■ INTRODUCTION TO WEB
Page 28 and 29:
Page 30 and 31:
Page 32 and 33:
10 CHAPTER 2 ■ BASICS OF WEB DEVE
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
38 CHAPTER 3 ■ WEB FORMS WITH ASP
Page 62 and 63: 40 CHAPTER 3 ■ WEB FORMS WITH ASP
Page 91 and 92: CHAPTER 4 Data Binding with ASP.NET
Page 93 and 94: CHAPTER 4 ■ DATA BINDING WITH ASP
Page 111: CHAPTER 4 ■ DATA BINDING WITH ASP
Page 125: CHAPTER 4 ■ DATA BINDING WITH ASP
Page 128 and 129: 106 CHAPTER 5 ■ ASP.NET WEB SERVI
Page 151 and 152: CHAPTER 6 Deploying Your Web Site I
Page 153 and 154: CHAPTER 6 ■ DEPLOYING YOUR WEB SI
Page 163 and 164:
CHAPTER 6 ■ DEPLOYING YOUR WEB SI
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173:
Page 177 and 178:
CHAPTER 7 .NET 3.0: Windows Communi
Page 179 and 180:
CHAPTER 7 ■ .NET 3.0: WINDOWS COM
Page 181 and 182:
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
CHAPTER 8 .NET 3.0: Windows Present
Page 201 and 202:
CHAPTER 8 ■ .NET 3.0: WINDOWS PRE
Page 203 and 204:
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Page 211 and 212:
Page 213 and 214:
Page 215 and 216:
Page 217 and 218:
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
CHAPTER 9 .NET 3.0: Windows Workflo
Page 233 and 234:
CHAPTER 9 ■ .NET 3.0: WINDOWS WOR
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Page 253:
Page 256 and 257:
234 CHAPTER 10 ■ .NET 3.0: PROGRA
Page 258 and 259:
Page 260 and 261:
Page 262 and 263:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 275 and 276:
CHAPTER 11 Ajax Applications and Em
Page 277 and 278:
CHAPTER 11 ■ AJAX APPLICATIONS AN
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
Page 291 and 292:
Page 293 and 294:
Page 295 and 296:
Page 297 and 298:
Page 299 and 300:
Page 301 and 302:
CHAPTER 12 AJAX Extensions for ASP.
Page 303 and 304:
CHAPTER 12 ■ AJAX EXTENSIONS FOR
Page 305 and 306:
Page 307 and 308:
Page 309 and 310:
Page 311 and 312:
Page 313 and 314:
Page 315 and 316:
Page 317 and 318:
Page 319 and 320:
Page 321 and 322:
Page 323 and 324:
Page 325 and 326:
Page 327 and 328:
Page 329 and 330:
Page 331 and 332:
CHAPTER 13 Ajax Scripts and Service
Page 333 and 334:
CHAPTER 13 ■ AJAX SCRIPTS AND SER
Page 335 and 336:
Page 337 and 338:
Page 339 and 340:
Page 341 and 342:
Page 343 and 344:
Page 345 and 346:
Page 347 and 348:
Page 349 and 350:
Page 351:
Page 354 and 355:
332 CHAPTER 14 ■ JAVASCRIPT PROGR
Page 356 and 357:
Page 358 and 359:
Page 360 and 361:
Page 362 and 363:
Page 364 and 365:
Page 366 and 367:
Page 368 and 369:
Page 370 and 371:
Page 372 and 373:
Page 375 and 376:
CHAPTER 15 Enhancing the Web Experi
Page 377 and 378:
CHAPTER 15 ■ ENHANCING THE WEB EX
Page 379 and 380:
Page 381 and 382:
Page 383 and 384:
Page 385 and 386:
Page 387 and 388:
Page 389 and 390:
Page 391 and 392:
Page 393 and 394:
Page 395:
Page 398 and 399:
376 CHAPTER 16 ■ PROGRAMMING SILV
Page 400 and 401:
Page 402 and 403:
Page 404 and 405:
Page 406 and 407:
Page 408 and 409:
Page 410 and 411:
Page 412 and 413:
Page 414 and 415:
Page 416 and 417:
Page 418 and 419:
Page 420 and 421:
Page 422 and 423:
Page 424 and 425:
Page 426 and 427:
Page 428 and 429:
Page 430 and 431:
Page 432 and 433:
Page 434 and 435:
Page 436 and 437:
Page 438 and 439:
416 ■INDEX applications. See also
Page 440 and 441:
418 ■INDEX copying web sites, 25
Page 442 and 443:
420 ■INDEX ■H H path language c
Page 444 and 445:
422 ■INDEX object orientation, 16
Page 446 and 447:
424 ■INDEX Sequential Workflow Co
Page 448 and 449:
426 ■INDEX ■V V path language c
show all

Beginning Web Development, Silverlight, and ASP.NET AJAX

Create successful ePaper yourself

Delete template?

Save as template?