Last post Oct 31, 2011 08:30 AM by Mikesdotnetting
Oct 31, 2011 04:11 AM|daveyC|LINK
In my database I have 2 tables Students and Subjects. The Students table contains a list of Names and ID's and Subjects a list of ID's, Subjects and pass a marks. (1 to many relationship)
If i have a web page that contains a list of students and next to each student I have button that when pressed will navigate to a new page where i can add the Subject Name and
the mark the student received.
Peter (btn Add Subject and Score)
Allan (btn Add Subject and Score)
George (btn Add Subject and Score)
When the button is clicked do I just pass the Student Id on the URL to Subject page? Or is there another better (safer) way to do this rather than passing parameters on the url?
If this is the only way could someone show me an example of how i should formulate the URL on the button to pass the StudentID and Name to my new page.
Oct 31, 2011 05:12 AM|karthicks|LINK
hi, i dont have any example for WebMatrix, i hope this things same like for traditional web apps
refer : http://www.asp.net/webmatrix/content-guide
hi, if you dont want to show the value in querystring you can either pass it thru session or you can encrypt the querystring
Oct 31, 2011 05:50 AM|daveyC|LINK
Hi Karthicks, do you have any examples using asp.net webpages in webmatrix?
Oct 31, 2011 06:48 AM|Mikesdotnetting|LINK
You can pass the StudentId as a querystring parameter or as a piece of UrlData. You just need to formulate the Url in a link
You get the Id from Request["Id"]
You get the value from UrlData
What specific security concerns do you have over passing the Id this way?
Oct 31, 2011 07:16 AM|Ye Yu|LINK
daveyC, here is some sample code for developing asp.net website in webmatrix.
for your question, you may have a try on following things
if you have webmatrix installed on your machine, you can see the sample code from template "Bakery site"
you may install that template, open the file Default.cshtml, you may see following code (this code is used to pass some data to the other page)
<a class="order-button" href="@Href("~/order", featured.Id)" title="Order @featured.Name">Order Now</a>
then open file Order.cshtml
you will see following code, (this code is used to get the data)
var productId = UrlData.AsInt();
simply speaking, the process is Default.cshtml wants to pass the featured.Id to Order.cshtml.
Oct 31, 2011 07:24 AM|daveyC|LINK
Im new to web programming and thought there maybe security issues with passing parameters via URL, what the security issues may have been I have no idea :) Also I was just curious which is the best way of doing it.
If the 2 approaches you mentioned are considered standard i will do it this way.
Maybe i should start a new thread for this next question, but while im typing ill just ask :), if I use these parameters from the URL in a SQL query on my new page how do i prevent SQL injection?
Oct 31, 2011 08:30 AM|Mikesdotnetting|LINK
To prevent SQL injection, you use parameters. Have a look at this tutorial to see how they are applied within the context of the Database Helper: