Conn as session var?

Discussion in 'ASP General' started by Des Perado, Sep 28, 2004.

  1. Des Perado

    Des Perado Guest

    I have just tried this, and it works:

    Global.asa contains:

    sub Session_OnStart
    set Session("conn")=Server.CreateObject("ADODB.Connection")
    dsntemp="driver={sql Server}; server=master1; database=db1; uid=sa; pwd=;
    dsn=;"
    session("conn").Open dsntemp
    end sub

    and in any asp:

    sql="select * from table1"
    set rs=session("conn").execute(sql)

    As I say, it works.

    But is there any reason we shouldn't do this? Is it bad?

    TIA
     
    Des Perado, Sep 28, 2004
    #1
    1. Advertising

  2. Des Perado wrote:
    > I have just tried this, and it works:
    >
    > Global.asa contains:
    >
    > sub Session_OnStart
    > set Session("conn")=Server.CreateObject("ADODB.Connection")
    > dsntemp="driver={sql Server}; server=master1; database=db1; uid=sa;
    > pwd=; dsn=;"
    > session("conn").Open dsntemp
    > end sub
    >
    > and in any asp:
    >
    > sql="select * from table1"
    > set rs=session("conn").execute(sql)
    >
    > As I say, it works.
    >
    > But is there any reason we shouldn't do this? Is it bad?


    Extremely.

    http://www.aspfaq.com/2053

    Bob Barrows

    --
    Microsoft MVP - ASP/ASP.NET
    Please reply to the newsgroup. This email account is my spam trap so I
    don't check it very often. If you must reply off-line, then remove the
    "NO SPAM"
     
    Bob Barrows [MVP], Sep 28, 2004
    #2
    1. Advertising

  3. Des Perado

    Des Perado Guest

    "Bob Barrows [MVP]" <> wrote in message
    news:...
    > > But is there any reason we shouldn't do this? Is it bad?

    >
    > Extremely.
    >
    > http://www.aspfaq.com/2053
    >
    > Bob Barrows
    >


    Whoops! I see.
    Many thanks Bob.
     
    Des Perado, Sep 28, 2004
    #3
  4. Des Perado wrote:
    > I have just tried this, and it works:
    >
    > Global.asa contains:
    >
    > sub Session_OnStart
    > set Session("conn")=Server.CreateObject("ADODB.Connection")
    > dsntemp="driver={sql Server}; server=master1; database=db1; uid=sa;


    This is also bad for two reasons:
    1. Never use the sa account for you applications. The sa account is an
    administrative account with many abilities that should not be granted to
    application users. Protect the sa account as if your job depended on it (it
    probably does). Create a login account with limited permissions for your
    application to use. Also, it your sa account really has no password, go
    right now and assign a password to it. Several internet worms target sql
    servers whose sa account has no password.

    2. The OLEDB Provider for ODBC has been deprecated. You are advised to use
    the native OLEDB Provider for SQL Server instead. Your connection string
    should look like this:
    dsntemp="Provider=SQLOLEDB; Data Source=master1;" & _
    "Initial Catalog=db1;User ID=xxxx;Password=xxxx"

    Bob Barrows

    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.
     
    Bob Barrows [MVP], Sep 28, 2004
    #4
  5. I applaud you for this. Most people would just stop at "it works."
    Instead, you thought, "Hmm, this works, but just because something works
    doesn't mean it's right. Let me see if I can get some opinions about this."
    That's very cool. I wish that the people I worked with thought that way!
    :]

    Ray at work

    "Des Perado" <> wrote in message
    news:...
    >I have just tried this, and it works:
    >
    > Global.asa contains:
    >
    > sub Session_OnStart
    > set Session("conn")=Server.CreateObject("ADODB.Connection")
    > dsntemp="driver={sql Server}; server=master1; database=db1; uid=sa; pwd=;
    > dsn=;"
    > session("conn").Open dsntemp
    > end sub
    >
    > and in any asp:
    >
    > sql="select * from table1"
    > set rs=session("conn").execute(sql)
    >
    > As I say, it works.
    >
    > But is there any reason we shouldn't do this? Is it bad?
    >
    > TIA
    >
    >
     
    Ray Costanzo [MVP], Sep 28, 2004
    #5
  6. Des Perado

    Des Perado Guest

    "Bob Barrows [MVP]" <> wrote in message
    news:...
    >
    > This is also bad for two reasons:
    > 1. Never use the sa account for you applications. The sa account is an
    > administrative account with many abilities that should not be granted to
    > application users. Protect the sa account as if your job depended on it

    (it
    > probably does). Create a login account with limited permissions for your
    > application to use. Also, it your sa account really has no password, go
    > right now and assign a password to it. Several internet worms target sql
    > servers whose sa account has no password.


    I don't normally Bob, that was just a quick cut 'n' paste from the test
    script I wrote on my local machine! But thanks for the advice of course.

    >
    > 2. The OLEDB Provider for ODBC has been deprecated. You are advised to use
    > the native OLEDB Provider for SQL Server instead. Your connection string
    > should look like this:
    > dsntemp="Provider=SQLOLEDB; Data Source=master1;" & _
    > "Initial Catalog=db1;User ID=xxxx;Password=xxxx"
    >


    Thank you. I will have a play with that.
     
    Des Perado, Sep 28, 2004
    #6
  7. Des Perado

    Des Perado Guest

    "Ray Costanzo [MVP]" <my first name at lane 34 dot commercial> wrote in
    message news:...
    > I applaud you for this. Most people would just stop at "it works."
    > Instead, you thought, "Hmm, this works, but just because something works
    > doesn't mean it's right. Let me see if I can get some opinions about

    this."
    > That's very cool. I wish that the people I worked with thought that way!
    > :]
    >
    > Ray at work
    >


    It's kind of you to say that Ray. I should add - and intended to in my
    first message - that I did Google for the answer but, as with many similar
    concepts, selection of the exact search term was tricky, and I didn't
    actually find anything! I felt I needed some expert advice because I
    thought there HAD to be a tradeoff if we were saving so much time by not
    repeatedly opening a connection to the server with every page - it all
    seemed to good to be feasible.
     
    Des Perado, Sep 28, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alvin Bruney

    Threads.. Session var lost, App var ok

    Alvin Bruney, Dec 2, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    383
    rooster575
    Dec 2, 2003
  2. Simon Harris

    Conn.Close & Conn.Dispose

    Simon Harris, May 31, 2005, in forum: ASP .Net
    Replies:
    6
    Views:
    6,052
    Karl Seguin
    Jun 1, 2005
  3. thomson
    Replies:
    10
    Views:
    2,529
    Eliyahu Goldin
    Jun 20, 2005
  4. thomson
    Replies:
    0
    Views:
    404
    thomson
    Jun 20, 2005
  5. Fred
    Replies:
    3
    Views:
    341
    Alf P. Steinbach
    Aug 10, 2003
Loading...

Share This Page