General Design Question classic versus asp.net methodology

N

needin4mation

Hi, I have rows in my database. I want to edit those rows.

In the past, with classic ASP I would call up the record and then have
a hyperlink that passed a flag (maybe FLAG=edit or something) with my
ID field.

So, say I had a bank account. I would have a search screen and when
the results return, they would have one of the items underlined/linked
and this would send the user toa page like:

my_edit_page.asp?id=1234&flag=edit

I have also done this with ASP.NET pages.

I want to know if this is the correct way to handle this sort of thing
or is there a better way? Or am I supposed to send over data and get
the id from the querystring?

Thank you for any input.
 
S

Simon Hazelton

My preference for this sort of app is to use panels and keep everything on
one page, but it is pretty much whatever works for you.
 
N

needin4mation

Thanks. Wouldn't your method keep me "safe" from SQL injection attacks
or the like that might use the querystring?
 
C

Clint Hill

SQL Injection is better prevented in the Stored Proc to verify input. Or
at the page level using Validation controls. Cross Site Scripting
attacks are more common using the QueryString. Also, you're pretty safe
using querystring, so long as the value doesn't identify too much about
it's purpose. Hidden forms is an alternative to this, but even then
you're still open to attack.

Clint Hill
H3O Software
http://www.h3osoftware.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,733
Messages
2,569,440
Members
44,831
Latest member
HealthSmartketoReviews

Latest Threads

Top