Need Help With QueryString & Password!

Discussion in 'ASP General' started by Arpan, Aug 30, 2005.

  1. Arpan

    Arpan Guest

    An ASP application retrieves records from a SQL Server database. In the
    first page of the application, the user has to enter a password & the
    columns retrieved from the DB table depends upon the password. For e.g.
    if the password entered is say, pwd1, then that user should be
    displayed the records of Column1 & Column2 only. If the password
    entered is say, pwd2, then that user should be displayed the records of
    Column1 & Column3 only. If the password entered is say, pwd3, then that
    user should be displayed the records of Column1 & Column4 only.

    Now after the records are displayed, the user should also be given the
    option of sorting the records. I am implementing this by making the
    column header a hyperlink which has the column name & the sort order as
    the querystrings, something like this (the records are being displayed
    in a tabular format):

    ----------------------------------------
    <%
    Dim strColName,strSortOrder,strPwd
    strColName=Request.QueryString("colname")
    strSortOrder=Request.QueryString("sortorder")
    strPwd=Request.Form("pwd")

    'assume that the user is displayed the records of Column1 &
    'Column2. When the user comes to this page for the first time
    'after entering his password in the previous page, both
    'strColName & strSortOrder are empty strings.

    Dim strSQL

    If(strColName="col1" Or strColName="") Then
    If(strSortOrder="" Or strSortOrder="asc") Then
    If(strPwd="pwd1") Then 'columns retrieved depends on the
    'password
    strSQL="SELECT Col1,Col2 FROM tblSheet ORDER BY Col1 ASC"
    ElseIf(strPwd="pwd2") Then
    strSQL="SELECT Col1,Col3 FROM tblSheet ORDER BY Col1 ASC"
    ElseIf(strPwd="pwd3") Then
    strSQL="SELECT Col1,Col4 FROM tblSheet ORDER BY Col1 ASC"
    End If
    ElseIf(strSortOrder="desc") Then
    'the same code in the If condition will come here, the
    'only difference being using DESC in the ORDER BY clause.
    End If
    End If

    'Column1 is common for both pwd1 & pwd2, thus using Or in the
    'next If statement
    If(strPwd="pwd1" Or strPwd="pwd2") Then
    If(strColName="col1" Or strColName="") Then
    If(strSortOrder="" Or strSortOrder="asc") Then
    %>
    <a href="Records.asp?colname=col1&sortorder=asc">Column 1</a>
    <%
    Else
    %>
    <a href="Records.asp?colname=col1&sortorder=desc">Column 1</a>
    <%
    End If
    End If
    %>
    ----------------------------------------

    As seen in the above code, I am passing the column name & the sort
    order through the column header (which is a link) as querystrings. This
    correctly sorts the columns & serves my purpose.

    But the problem is since the columns displayed depends on the password
    entered by the user, when it comes to sorting the records, even the
    password has to be passed somehow along with the column name & the sort
    order. Of course, the password can be passed as a querystring along
    with the column name & the sort order but that's definitely not a wise
    idea. So how do I pass the password when the user clicks one of the
    column headers to sort the records?

    One way of carrying the password forward is by encrypting the password
    & then sending it through the querystring along with the column name &
    the sort order but I would like to avoid such a solution. This solution
    will be my last option.

    Please keep in mind that the columns displayed to a user depends upon
    the password; so the password has to be sent somehow along with the
    column name & the sort order (column name & the sort order are being
    passed through the querystring). For e.g. if the password entered is
    pwd1, then the user sees the records of only Column1 & Column2. Next he
    clicks the column header 'Column 1' (which is a hyperlink with the
    column name & the sort order as the querystrings) to sort the records
    based on Column 1. When the link is clicked, pwd1 also has to be
    carried forward so that this user is displayed the records of Column1 &
    Column2 only & not the records of the other columns.

    Thanks,

    Arpan
     
    Arpan, Aug 30, 2005
    #1
    1. Advertising

  2. "Arpan" <> wrote in message
    news:...
    [snip]
    > So how do I pass the password when the user clicks one of the
    > column headers to sort the records?

    [snip]

    Store the password as a session variable.
     
    Chris Hohmann, Aug 30, 2005
    #2
    1. Advertising

  3. Arpan

    Arpan Guest

    Thanks, Chris, for your response. Actually it's my fault only that I
    forgot to add that I would like to avoid using Session variables as
    well. Any other suggestion?

    Thanks once again,

    Regards,

    Arpan
     
    Arpan, Aug 30, 2005
    #3
  4. "Arpan" <> wrote in message
    news:...
    > Thanks, Chris, for your response. Actually it's my fault only that I
    > forgot to add that I would like to avoid using Session variables as
    > well. Any other suggestion?


    Pass the column list instead of the password.
     
    Chris Hohmann, Aug 30, 2005
    #4
  5. Arpan

    Arpan Guest

    Thanks once again, Chris, for your suggestion. Well, I guess using
    Session variables looks to be the most feasible option. The last
    suggestion you have given isn't a bad idea but I believe that might
    lengthen the code a bit too much.

    Anyways thanks a lot for your co-operation :)

    BTW, Chris, from whatever little code I have provided in this post, do
    you think my approach is correct or would you suggest a better way of
    tackling this issue?

    Thanks once again,

    Regards,

    Arpan
     
    Arpan, Aug 30, 2005
    #5
  6. "Arpan" <> wrote in message
    news:...
    [snip]
    > BTW, Chris, from whatever little code I have provided in this post, do
    > you think my approach is correct or would you suggest a better way of
    > tackling this issue?


    Don't use dynamic sql. Instead, this logic could be encapsulated into a
    stored procedure/parameterized query.
     
    Chris Hohmann, Aug 31, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mehdi
    Replies:
    6
    Views:
    36,177
    sloan
    Apr 6, 2006
  2. AAaron123
    Replies:
    2
    Views:
    2,265
    AAaron123
    Jan 16, 2009
  3. AAaron123
    Replies:
    1
    Views:
    1,370
    Oriane
    Jan 16, 2009
  4. Adeel Ahmad
    Replies:
    1
    Views:
    563
    Anthony Jones
    Mar 7, 2006
  5. Damon
    Replies:
    29
    Views:
    865
    krakle
    Jun 26, 2004
Loading...

Share This Page