Problems Passing Parameter from web page 1 to web page 2.

Discussion in 'ASP .Net' started by Ranginald, Apr 29, 2006.

  1. Ranginald

    Ranginald Guest

    Hi,

    I'm having trouble passing a parameter from my default.aspx page to my
    default2.aspx page.

    I have values from a query in a list box and the goal is to pass the
    "catID" from default.aspx to a stored procedure on the details2.aspx
    page.

    I can successfully pass the values from the listbox control to a
    textbox on the page (done to eliminate other sources of error).

    ===========
    DEFAULT.ASPX
    ============
    Here is the listbox data (works fine when tested with a textbox):

    listbox1.DataTextField="catDesc";
    listbox1.DataValueField="catID"; <---- this is the data I will want
    to use as @catID


    All other things being checked (e.g. connection string), here is the
    code snippet.

    Am I using the parameter wrong?

    cmd2.CommandType = CommandType.StoredProcedure;

    SqlParameter sqlPrm = new SqlParameter("@catID",
    ListBox1.SelectedValue);

    cmd2.Parameters.Add(sqlPrm);

    ==========
    DEFAULT2.ASPX
    ===========
    I'm trying to pass the parameter (which should be an integer form the
    catID) to TextBox1 to make sure that the process is working before I
    mess with adding the parameter to a stored procedure. Here is the
    "retrieval" code:

    protected void Page_Load(object sender, EventArgs e)
    {
    if (!IsPostBack)
    {
    string temp;
    temp = Request.Params["catID"];
    TextBox1.Text = temp;
    }
    }


    Any advice is much appreciated.
    Thanks in advance,
    Ranginald
     
    Ranginald, Apr 29, 2006
    #1
    1. Advertising

  2. Ranginald wrote:
    > Hi,
    >
    > I'm having trouble passing a parameter from my default.aspx page to my
    > default2.aspx page.
    >
    > I have values from a query in a list box and the goal is to pass the
    > "catID" from default.aspx to a stored procedure on the details2.aspx
    > page.
    >
    > I can successfully pass the values from the listbox control to a
    > textbox on the page (done to eliminate other sources of error).
    >
    > ===========
    > DEFAULT.ASPX
    > ============
    > Here is the listbox data (works fine when tested with a textbox):
    >
    > listbox1.DataTextField="catDesc";
    > listbox1.DataValueField="catID"; <---- this is the data I will want
    > to use as @catID
    >
    >
    > All other things being checked (e.g. connection string), here is the
    > code snippet.
    >
    > Am I using the parameter wrong?
    >
    > cmd2.CommandType = CommandType.StoredProcedure;
    >
    > SqlParameter sqlPrm = new SqlParameter("@catID",
    > ListBox1.SelectedValue);
    >
    > cmd2.Parameters.Add(sqlPrm);
    >
    > ==========
    > DEFAULT2.ASPX
    > ===========
    > I'm trying to pass the parameter (which should be an integer form the
    > catID) to TextBox1 to make sure that the process is working before I
    > mess with adding the parameter to a stored procedure. Here is the
    > "retrieval" code:
    >
    > protected void Page_Load(object sender, EventArgs e)
    > {
    > if (!IsPostBack)
    > {
    > string temp;
    > temp = Request.Params["catID"];
    > TextBox1.Text = temp;
    > }
    > }
    >
    >
    > Any advice is much appreciated.
    > Thanks in advance,
    > Ranginald
    >


    You managed to leave out most of the information that is needed to help
    you with this...

    1. What is the problem? What is happening, and how does that differ from
    what you expect to happen?

    2. Any useful code. You are creating an SQL parameter in the first page,
    what are you using that for? Do you use it at all? How do you post the
    form to the second page?
     
    =?ISO-8859-1?Q?G=F6ran_Andersson?=, Apr 29, 2006
    #2
    1. Advertising

  3. Ranginald

    Ranginald Guest

    Ok. Sorry....

    1. The problem is that I originally passed a parameter from defalt to
    default2 using a query string (eg. default2.aspx?catID=X) where X is
    generated from a user selection on default. X is then used to generate
    a datagrid on default2.

    This works fine --- except I've read that instead of passing X to page
    2 using a query string, that I should protect myself from SQL injection
    attacks and pass X to a stored procedure, using parameters. I read that
    I shouldn't do the default2.aspx?catID=X because someone could just add
    a "?catID=X; malicious code here".

    2. Application Overview
    It's basically a master/detail product situation
    ..
    For the code posted above, all I want to do is run a test to get the
    basics working. In the test it's just a listbox on default and I want
    to pass a parameter to the stored procedure on the second page, and
    create a datagrid with the results.


    a)take a listbox which I have populated on page default
    b) and pass the parameter, catID (an integer) to page default2
    c) execute a stored procedure (as listed below) with the catID as a
    parameter
    d) and create a datagrid with the results.

    At this point I have a test page setup to figure this out:
    DEFAULT
    ======
    Has a listbox on it, listbox1 and a textbox, textbox1.
    When the user clicks on one of the items in the listbox, the catID
    value appears in the textbox. I used this as a basic "control" test.

    Now I want to pass this catID, (or, X, as above) to a stored procedure
    on page DEFAULT2.

    Let's call the Stored Procedure usp_test, and let's call the parameter
    @catID.

    The stored procedure will just be a test for now so, SELECT * FROM
    tblCat WHERE catID=@catID.


    I am having trouble getting the "catID" value off the default page to
    the default2 page.

    I'm not sure if I need a global variable or where to "store" the
    parameter, and then how to "recover" the parameter and use it in the
    stored procedure.

    Thanks a lot for your help.
     
    Ranginald, Apr 29, 2006
    #3
  4. Ranginald wrote:
    > Ok. Sorry....
    >
    > 1. The problem is that I originally passed a parameter from defalt to
    > default2 using a query string (eg. default2.aspx?catID=X) where X is
    > generated from a user selection on default. X is then used to generate
    > a datagrid on default2.
    >
    > This works fine --- except I've read that instead of passing X to page
    > 2 using a query string, that I should protect myself from SQL injection
    > attacks and pass X to a stored procedure, using parameters. I read that
    > I shouldn't do the default2.aspx?catID=X because someone could just add
    > a "?catID=X; malicious code here".


    You can't use SQL parameters to pass values between pages. You pass the
    values as usual, but use parameters to protect yourself against SQL
    injections. As you convert the value to an integer before putting it in
    the parameter, the value can not contain any malicous SQL code.

    The SQL Parameter is used when you access the database in the second page.

    > 2. Application Overview
    > It's basically a master/detail product situation
    > .
    > For the code posted above, all I want to do is run a test to get the
    > basics working. In the test it's just a listbox on default and I want
    > to pass a parameter to the stored procedure on the second page, and
    > create a datagrid with the results.
    >
    >
    > a)take a listbox which I have populated on page default
    > b) and pass the parameter, catID (an integer) to page default2
    > c) execute a stored procedure (as listed below) with the catID as a
    > parameter
    > d) and create a datagrid with the results.
    >
    > At this point I have a test page setup to figure this out:
    > DEFAULT
    > ======
    > Has a listbox on it, listbox1 and a textbox, textbox1.
    > When the user clicks on one of the items in the listbox, the catID
    > value appears in the textbox. I used this as a basic "control" test.
    >
    > Now I want to pass this catID, (or, X, as above) to a stored procedure
    > on page DEFAULT2.


    You just pass the value as usual. Not to the stored procedure, but to
    the page.

    > Let's call the Stored Procedure usp_test, and let's call the parameter
    > @catID.
    >
    > The stored procedure will just be a test for now so, SELECT * FROM
    > tblCat WHERE catID=@catID.
    >
    >
    > I am having trouble getting the "catID" value off the default page to
    > the default2 page.


    That is because you are trying to use an SQL parameter to pass the
    value. It can't do that.

    > I'm not sure if I need a global variable or where to "store" the
    > parameter, and then how to "recover" the parameter and use it in the
    > stored procedure.
    >
    > Thanks a lot for your help.
    >
     
    =?ISO-8859-1?Q?G=F6ran_Andersson?=, Apr 30, 2006
    #4
  5. Ranginald

    Ranginald Guest

    Thanks. I figured out. I was able to do it using a querystring
    technique as well as with a session variable. I think the querystring
    techinque is better -- I've read that I should be saving session
    variables for things like shopping carts and userIDs and not for
    passing parameters.

    Thanks again for your time and help.
     
    Ranginald, May 1, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?U3RldmVuIEouIFJlZWQ=?=

    Passing XML as parameter to Web page

    =?Utf-8?B?U3RldmVuIEouIFJlZWQ=?=, Jan 21, 2005, in forum: ASP .Net
    Replies:
    3
    Views:
    4,649
    =?Utf-8?B?U3RldmVuIEouIFJlZWQ=?=
    Jan 22, 2005
  2. ronrsr
    Replies:
    1
    Views:
    407
    Jonathan N. Little
    Nov 27, 2006
  3. Mister B
    Replies:
    8
    Views:
    599
    Nick Keighley
    Aug 26, 2010
  4. aidy
    Replies:
    2
    Views:
    91
    Kenosis
    Jun 20, 2006
  5. passing parameter problems

    , Mar 1, 2006, in forum: Javascript
    Replies:
    4
    Views:
    131
Loading...

Share This Page