|
i too got the same error from your code... The problem is due to postback. The ddlCountry value is maintained but ddlState value is not maintained. So, the error appears. Try to maintain the value for the ddlState too...
|
|
|
|
|
Save the state of drop down list get value from request.form or query string do not fill all entry every time because if you did so every time new values is filled and state can not be maintained you can try one more option before submitting the form save the value into hidden variable by using java script and then get values from request object not from drop down because it lost their value when it fill again
|
|
|
|
|
hi
In my asp.net application i m updating a table.After that i m using those values
now i want to reverse those changes .i hav no idea how to do it
help me its urgent
|
|
|
|
|
you can use transaction (commit and rollback) option.
|
|
|
|
|
|
set ANSI_NULLS ON
set QUOTED_IDENTIFIER ON
go
ALTER proc [dbo].[Usp_D_et_Login1234]
@name nvarchar(max),
@pwd nvarchar(100),
@type nvarchar(5)
as
begin
if @type='1'
begin
select DId,LoginName from dd_login where LoginName=@name and Password=@pwd
end
if @type='0'
begin
select RId,LoginName from dr_login where LoginName=@name and Password=@pwd
end
end
Is this stored procedure can be injected?
If yes tell me how ?
and also how to recover from it?
|
|
|
|
|
what u want exactly?,
u need how to excute and get the values in code part?
Thanks & Regards,
Member 3879881,
please don't forget to vote on the post
|
|
|
|
|
no, i want to know whether anyone can enter into my database by using sql injections?
|
|
|
|
|
u can check it out in code part...,
like this:
private string [] BlackList;
public string chkHome;
public int chkAdminFold;
private void Page_Load(object sender, System.EventArgs e)
{
try
{
BlackList = new string[]{"--", "/*", "*/", "@@", "function", "truncate", "procedure",
"alter", "begin", "create", "cursor",
"declare", "delete", "drop", "end", "exec",
"execute", "fetch", "insert", "kill",
"sysobjects", "</title>","<script","</script>","function", "syscolumns","table", "update"};
string ErrorPage = "/InputErrorPage.htm";
chkHome = Request.ServerVariables["URL"];
chkAdminFold = chkHome.ToLower().IndexOf("admin");
if(chkAdminFold!=1)
{
// Form
//for(int i=0; i<Request.Form.Count;i++)
//if(CheckStringForSQL(Request.Form[i].ToString()))
//Response.Write(chkHome);
//Response.Redirect(ErrorPage);
// Query String
for(int i=0; i<Request.QueryString.Count;i++)
if(CheckStringForSQL(Request.QueryString[i].ToString()))
Response.Redirect(ErrorPage);
// Session
for(int i=0; i<Session.Count;i++)
if(CheckStringForSQL(Session[i].ToString()))
Response.Redirect(ErrorPage);
}
}
catch(Exception ex)
{
Response.Write(ex.Message);
}
}
private bool CheckStringForSQL(string pStr)
{
if(pStr == string.Empty)
return false;
else if(pStr == "")
return false;
else if(pStr == null)
return false;
if (pStr.CompareTo("")==0)
return false;
string lstr = pStr.ToLower();
for(int ii=0;ii<BlackList.Length;ii++)
{
if(lstr.IndexOf(BlackList[ii])>=0)
return true;
}
return false;
}
Thanks & Regards,
Member 3879881,
please don't forget to vote on the post
|
|
|
|
|
paypony wrote: Is this stored procedure can be injected?
first of all this is asp.net forum...
paypony wrote: also how to recover from it?
what do u want to recover from it LoginName and Password!!!!
use output paramater and return it....
|
|
|
|
|
Why are you waisting your time, if you dont know about sql injections. what is asp.net without database. And i m executing procedure from asp.net frontend ok
|
|
|
|
|
paypony wrote: what is asp.net without database
we can develop lot of application using asp.net(without using back end)... The idea of telling that you are posting it wrongly is not to irritate you... if you post it in SQL forum you could have get more answers....
modified on Saturday, June 27, 2009 7:51 AM
|
|
|
|
|
ok
I have already posted there also.
but developer can better uggest me
|
|
|
|
|
paypony wrote: Why are you waisting your time,
Nobody is here to waste there time. CP Member are here to help all, based on their interest.
paypony wrote: what is asp.net without database. And i m executing procedure from asp.net frontend ok
This is very common scenarios, that you are executing SP's from Asp.net. Even, you can execute the SP from other Languages also.
Your question is totally related with Database, and CP has a very strong DB Forum so, you should ask the question over there and will get the better answer.
paypony wrote: if you dont know about sql injections.
Some one telling you the forum rule and not giving the answer, doesn't mean that he don't know the answer.
BTW : Here is one of my best article regarding SQL injection. Hope it help you in future.
SQL Injection Attacks and Some Tips on How to Prevent Them
By Colin Angus Mackay
Thank You !
|
|
|
|
|
thanks for your support...
|
|
|
|
|
ok sorry for using this website
|
|
|
|
|
Hi guys i used modal poup up control extender for my webapplication...,
its working fine in mozilla broswer...,
but its getting probs in IE...,
i am displaying the modalpopup in linkbutton click event...,
the popup window displaying a page left side corner...,and i cant able to see my popup window conatined text...,
i tried all the ways but not getting the exact place the popup window...,
guide me to solve it...,
Thanks & Regards,
Member 3879881,
please don't forget to vote on the post
|
|
|
|
|
change the property in to model pop up style sheet you got location from this style sheet other wise you can set position for model pop up control by code behind also.
|
|
|
|
|
I am getting a problem while making connection with MySql ubsing ASP.net 2.0
ERROR :
[MySQL][ODBC 3.51 Driver]Client does not support authentication protocol requested by server; consider upgrading MySQL client.
Please give me the solution to overcome this problem.
from
India Real estate
from
India Real estate
Website Development
|
|
|
|
|
This [^]is the first result Google gave me.
Manas Bhardwaj
Please remember to rate helpful or unhelpful answers, it lets us and people reading the forums know if our answers are any good.
|
|
|
|
|
estatekhoj wrote: consider upgrading MySQL client.
estatekhoj wrote: India Real estate
Website Development
If you can't read a basic error message, then you should consider not advertising where you work.
Christian Graus
Driven to the arms of OSX by Vista.
"! i don't exactly like or do programming and it only gives me a headache." - spotted in VB forums.
I can do things with my brain that I can't even google. I can flex the front part of my brain instantly anytime I want. It can be exhausting and it even causes me vision problems for some reason. - CaptainSeeSharp
|
|
|
|
|
Good day,
I need to develope an acticle writing control which will acccept some syntax or pure HTML to achieve acticle writing.
Any tips how to do that? I really can't find an example of such an implementation.
Best regards, Hris
|
|
|
|
|
Did you try for looking the existing editors on Google or even at CP.
BTW, there are already n number of them are present. Have a look at this [^]article, thsi may help.
Manas Bhardwaj
Please remember to rate helpful or unhelpful answers, it lets us and people reading the forums know if our answers are any good.
|
|
|
|
|
I actually didnt know "what i was looking for".
Thank you.
|
|
|
|
|
Hi All
I am developing a web application with master page. I am specifying the doc type in the master page.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
i am using css to specify the width and height for the controls am using in the aspx pages
but they r not setting the height and width am specifying in css.
if i remove the doctype in master page then height and width attributes are setting correctly. but i need the doctype in my master page.
Please help me how to come out of this.
Thanks in advance
Regards
Naina
|
|
|
|