ASP.NET More on searching databases 1ASP.NET, More on searching databases.

Slides:



Advertisements
Similar presentations
ABAP/4 PROGRAMMING Internal Table 講 師:呂 昇 燦 2000 年 9 月 26 日.
Advertisements

11 User Controls II Chapter Objectives You will be able to Create a realistic reusable user control. Use data binding in a user control. Change.
ASP.NET Data Binding. Slide 2 Lecture Overview Understanding the ASP.NET data binding model.
SQL Injection Attacks Prof. Jim Whitehead CMPS 183: Spring 2006 May 17, 2006.
Introduction to Structured Query Language (SQL)
Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.
ASP.NET Programming with C# and SQL Server First Edition Chapter 8 Manipulating SQL Server Databases with ASP.NET.
Introduction to Structured Query Language (SQL)
Some Introductory Programming 1. Structured Query Language - used for queries. - a standard database product. 2. Visual Basic for Applications - use of.
SQL Injection Attacks CS 183 : Hypermedia and the Web UC Santa Cruz.
11 ASP.NET Controls Beginning ASP.NET 4.0 in C# 2010 Chapter 6.
1 Working with MS SQL Server II. 2 The sqlcmd Utility Command line utility for MS SQL Server databases. Previous version called osql Available on classroom.
Preventing SQL Injection ~example of SQL injection $user = $_POST[‘user’]; $pass = $_POST[‘pass’]; $query = DELETE FROM Users WHERE user = ‘$user’ AND.
Tutorial: Introduction to ASP.NET Internet Technologies and Web Application 4 th February 2010.
CSCI 6962: Server-side Design and Programming
1 Insert, Update and Delete Queries. 2 Return to you Address Book database. Insert a record.
Programming with Microsoft Visual Basic 2012 Chapter 13: Working with Access Databases and LINQ.
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.
(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.
Copyright © 2001 by Wiley. All rights reserved. Chapter 10: Advanced Database Operations Revising Vintage Videos Setting RecordSource at run time DBGrid.
Navigating database with windows forms.. Tiered applications  Provide a means to develop many presentations of the same app  Makes changes to the back.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
SQL Review Tonga Institute of Higher Education. SQL Introduction SQL (Structured Query Language) a language that allows a developer to work with data.
Copyright © 2012 Pearson Education, Inc. Chapter 11 Databases.
1/36 Database Programming with Visual Basic.Net and MS Access IKE Lab. Yunho Song Database Management and Analysis.
10/31/2012ISC239 Isabelle Bichindaritz1 SQL Graphical Queries Design Query By Example.
Neal Stublen Populating a Database  SQLExpress should be installed with Visual Studio  The book provides a.sql file for populating.
1 Data Bound Controls II Chapter Objectives You will be able to Use a Data Source control to get data from a SQL database and make it available.
Tutorial 7 Creating Forms. Objectives Session 7.1 – Create an HTML form – Insert fields for text – Add labels for form elements – Create radio buttons.
1 Working with MS SQL Server Textbook Chapter 14.
MS3304: Week 8 Creating a dynamic SQL query from form input.
Working with GridView Control: Adding Columns. Adding Buttons to a Bound GridView: 1. Drag the WebProduct table from Data connection to a page 2. Demo.
11 Using ADO.NET II Textbook Chapter Getting Started Last class we started a simple example of using ADO.NET operations to access the Addresses.
CSCI 6962: Server-side Design and Programming Database Manipulation in ASP.
ASP.NET The Clock Project. The ASP.NET Clock Project The ASP.NET Clock Project is the topic of Chapter 23. By completing the clock project, you will learn.
Chapter 8 Working With Databases in ASP.NET. Listing 8.1 – ShowListControls Uses The SqlDataSource control for estabishing database connectivity and.
WaveMaker Visual AJAX Studio 4.0 Training Basics: Building Your First Application Binding Basics.
6 1 Lecture 8: Introduction to Structured Query Language (SQL) J. S. Chou, P.E., Ph.D.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
Windows Forms Navigating database with windows forms.
Chapter Thirteen Working with Access Databases and LINQ Programming with Microsoft Visual Basic th Edition.
When I want to work with SQL, I start off as if I am doing a regular query.
TRAINING SESSIONS.NET Controls.  Standard Controls  Label  Textbox  Checkbox  Button, Image Button, Image control  Radio Button  Literal  Hyperlink.
Chapter Fourteen Access Databases and SQL Programming with Microsoft Visual Basic th Edition.
BlackBerry Applications using Microsoft Visual Studio and Database Handling.
ASP.NET - insert - delete -update DataTables (disconnected datasets) Shopping Basket.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflow Analysis of Buffer Overflow Attacks.
Module 4: Creating a Web Application with Web Forms
1 CS387/CS587: Note04 Lab 3. 2 Master Page All Web pages will be similar Should be created before other web pages Add New Items Controls on the Master.
1 CS 3870/CS 5870: Note07 Prog 4. Master Pages Creating a master page based on another master page MainMasterPage –For all Progs and Tests Prog4MasterPage.
T U T O R I A L  2009 Pearson Education, Inc. All rights reserved Address Book Application Introducing Database Programming.
1111 Creating HTML Programatically Objectives You will be able to Invoke C# code on the server from an ASP.NET page. Write C# code to create HTML.
11 User Controls Beginning ASP.NET in C# and VB Chapter 8.
1 Working with MS SQL Server Beginning ASP.NET in C# and VB Chapter 12.
ADVANCED SQL.  The SQL ORDER BY Keyword  The ORDER BY keyword is used to sort the result-set by one or more columns.  The ORDER BY keyword sorts the.
Programming with Microsoft Visual Basic 2012 Chapter 14: Access Databases and SQL.
SQL Injection Attacks.
ASP.NET Programming with C# and SQL Server First Edition
Chapter 5 Introduction to SQL.
ASP.NET Web Controls.
Pengantar Keamanan Informasi
Part 1 of 2 Creating SQL Database and Binding to GridView
Visual programming Chapter 1: Introduction
Computer Security Fundamentals
Using List Controls with SQL Server
ASP.NET.
Web Development Using ASP .NET
Copyright © 2012 Pearson Education, Inc.
CIS16 Application Development and Programming using Visual Basic.net
Presentation transcript:

ASP.NET More on searching databases 1ASP.NET, More on searching databases

The SQL LIKE operator The SQL LIKE operator allows you to use wildcards when comparing text strings – SELECT* FROM book WHERE title LIKE ’ASP%’ Any title starting with ASP % means a series (possibly empty) of characters – SELECT* FROM book WHERE title LIKE ’%ASP%’ Any title that contains ASP – SELECT* FROM book WHERE title LIKE ’ASP.NET _._%’ _ means one character Visual Studio can help you create LIKE based comparisons Examples – books/SearchTitle.aspx, – Books/SearchTitleBehind.aspx Gives you the opportunity to write “no books found” 2ASP.NET, More on searching databases

SQL injection The user writes clever (malicious) input for that will make the DBMS do extra (unwanted) things, like – Delete rows – Drop tables Example – Books/SearchTitleBehind.aspx You should check the input string for ”strange” content like semicolon, quotes, etc. Further reading – 3ASP.NET, More on searching databases

Advanced search A form with several fields (TextBoxes, DropDownLists, etc.) – The user decides which fields to fill out. – Only used fields are used in the search Example – Books/SearchTitleBehind.aspx 4ASP.NET, More on searching databases

Adding and extra field to a DropDownList How to add and extra field ”any …” to the top of a DropDownList Example: books/SearchAdvances.aspx – Allows us to append data items to the list – “onselected” is an event that occurs right after the SELECT has executed 5ASP.NET, More on searching databases

Adding and extra field to a DropDownList, code behind // Event handler for the onselected event from SqlDataSource protected void SqlDataSourceLanguage_Selected(object sender, SqlDataSourceStatusEventArgs e) { addExtraElement(this.DropDownListLanguage, "any language"); } // Helper method, re-usable private void addExtraElement(DropDownList control, String text) { ListItemCollection items = control.Items; ListItem item = new ListItem(text, "-1"); items.Insert(0, item); } 6ASP.NET, More on searching databases

Making and executing the advanced search, code behind 1.Compose the WHERE part of the SELECT statement – Lots of IF statement and String concatenations 2.Execute the SELECT statement to produce a DataSet object 3.Assign the DataSet object to the View +Bind – In this case a GridView 7ASP.NET, More on searching databases

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.