Presentation is loading. Please wait.

Presentation is loading. Please wait.

ASP.NET More on searching databases 1ASP.NET, More on searching databases.

Published byAvice Wilkerson Modified over 8 years ago

Similar presentations

Presentation on theme: "ASP.NET More on searching databases 1ASP.NET, More on searching databases."— Presentation transcript:

1 ASP.NET More on searching databases 1ASP.NET, More on searching databases

2 The SQL LIKE operator The SQL LIKE operator allows you to use wildcards when comparing text strings – SELECT* FROM book WHERE title LIKE ’ASP%’ Any title starting with ASP % means a series (possibly empty) of characters – SELECT* FROM book WHERE title LIKE ’%ASP%’ Any title that contains ASP – SELECT* FROM book WHERE title LIKE ’ASP.NET _._%’ _ means one character Visual Studio can help you create LIKE based comparisons Examples – books/SearchTitle.aspx, – Books/SearchTitleBehind.aspx Gives you the opportunity to write “no books found” 2ASP.NET, More on searching databases

3 SQL injection The user writes clever (malicious) input for that will make the DBMS do extra (unwanted) things, like – Delete rows – Drop tables Example – Books/SearchTitleBehind.aspx You should check the input string for ”strange” content like semicolon, quotes, etc. Further reading – http://msdn.microsoft.com/en-us/library/ms161953.aspx 3ASP.NET, More on searching databases

4 Advanced search A form with several fields (TextBoxes, DropDownLists, etc.) – The user decides which fields to fill out. – Only used fields are used in the search Example – Books/SearchTitleBehind.aspx 4ASP.NET, More on searching databases

5 Adding and extra field to a DropDownList How to add and extra field ”any …” to the top of a DropDownList Example: books/SearchAdvances.aspx – Allows us to append data items to the list – “onselected” is an event that occurs right after the SELECT has executed 5ASP.NET, More on searching databases

6 Adding and extra field to a DropDownList, code behind // Event handler for the onselected event from SqlDataSource protected void SqlDataSourceLanguage_Selected(object sender, SqlDataSourceStatusEventArgs e) { addExtraElement(this.DropDownListLanguage, "any language"); } // Helper method, re-usable private void addExtraElement(DropDownList control, String text) { ListItemCollection items = control.Items; ListItem item = new ListItem(text, "-1"); items.Insert(0, item); } 6ASP.NET, More on searching databases

7 Making and executing the advanced search, code behind 1.Compose the WHERE part of the SELECT statement – Lots of IF statement and String concatenations 2.Execute the SELECT statement to produce a DataSet object 3.Assign the DataSet object to the View +Bind – In this case a GridView 7ASP.NET, More on searching databases

Download ppt "ASP.NET More on searching databases 1ASP.NET, More on searching databases."

Similar presentations

ABAP/4 PROGRAMMING Internal Table 講 師:呂 昇 燦 2000 年 9 月 26 日.

ABAP/4 PROGRAMMING Internal Table 講 師:呂 昇 燦 2000 年 9 月 26 日.
11 User Controls II Chapter 11. 2 Objectives You will be able to Create a realistic reusable user control. Use data binding in a user control. Change.

11 User Controls II Chapter Objectives You will be able to Create a realistic reusable user control. Use data binding in a user control. Change.
ASP.NET Data Binding. Slide 2 Lecture Overview Understanding the ASP.NET data binding model.

ASP.NET Data Binding. Slide 2 Lecture Overview Understanding the ASP.NET data binding model.
SQL Injection Attacks Prof. Jim Whitehead CMPS 183: Spring 2006 May 17, 2006.

SQL Injection Attacks Prof. Jim Whitehead CMPS 183: Spring 2006 May 17, 2006.
Introduction to Structured Query Language (SQL)

Introduction to Structured Query Language (SQL)
Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.

Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.
ASP.NET Programming with C# and SQL Server First Edition Chapter 8 Manipulating SQL Server Databases with ASP.NET.

ASP.NET Programming with C# and SQL Server First Edition Chapter 8 Manipulating SQL Server Databases with ASP.NET.
Introduction to Structured Query Language (SQL)

Introduction to Structured Query Language (SQL)
Some Introductory Programming 1. Structured Query Language - used for queries. - a standard database product. 2. Visual Basic for Applications - use of.

Some Introductory Programming 1. Structured Query Language - used for queries. - a standard database product. 2. Visual Basic for Applications - use of.
SQL Injection Attacks CS 183 : Hypermedia and the Web UC Santa Cruz.

SQL Injection Attacks CS 183 : Hypermedia and the Web UC Santa Cruz.
11 ASP.NET Controls Beginning ASP.NET 4.0 in C# 2010 Chapter 6.

11 ASP.NET Controls Beginning ASP.NET 4.0 in C# 2010 Chapter 6.
1 Working with MS SQL Server II. 2 The sqlcmd Utility Command line utility for MS SQL Server databases. Previous version called osql Available on classroom.

1 Working with MS SQL Server II. 2 The sqlcmd Utility Command line utility for MS SQL Server databases. Previous version called osql Available on classroom.
Preventing SQL Injection ~example of SQL injection $user = $_POST[‘user’]; $pass = $_POST[‘pass’]; $query = DELETE FROM Users WHERE user = ‘$user’ AND.

Preventing SQL Injection ~example of SQL injection $user = $_POST[‘user’]; $pass = $_POST[‘pass’]; $query = DELETE FROM Users WHERE user = ‘$user’ AND.
Tutorial: Introduction to ASP.NET Internet Technologies and Web Application 4 th February 2010.

Tutorial: Introduction to ASP.NET Internet Technologies and Web Application 4 th February 2010.
CSCI 6962: Server-side Design and Programming

CSCI 6962: Server-side Design and Programming
1 Insert, Update and Delete Queries. 2 Return to you Address Book database. Insert a record.

1 Insert, Update and Delete Queries. 2 Return to you Address Book database. Insert a record.
Programming with Microsoft Visual Basic 2012 Chapter 13: Working with Access Databases and LINQ.

Programming with Microsoft Visual Basic 2012 Chapter 13: Working with Access Databases and LINQ.
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.

Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.
(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.

(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.

Similar presentations

Ads by Google