Post New Web Links

Storing search keyword in Session variable

Posted By: Posted Date: October 27, 2010 Points: 0 Category :ASP.Net

Hello gurus,

I have heard alot about sql injection and how it is normally caused. Mostly sql injection in my opinion is caused through search boxes. Now my question is quite simple. Is it advisable to store the search keyword in a session variable to prevent sql injection? I don't want to expose the keyword through the querystring as it is prone to attacks. So in short there is no harm in using session variables to store the keyword right?

Thanks,
Wasim

View Complete Post

More Related Resource Links

Session variable, Gridview paging and Storing the ID HELP

Hi,

I have a gridview and a checkbox. I am able to pass the checkbox id to a textbox in the same page. This is then passed as a session variable. However, when I place an option to page and select the checkbox items in the next page, the session variable resets.

Please see below code, how do I store "all checkbox" throughout all paging and store it in the session page?

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Default.aspx.vb" Inherits="_Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    <asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False" 
            BorderStyle="Solid"    CellPadding="4" DataKeyNames="Categoryid" 
            BorderColor="Silver" BorderWidth="1px"    Width="300px" 
            DataSourceID="SqlDataSource1" AllowPaging=

storing Datatable in Session variable

I am storing Datatable in Session variable in my project. Is it good practise to do so? The datatable has 20 fields and can run into 1000+ records. Will it hamper my application performance? If yes then can anyone suggest better alternative.

MS SQL Server: Search All Tables, Columns & Rows For Data or Keyword Query

If you need to search your entire database for specific data, this query will come in handy.

So when a client needs a custom report or some sort of custom development using Great Plains, most of the time I will have to track down the data in the system by running this query and find the table(s) it is in.

Session Variable issues

Hello everyone,

I ran into an issud to day with the follwoing code. The strPanelOrder session variable is false, however, once it goes into the next if statement and sets the strTrimOrder to True, it changes the strPanelOrder session varialbe to true as well. Why is this and how to I stop that from happening?

If Session(strPanelOrder) Is "False" Then
                If (strItemNumber.Length() = 10) And (strItemNumber.Substring(0, 2) = "FS" Or strItemNumber.Substring(0, 2) = "FC" Or strItemNumber.Substring(0, 2) = "DS" Or strItemNumber.Substring(0, 2) = "DC") Then
                    Session(strPanelOrder) = "True"
                End If
End If
If Session(strTrimOrder) Is "False" Then
               If (strItemNumber.Substring(4, 1) = "T") And (strItemNumber.Substring(0, 2) <> "AC") And (strItemNumber <> "Length") Then
                    Session(strTrimOrder) = "True"
                End If
End If

Thanks in advance for taking a look at this.

Bill

search textbox with search keyword inside?

hi,

how to make a search txtbox that includes the search keyword and when the user clicks the search keyword disappears

thanks for the help

How to store and retrieve multiple values in a single session variable .

I want to store employee name,designation and department in session variable and
retrieve in another page how to do this.

Textbox text populated by Session Variable wont update into SQL with new text

Hi everyone, I have what I think is a weird issue. I send text from one page to another via Session Variable. When page 2 loads, the text box has the session text set, but if the user changes the text and clicks the button, the SQL database is update with the original session text. If I remove the redirect from the page 2 button_Click method, then, the page refreshes with the textbox reverting to the session text and thr SQLDataSource has the session text added to it.

Why would the button click cause the textbox refresh with the text from the pageLoad before updating the data source?

------------------------------------------------------------------------------

Partial Class _1
    Inherits System.Web.UI.Page

    Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
        Session("UpdateProd") = "Have some text here to send to a textbox on page 2"
        HttpContext.Current.Response.Redirect("2.aspx")
    End Sub
End Class

----------------------------------------------------------------------------------------------

Partial Class _2
    Inherits System.Web.UI.Page

Pass the server variable to search core result web part

I'd like to custom the search core result web part to filter results based on the log on user name.

It can easily be done in Dataview web part.

However the search core web part doesn't accept "<parameterbining>" to pass in the server variable [logon_user]. I can't figure out how to use <xsl:param> to get this server variable either.

Any ideas? Thanks a lot!

If you get confused, listen to the music play...

storing Session in sql server?

Hi,

I want to show all the activities of the logged in user in a gridview. I am using VS 2010. please suggest some good ways of doing it.

Regards,

ap.

Retaining Datagrid Results using Session Variable

I have a page with 2 dropdown menus and 2 datagrids.
The datagrids get populated by a database based on a dropdown menu slection.

This page links to another page which in turn links back to the original.
If the user leaves the first page and then returns back I want to keep the dropdown menus and datagrids populated.

I tried doing this with session variables but can't get the datagrids to stay populated ...

    protected void btnSubmit_Click(object sender, EventArgs e)
    {
        if (this.ddlName.SelectedIndex > 0)
        {
            GridView1.DataBind();
            GridView1.Visible = true;
            GridView2.Visible = false;

            Session.Add("name", this.ddlName.SelectedValue);
            Session.Add("gridview1", GridView1.SelectedValue);
        }
    }


    protected void btnSubmit_Click1(object sender, EventArgs e)
    {
        if (this.ddlLocation.SelectedIndex > 0)
        {
            GridView2.DataBind();
            GridView2.Visible = true;
            GridView1.Visible = false;

            Session.Add("location", this.ddlLocation.SelectedValue);
            Session.Add("gridview2", GridView2.SelectedValue);
        }
    }


    protected override void Page_Load(object sender, EventArgs e)
    {

        if

Session variable in Javascript

Hi, I had tried to use a Session variable in Javascript which are placed in the Header html. but got no luck. In my Init function, I intended to read the username value from database and place it in the session variable["username"].Then the username can be utilized in the second line of code shown as below. <script type="text/javascript"> //load session variable into "username" here. Sys.Application.add_load(Init); </script> <script type="text/javascript" src="http://api.art.com/api?service=api&v=3.1.9&user=<%=(string)Session["username"]%>"></script>Here are the code inside the Init:function Init () { WebService.GetAuthentication(getAuthenticationOnSuccess, getAuthenticationOnFailed); } function getAuthentication() { WebService.GetAuthentication(getAuthenticationOnSuccess, getAuthenticationOnFailed); } function getAuthenticationOnSuccess(result, context) { if(result) { getQueryStringInfo(); } } function getAuthenticationOnFailed(error) { showError(error); } Please help.Cheers,

query string or session variable or neither for this scenario?

Hello,example scenario: user login has a list of associated 'accounts' it has access to... this list of accounts is stored in a database table, say tblAccountAccessControl, something like:login, accountID-----------------------userA, account123userA, account456userA, account798userB, accountABCuserB, accountDEFetc..this info is used throughout the web application and determines the 'domain' of information the particular login has access to. For example there are many other tables that have the 'accountID' field and whenever a page pulls data from the table it only pulls data that the currently logged in user should be allowed to see, based on that tblAccountAccessControl data.the security question:1) do I need to query the database every time I need to get this list of allowed accountID's? I was about to use a plain old query string to pass a particular accountID to another page but quickly caught myself as I realized that would be a major security flaw (the receiving page was going to use that accountID to grab info from the database, and there would be nothing preventing a user from simply typing in a url manually to get data from an accountID they are not supposed to be allowed to view). So I then thought I'll just store the list of accountID's in a session state variable so they will be carried with the user throughout the sessi

Session Variable use / IsolatedStorage

I am using ASP.NET 2.0I am little bit confuse about using of Session Variable. I have a three page web application. When a user login, after verification of user credentials I get user ID from DB and store this ID in a session variable.Session("USERID") = 56by using this ID I can get 20 different values from database as User Full name, user date of birth, user location, user date of joining, User Commission rate etc. I need some of these values in Page 1, some in page 2 and some values needed in Page 3My question is that what is the best method !01. After successfully login and getting the User ID, I take all these 20 values from Data Base and store these values in an ArrayList and store this ArrayList in a seesion and whenever I need to use any value I take these values from ArrayList which is save in Session variable.02. I only save the user ID in session variable and whenever needed any user preference data, by using this ID I run the sql query and get the data and use this.03. Can I take some benefit by using the IsolatedStorage for this purpose.

HTTPContext.Current.Session losing the variable sporatically

I have noticed a strange behaviour in my ASP.net 2.0 application. I have some logic in my aspx page that accesses some Session variables fine, then accesses some app_code and most of the time the HTTPContext.Current.Session returns the variable back fine. However, I have noticed that sometimes this Session returns null, like it has lost it's "pointer" to the current HTTPContext. Is this a known bug, has anyone seen something like this before? Any help would be appreciated, thanks, Mark.

getting Session Variable using Javascript

Hey Forumers,I have been trying to get this javascript to work, but it seems it doesn't display my image.<script type="text/javascript">function getAvatar(){ var currentUser = <%=Session("UserName")%> $('himg_something').src = "~/ProfileImage/" + currentUser + "/avatar.jpg"} </script>himg_somthing is the img tag as follows:<img id="himg_something" alt="Avatar" src="~/ProfileImage/Image1.bmp" onload="getAvatar()"/>What I am basically trying to achieve is to display the user's avatar based on the session variable in code behind, but I cannot seem to get it to work. Thanks in advanceZeph

How to watch content of Session variable

I was debugging my web project and faced a problem that I don't know how to watch content of hashtables or similar data structures.For example, I have assigned before that Session["errorMessage"]="Hewstone we have a problem here...". What is my actions in order to watch that string in watches list?

DataGrid bound with GetFile() - Need to use session variable in Link

OK this is what i have. In my project i have the following folder structures. /Secure/Settlements/2507/some.pdf where the folder named 2507 corresponds with a "driverid" which is their loginid (session variable named "cid") i need to set the DataNavigateUrlStringFormat to a path which includes a session variable and i am lost, i have tried <!# <!= with no luck can someone help me get the proper format? All i want to do is list all the files in each users folder. It displays the correct files in the datagridnames in the datagrid but the link created is wrong. I need the datanavigateurlstringformat to be "~/secure/settlements/SESSION("CID")/{0} Can i even use a session variable in the DataNavigateUrlStringFormat? Here is my code: <%@ Page Title="" Language="VB" MasterPageFile="~/Secure/MasterPage.master" %> <%@ Import Namespace="System.IO" %> <script runat="server"> Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) If Not Page.IsPostBack Then Session("Cid") = Nothing If User.Identity.IsAuthenticated Then If User.IsInRole("Administrators") Then If Request("cid") IsNot Nothing Then Session("Cid")


Categories:

ASP.Net	Windows Application	.NET Framework	C#	VB.Net	ADO.Net
Sql Server	SharePoint	Silverlight	Others	All