Page 3 - Getting the register/ login feature to work

ASP Free Forums Sponsor:

#31

April 30th, 2008, 02:10 PM

imbrod

Contributing User

Join Date: Jan 2006

Posts: 234

Time spent in forums: 1 Day 16 h 53 m 7 sec
Reputation Power: 11

About the command
sqlCommandDB = New System.Data.SqlClient.SqlCommand("SELECT [name] FROM [Customer] WHERE [Username] = '" & txtUserName.Text & "' AND [Password] = '" & txtPassword.Text & "'")

Is it safe? Is it SQL-injection proof?
I mean, what happens if somebody enters single quote (') in txtUserName or txtPassword ?

The reason I ask is that I'm new to .NET (studying it for past several weeks) so I still find it difficult to know when there is something automated and when I should write my additional code...

In classic ASP, I used to wrap the variable with the function that will replace one quote with two single quotes:

Code:

Function nav(var)
	If InStr(var, "'") <> 0 Then var = Replace(var, "'", "''")
	nav = var
End Function

in ASP.NET should be something like this, if I'm not wrong:

Code:

Function nav(ByVal var As String) As String
        If InStr(var, "'") <> 0 Then var = Replace(var, "'", "''")
        Return var
End Function

So I ask: is that necessary?

#32

April 30th, 2008, 02:15 PM

magic30

Registered User

Join Date: Apr 2008

Posts: 18

Time spent in forums: 3 h 45 m 25 sec
Reputation Power: 0

yeah the coding works.
i know how to do that. changing the text. having logout button will allow other people to sing in.

#33

April 30th, 2008, 03:29 PM

Wolffy

Slaprentice of Wolves

Join Date: Aug 2007

Location: Mossville, IL

Posts: 1,467

Time spent in forums: 2 Weeks 2 Days 1 h 41 m 47 sec
Reputation Power: 519

imbod;
Please don't hijack someone else's thread.

__________________
Wolffy
------------------------
Opinions expressed are my own and do not necessity reflect those of any sane person. Any code provided is intended to be an example and is provided AS IS. Rework for your specific environment may be required. Void where prohibited by law. Not valid in California. Your mileage may vary. Not FDIC insured

#34

April 30th, 2008, 03:54 PM

Wolffy

Slaprentice of Wolves

Join Date: Aug 2007

Location: Mossville, IL

Posts: 1,467

Time spent in forums: 2 Weeks 2 Days 1 h 41 m 47 sec
Reputation Power: 519

So, the question is what then...how to have the Logon/Logoff button execute different events based on the state of the button? I don't fully understand what you are trying to do here? What does it mean, exactly, to allow other people to logon?

#35

April 30th, 2008, 05:22 PM

imbrod

Contributing User

Join Date: Jan 2006

Posts: 234

Time spent in forums: 1 Day 16 h 53 m 7 sec
Reputation Power: 11

Quote:

Originally Posted by Wolffy

imbod;
Please don't hijack someone else's thread.

I didn't hijack.
I was reffering to the code you suggested to magic30 containing the line I mentioned:

Code:

sqlCommandDB = New System.Data.SqlClient.SqlCommand("SELECT [name] FROM [Customer] WHERE [Username] = '" & txtUserName.Text & "' AND [Password] = '" & txtPassword.Text & "'")

You posted that code in post #11. I just wanted to comment on it and asked a question regarding it.

Last edited by imbrod : April 30th, 2008 at 05:24 PM.

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: