I did this in the past using .asp, but with ASP.NET 2.0 perhaps things have
really changed, because I do response.write(TextBox1.Text) and doesn't work.
Here is what I am trying to:
Partial Class Default_aspx
Sub btnDefault_Click(ByVal sender As Object, ByVal e As
System.EventArgs)
Dim myString
myString = "SELECT Employee From Pubs " _
& "WHERE job_id = " & TxtBox1.Text
'If job_id = TxtBox1.Text is found Then
'I want to go a new page and displays on the screen 'OK
info matched'
'How can I jump to a new page from here ? (Pardon me if
this should be a question posted to .ASP newsgroup maybe ? )
Else
'Display TxtBox1.Text input did not match information in
the db'
Response.Write("Please click the 'back' button and try
to resubmit 'secret question' to reset password again.")
End If
End Sub
End ClassThis should be in an asp.net group. However, here are your answers:
First off, Response.Write's are generally discouraged, especially for what
you are doing. You should have a label and set the label's text to the
strings to display. Your sql should never ever under any circumstances be
created like that. Use stored procedures or at least parameterized queries.
Also, please google sql injection attacks to see why this is bad.
Judging from the code you posted it looks like you are doing authentication
of some kind. You might want to take a look at forms authentication. To
redirect someone to a new page you can do a
Response.Redirect("myOtherPage.html").
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment