Wrox Programmer Forums
Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 2.0 > ASP.NET 2.0 Basics
Reload this Page Sql statement with Session problem
|
ASP.NET 2.0 Basics If you are new to ASP or ASP.NET programming with version 2.0, this is the forum to begin asking questions. Please also see the Visual Web Developer 2005 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 2.0 Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old March 27th, 2009, 02:54 AM
Authorized User
  
Join Date: Jan 2009
Posts: 23
Thanks: 8
Thanked 0 Times in 0 Posts
Default Sql statement with Session problem
Hi people. I passed a value to Session["email"], and at the button1_click function, i have a sql statement with allows users to delete a record from [Comment] when the Session["email"] equals the email inside the [Comment] table..
But it occurs the below error :
Invalid postback or callback argument. Event validation is enabled using <pages enableEventValidation="true"/> in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.

What is the problem over here?

protectedvoid Page_Load(object sender, EventArgs e)
{
Emaillbl.Text = Session["email"].ToString();
Emaillbl.Visible = false;
string updateID = Request["UpdateID"];
string strConString = ConfigurationManager.ConnectionStrings["SocialSystemConnectionString"].ConnectionString;
SqlConnection con = newSqlConnection(strConString);
SqlCommand cmd = newSqlCommand("SELECT Comment.CommentID, Comment.TextInput, Comment.SystemDate, [User].UId, [Update].UpdateID, [Update].Email FROM Comment INNER JOIN [Update] ON Comment.UpdateID = [Update].UpdateID INNER JOIN [User] ON [User].Email = [Comment].Email WHERE [Comment].UpdateID = @UpdateID ORDER BY SystemDate", con);
cmd.Parameters.Add("@UpdateID", SqlDbType.VarChar).Value = updateID;
con.Open();
SqlDataReader reader = cmd.ExecuteReader();
GridView1.DataSource = reader;
GridView1.DataBind();
reader.Close();
con.Close();

}

protectedvoid Button1_Click(object sender, EventArgs e)
{
string strConString = ConfigurationManager.ConnectionStrings["SocialSystemConnectionString"].ConnectionString;
SqlConnection conn = newSqlConnection(strConString);
SqlCommand cmd = newSqlCommand("DELETE FROM [Comment] WHERE [Comment].Email = 'Emaillbl.Text' ", conn);
conn.Open();
conn.Close();
}
 
Old March 28th, 2009, 09:12 PM
Friend of Wrox
  
Join Date: Jun 2008
Posts: 1,649
Thanks: 3
Thanked 141 Times in 140 Posts
Default
What LINE in that code does the error refer to???

And you didn't ask, but SURELY this code is wrong:
Code:
SqlCommand cmd = newSqlCommand("DELETE FROM [Comment] WHERE [Comment].Email = 'Emaillbl.Text' ", conn);

That would delete all records where the value of the EMAIL field is REALLY AND TRULY the *STRING*
Code:
      Emaillbl.Text
No, not the value that is in the <FORM> field Emaillbl. Really and truly THAT EXACT STRING.

I think/assume you meant to use:
Code:






	
Code:

	
SqlCommand cmd = newSqlCommand( 
    "DELETE FROM [Comment] WHERE [Comment].Email = '" + Emaillbl.Text + "' ",
    conn);



Except that does leave you vulnerable to SQL injection attacks.

		
	
		
		
		
		
		
		
		
		
		
	
		

			
			
			
			
			
			
			
			
			
				
			
			
			
		

		
	
	
			





 













	

	

		

	











	




	

		



	

	









	
		

			 
			
			

            
			
			
            	

			
			
			
			
		

		
		

			
			Old
			
				July 24th, 2009, 04:24 AM
			
			
			
		

			




	
		
		

		

			
			
			
				
				
				
Registered User

				
				
				
					
			 
			
				
				

					
Join Date: Sep 2008

					
					
					

						Posts: 8
					

					 

	
Thanks: 0

	

		
			
				Thanked 0 Times in 0 Posts
			
		
	



					
					
					
					
  
Send a message via MSN to hi.huangls
  

				

				
					
		

		

		
			




	
	
	
		
		
		
			
			

				Default
				
			

			

			
		
		
		
		
hi.guy.

there is no wrong in your sql code,

you just only add ValidateRequest="false" in your aspx

.

<%@ page ValidateRequest="false"%>

		
	
		
		
		
		
		
		
		
		
		
	
		

			
			
			
			
			
			
			
			
			
				
			
			
			
		

		
	
	
			





 










	
				
	




	

	

		

	




















	

		










	
	














































































	
		


	
	
		

		
		

			
			
			
		
		
		

			













	

		
			
			Similar Threads
		
	





	Thread
	Thread Starter
	Forum
	Replies
	Last Post





	SQL select statement problem
	shrisangeeta
	Classic ASP Databases
	3
	June 15th, 2006 10:28 AM






	sql statement problem
	thas123
	SQL Server 2000
	4
	February 22nd, 2006 01:59 PM






	SQL Statement Problem
	Ben Horne
	Access
	11
	February 4th, 2004 11:01 PM






	help needed with a SQL select statement problem
	wslyhbb
	Java Databases
	1
	August 14th, 2003 07:30 AM



































		

	










	




	
	
	
		

			
				Contact Us -
				Wrox -
				
				
				
				Privacy Statement -
				Top
			
		

			










	

	
	Powered by vBulletin® 
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
	
	

	
	

	
	
	
	
	Copyright (c) 2020 John Wiley & Sons, Inc.