Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 2.0 > ASP.NET 2.0 Basics
Password Reminder
| FAQ | Members List | Search | Today's Posts | Mark Forums Read
ASP.NET 2.0 Basics If you are new to ASP or ASP.NET programming with version 2.0, this is the forum to begin asking questions. Please also see the Visual Web Developer 2005 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 2.0 Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
DRM-free e-books 300x50
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old March 27th, 2009, 02:54 AM
Authorized User
Join Date: Jan 2009
Posts: 23
Thanks: 8
Thanked 0 Times in 0 Posts
Default Sql statement with Session problem

Hi people. I passed a value to Session["email"], and at the button1_click function, i have a sql statement with allows users to delete a record from [Comment] when the Session["email"] equals the email inside the [Comment] table..
But it occurs the below error :
Invalid postback or callback argument. Event validation is enabled using <pages enableEventValidation="true"/> in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.

What is the problem over here?

protectedvoid Page_Load(object sender, EventArgs e)
Emaillbl.Text = Session[
Emaillbl.Visible =
string updateID = Request["UpdateID"];
string strConString = ConfigurationManager.ConnectionStrings["SocialSystemConnectionString"].ConnectionString;
SqlConnection con = newSqlConnection(strConString);
SqlCommand cmd = newSqlCommand("SELECT Comment.CommentID, Comment.TextInput, Comment.SystemDate, [User].UId, [Update].UpdateID, [Update].Email FROM Comment INNER JOIN [Update] ON Comment.UpdateID = [Update].UpdateID INNER JOIN [User] ON [User].Email = [Comment].Email WHERE [Comment].UpdateID = @UpdateID ORDER BY SystemDate", con);
"@UpdateID", SqlDbType.VarChar).Value = updateID;
SqlDataReader reader = cmd.ExecuteReader();
GridView1.DataSource = reader;


protectedvoid Button1_Click(object sender, EventArgs e)
string strConString = ConfigurationManager.ConnectionStrings["SocialSystemConnectionString"].ConnectionString;
SqlConnection conn = newSqlConnection(strConString);
SqlCommand cmd = newSqlCommand("DELETE FROM [Comment] WHERE [Comment].Email = 'Emaillbl.Text' ", conn);
Reply With Quote
  #2 (permalink)  
Old March 28th, 2009, 09:12 PM
Friend of Wrox
Join Date: Jun 2008
Location: Snohomish, WA, USA
Posts: 1,649
Thanks: 3
Thanked 141 Times in 140 Posts

What LINE in that code does the error refer to???

And you didn't ask, but SURELY this code is wrong:
SqlCommand cmd = newSqlCommand("DELETE FROM [Comment] WHERE [Comment].Email = 'Emaillbl.Text' ", conn);

That would delete all records where the value of the EMAIL field is REALLY AND TRULY the *STRING*
No, not the value that is in the <FORM> field Emaillbl. Really and truly THAT EXACT STRING.

I think/assume you meant to use:

SqlCommand cmd = newSqlCommand( 
    "DELETE FROM [Comment] WHERE [Comment].Email = '" + Emaillbl.Text + "' ",
Except that does leave you vulnerable to SQL injection attacks.
Reply With Quote
  #3 (permalink)  
Old July 24th, 2009, 04:24 AM
Registered User
Join Date: Sep 2008
Location: ChangNing,ShangHai ,China .
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to hi.huangls

there is no wrong in your sql code,
you just only add ValidateRequest="false" in your aspx
<%@ page ValidateRequest="false"%>
Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SQL select statement problem shrisangeeta Classic ASP Databases 3 June 15th, 2006 10:28 AM
sql statement problem thas123 SQL Server 2000 4 February 22nd, 2006 01:59 PM
SQL Statement Problem Ben Horne Access 11 February 4th, 2004 11:01 PM
help needed with a SQL select statement problem wslyhbb Java Databases 1 August 14th, 2003 07:30 AM

All times are GMT -4. The time now is 08:13 PM.

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.