Hello Lily,
As has been pointed out storing the value in Session is going to be the best way to prevent the user from manipulating the data. Somethig else to consider is that if you are passing multiple values through the querystring using Session, IMHO, may not be the best route. (Personally I hate trying to juggle a plethora of session values)
An alternate solution would be to continue using query string values and set up some basic error checking in Page_Load so that the values you would *expect* to come in are in fact what is coming in.
Consider:
protected void Page_Load(object sender, EventArgs e)
{
if(!Page.IsPostBack)
{
if(Request.QueryString["<value>"] != null)
{
if(FunctionsLib.IsNumeric(Convert.ToString(Request .QueryString["<value>"]))
{
//Proccess page
}
else
{
//Send message back to user about an error
}
}
else
{
//Send message back to user about an error
}
}
}
This is all very basic and it deals with only 1 query string value but you could adapt this to handle all of the query string values that your page expects.
(One final note, the call FunctionsLib.IsNumeric will not work in C# out of the box, this is a custom class that I wrote that contains various functions that I find myself using more often then not.)
hth.
-Doug
================================================== =========
Read this if you want to know how to get a correct reply for your question:
http://www.catb.org/~esr/faqs/smart-questions.html
================================================== =========
.: Wrox Technical Editor / Author :.
Wrox Books 24 x 7
================================================== =========