Click here to Skip to main content
15,900,907 members
Home / Discussions / ASP.NET
   

ASP.NET

 
GeneralRe: Unit test cases for Web Services Pin
indian1436-Oct-10 9:06
indian1436-Oct-10 9:06 
GeneralRe: Unit test cases for Web Services Pin
Keith Barrow6-Oct-10 10:06
professionalKeith Barrow6-Oct-10 10:06 
AnswerRe: Unit test cases for Web Services Pin
Luc Pattyn5-Oct-10 11:34
sitebuilderLuc Pattyn5-Oct-10 11:34 
GeneralRe: Unit test cases for Web Services Pin
indian1435-Oct-10 11:59
indian1435-Oct-10 11:59 
GeneralRe: Unit test cases for Web Services Pin
Luc Pattyn5-Oct-10 12:06
sitebuilderLuc Pattyn5-Oct-10 12:06 
GeneralRe: Unit test cases for Web Services Pin
Keith Barrow5-Oct-10 12:38
professionalKeith Barrow5-Oct-10 12:38 
QuestionShort key for proeject in Solution Explorer Pin
indian1435-Oct-10 5:27
indian1435-Oct-10 5:27 
QuestionNOOB Question: using LIKE in SelectParameter Pin
Figmo25-Oct-10 4:48
Figmo25-Oct-10 4:48 
Been doing C# for years - but this is the first time I've needed to do a web app so I'm trying ASP.NET for the first time.

I have a listview bound to a SqlDataSource. My SelectCommand needs to be something like "SELECT .... FROM ... WHERE Field LIKE '%value%'

I have ControlParameter tied to a textbox that will be the value used in the LIKE clause.

Here is my question:

If I code my SelectCommand to look like ......WHERE Field LIKE '%' + @value + '%'
It works, but if somebody types a value like O'Hara into the text box - it will choke due to the concatenation (and I'm pretty sure open me up to SQL injection attacks)

If I code my SelectCommand to look like ......WHERE Field LIKE @value
It will work perfectly if I manually type the % signs in the text box for value. Including if I type %O'Hara% (the single quote no longer chokes it since I'm not concatenating anymore) - but obviously I don't want to have to teach the world to always put % sings at the start and end of their search strings on my web site.

So what is the best place to concatenate the % signs at the start and end of my search string?

This must be a VERY VERY COMMON thing to do. What are others doing about this?
AnswerRe: NOOB Question: using LIKE in SelectParameter Pin
Electron Shepherd5-Oct-10 5:06
Electron Shepherd5-Oct-10 5:06 
AnswerUse Parameterized queires Pin
David Mujica5-Oct-10 5:13
David Mujica5-Oct-10 5:13 
AnswerRe: NOOB Question: using LIKE in SelectParameter Pin
Keith Barrow5-Oct-10 5:13
professionalKeith Barrow5-Oct-10 5:13 
AnswerRe: NOOB Question: using LIKE in SelectParameter Pin
Figmo25-Oct-10 7:12
Figmo25-Oct-10 7:12 
GeneralRe: NOOB Question: using LIKE in SelectParameter Pin
Electron Shepherd5-Oct-10 8:11
Electron Shepherd5-Oct-10 8:11 
QuestionHow to present the link more elegant(ASP.Net,C#.Net) [modified] Pin
Jayadheer Reddy5-Oct-10 3:40
Jayadheer Reddy5-Oct-10 3:40 
AnswerRe: How to present the link more elegant(ASP.Net,C#.Net) Pin
Brij5-Oct-10 4:56
mentorBrij5-Oct-10 4:56 
QuestionGridview with rows calcul Pin
amina895-Oct-10 3:11
amina895-Oct-10 3:11 
AnswerRe: Gridview with rows calcul Pin
NeverHeardOfMe5-Oct-10 3:37
NeverHeardOfMe5-Oct-10 3:37 
AnswerRe: Gridview with rows calcul Pin
Brij5-Oct-10 4:06
mentorBrij5-Oct-10 4:06 
QuestionRe: Gridview with rows calcul Pin
amina895-Oct-10 23:41
amina895-Oct-10 23:41 
QuestionXML Problem Pin
InderK5-Oct-10 1:37
InderK5-Oct-10 1:37 
AnswerRe: XML Problem Pin
torken25-Oct-10 2:16
professionaltorken25-Oct-10 2:16 
AnswerCross post Pin
Not Active5-Oct-10 2:24
mentorNot Active5-Oct-10 2:24 
QuestionPrevent upload of renamed and Password protected file in asp.net C# Pin
Arokiamary5-Oct-10 1:27
Arokiamary5-Oct-10 1:27 
AnswerRe: Prevent upload of renamed and Password protected file in asp.net C# Pin
Not Active5-Oct-10 2:22
mentorNot Active5-Oct-10 2:22 
AnswerRe: Prevent upload of renamed and Password protected file in asp.net C# Pin
NeverHeardOfMe5-Oct-10 3:23
NeverHeardOfMe5-Oct-10 3:23 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.