checking whats in the table - ng.asp-net-forum.security

CodeVerge.Net ^Beta
Explore Item Entry Members	Register Login

NEWSGROUP

.NET

Algorithms-Data Structures

XML

Free Download:

Zone:

> NEWSGROUP > Asp.Net Forum > general_asp.net.security

Tags:

Item Type:

NewsGroup

Date Entered:

2/3/2005 5:07:50 AM

Date Modified:

Subscribers:

Subscribe Alert

Rate It:

(NR, 0)

XPoints:

N/A

Replies:

Views:

Favorited:

Favorite

Can Reply: No

Members Can Edit: No

Online: Yes

2 Items, 1 Pages 1 |< << Go >> >|

	sontek
	Asp.Net User

checking whats in the table

2/3/2005 5:07:50 AM

0/0

Hey. I'm trying to do a login script right now... I have it checking if the username and password is correct:
Dim sqlString = "Select count(id) from users where username='" & TextBox1.Text & "' AND password='" & TextBox2.Text & "'"
Dim sqlCmd As New SqlCommand(sqlString, sqlConn)
sqlCmd.Connection.Open()

If sqlCmd.ExecuteScalar = 1 Then
Response.Write = "SUCCESS"
Else
Response.Write("NEG")
End If

But there is a 3rd row in that table called "Access" and if the username and pw match I want to grab its access and throw it into a session. How would I do that?

Also.. Why doesn't response.write() show up on my page? If I changed my if statement to change a textbox it works fine.

Sontek Blog: http://blog.sontek.net

	Fredrik2000
	Asp.Net User

Re: checking whats in the table

2/4/2005 10:14:53 PM

0/0

First of all:
You should alter the SQL select statement, since it is vulnerable to sql injections...
What if someone entered:
' OR 1=1--
into the Textbox2 textbox? Then the select statement would read:
Select count(id) from users where username='MrX' AND password='' OR 1=1--'
which would enable a mean user to log on as any user he chooses without
knowing the password. Check out a concept called parameterized queries, thiss
will help you with this problem!

The reason your response is not showing up is that you are writing it outside
the html, if you view the source of your webpage you will see the test you write
right at the beginning of the page, before the html tag...

Ok, last question about the access:
Either you could do another query in the 'If sqlCmd.ExecuteScalar = 1 Then'
statement, but this would generate more traffic to the database, the more
optimal route would be to use a datareader:

....add parameters here...
sqlString = "SELECT access FROM users WHERE username = ? AND password = ?"
SqlDataReader sqlReader = sqlCmd.ExecuteReader
If sqlReader.Read() Then
'If we have any rows in the resultset we must've hit a correct user...
Session["access"] = sqlReader["access"]
End If
sqlReader.Close()

Regards
Fredr!k

2 Items, 1 Pages 1 |< << Go >> >|

Free Download:

Books:

Business: The Ultimate Resource Authors: Basic Books, Basic Books, Pages: 2032, Published: 2006

Web Database Applications with PHP and MySQL: Building Effective Database-Driven Web Sites Authors: Hugh E. Williams, David Lane, David John Lane, Pages: 796, Published: 2004

American Dietetic Association Complete Food and Nutrition Guide Authors: Roberta Larson Duyff, American Dietetic Association, Pages: 676, Published: 2006

Windows Graphics Programming: WIN32 Gdi and DirectDraw Authors: Feng Yuan, Pages: 1280, Published: 2001

Places Through the Body Authors: Heidi J. Nast, Steve Pile, Pages: 429, Published: 1998

Accessible Access 2000 Authors: Mark Whitehorn, Bill Marklyn, Pages: 318, Published: 2000

King Arthur's Round Table: How Collaborative Conversations Create Smart Organizations Authors: David N. Perkins, Pages: 274, Published: 2003

Web:
What's new for V9.1: Check pending table state is replaced and ... What's new for V9.1: Check pending table state is replaced and iCheckPending parameter is deprecated. In Version 8, a table with constraints that have not ...
Simple-Talk - What's the best practice for checking if an ID ... What's the best practice for checking if an ID exists in a table row and adding it if its not there? Last post 8 hours, 33 minutes ago by Arles. 1 replies. ...
What's going on with "The table"... | Dynamic Chiropractic | Find ... Whats going on with "The table"... from Dynamic Chiropractic in Health provided ... to the friction-reduced table, an 800 pound leg-check-o-meter originally ...
ASP.net, What's Code to Loop Through Table look for a value from ... ASP.net, What's Code to Loop Through Table look for a value from the ... to the current record or mark check box as failed if not found. ...
LayMan for MapInfo, What's New - Layer, Table, Workspace, Layout ... What's New in LayMan version 3.00. ..... Table grid edits include data checking with warning messages. The object column is exposed allowing object ...
What We're Craving - What's On Our Table - CookingLight.com What's on Our Table. What's cooking at Cooking Light. Veggies, Front and Center ... And while I'm hyping Sunset, go check out their One-Block Diet blog. ...
G2E 2007, part 6: What's new in table games? ... to check out what's new at Ya Awada's Gaming Entertainment Inc. booth. ... for variations on blackjack, the game where I put in most of my table time. ...
What's on the table? I can scratch backs, can you?(READ CAREFULLY) What's on the table? I can scratch backs, can you? ... Local: Check Map/ NorthYork; NÃO está ok para contatar este autor da postagem com serviços ou outros ...
What's On the Table For Obama and Social Security? | The Trail ... What's On the Table For Obama and Social Security? Obama took his Social Security pitch on the ..... gjlme, I suggest checking your facts before posting. ...
TABLE: Gun Restrictions: What's on the Table Gun Restrictions: What's on the Table WAITING PERIOD ... The Senate has approved a three-day waiting period and background check at gun shows. ...

Videos:

http://www.youtube.com/v/H6FyRCTfmrU&fs=1&source=uds&autoplay=1

Kill Bill After hearing in Kill Bill vol. 2 That there weren't really 88 of the Crazy 88, well it got on my nerves. So I decided to see for myself, and answer...

http://video.google.com/googleplayer.swf?docId=-2194719572928034871&hl=en&fs=true&source=uds&playerMode=simple&autoPlay=true

Dan Lok's Turnkey Affiliate Program - How To Check Your Stats A step-by-step tutorial showing you how to check your stats for Dan Lok's Turnkey Affiliate Program.

http://www.youtube.com/v/-_2qlYuGdvU&fs=1&source=uds&autoplay=1

Soul Phunk: Winter Sneaker Summit 08 vid , Premium Table Yo, what's the deal? This is Soul Phunk presents...Yeah that's it, Soul Phunk presents. I stopped at the Premium table at the Winter Sneaker Summit ...

http://www.youtube.com/v/bkOA31IPszE&fs=1&source=uds&autoplay=1

Lupe Fiasco- Twilight Zone Twilight Zone Lyrics: Uh, uh, uh, uh, 1-5 who's crooked than One-Time? I say 1-5 who's more crooked than One-Time? Yeah, yeah check is my mic on? A...

http://www.youtube.com/v/ujyRa0bp1f8&fs=1&source=uds&autoplay=1

What Will Happen Next? epi 8 part 2 A Jemi Nelena story Guys, rate the cover i did of I'd lie of Taylor Swift, I know its bad .. but whatever! and subscribe, rate and comment, 20 to next! part 2 of episode...

http://www.youtube.com/v/DCefhZTagog&fs=1&source=uds&autoplay=1

Real Estate Agents: What's dual agency? A real estate agent typically represents either the buyer or the seller. But if a listing agent brings the buyer to the table, that real estate agent...

http://www.youtube.com/v/SHrOdPRpY2M&fs=1&source=uds&autoplay=1

Kiss Me and I'll Be In Heaven Chapter 1 Chapter 1 Tuyen(pronounced like twin if you wanted to know), Destiny, and Cheyenne just finished moving into their new house. It took them a whole we...

http://www.youtube.com/v/0cnxNzKOTDk&fs=1&source=uds&autoplay=1

YOU GOT MY HEART-chapter 8 READ!!! *holly wakes up and sees Chris at the foot of the bed just staring at the close door* Holly:your up early Chris:yea i couldn't sleep Chris:...

http://www.youtube.com/v/BNDIiL4_zjk&fs=1&source=uds&autoplay=1

Pro Tour-Kuala Lumpur: Drafting Excellence By the time you get to the fourth draft of the PT, you know who knows what's going on. Rich and Bill check in on Paul Cheon's draft on a table that a...

http://www.youtube.com/v/Vqc9jdZ-zlM&fs=1&source=uds&autoplay=1

The Reverend: Evil League of Evil application The Reverend applies for a spot at the table...stable...whatever. Don't tell him he just rapped. He'd only go into denial about it. "Ask the Reverend...

Search This Site:

Invite

History

Resources

SiteMap

bulk e-mail / newletter tolkens: 3.0.12

general question about page title

sizelayout and sizetext

3.09 local/remote configuration problem

always open in source mode.

visual studio 2005 sp1 causes site to be rebuild all the time.

anonymous demo signup?

custom control for datagrid. onselectedindexchanged event problem.

performance or security issue in using asp file in .net environment

file manager and module upload error

page load is slow(esp images) on windows vista-iis7

treeview works in firefox, but not in ie

site map best practice use

compiles, properties manipulatable in editor, runtime compilation error

master page makes iframe dissapear/possible bug?

netspell with 3.0.13?

link module...

design mode question

sqlgridselectview drill down

image not visible in vs 2008

iis7, vista and visual studio 2008

geert's mysql provider vor dnn3 ... is it in progress et when will it come out ?

cookie persistance - remember me not working

problems in vs2005 after upgrading to active directory

vs 2005 rtm is now avaliable for download for msdn subscribers

cannot write to dotnetnuke.dll

http works but https is not working, any idea?

dnn 3.0.4 localization (support for rtl)

dnn 3.0.5 - help debugging this great product

making a living coding custom modules

All Times Are GMT