newbie/noob question. request querystring in a .vb

  • Thread starter Thread starter .nLL
  • Start date Start date
N

.nLL

Hi, im am a classic asp developer and started to learn asp.net but got stuck
with a simple problem even before i step in to further.

to learn i have started from a simple project (a login system with forms)
due to projects platform (a mobile web site) i cant use cookies (cookies
arent supported on all phones), anyway because of that i do un/pw check on
very page and i have to put

Dim MyUn As String = MyFunctions.AlphaNumOnly(Request.QueryString("un"))
Dim MyPw As String = MyFunctions.AlphaNumOnly(Request.QueryString("pw"))

to every page. In classic asp i could create an include and put smilar code
to get un/pw but in asp.net (VB) i couldnt figureout how to. I ahve got my
functions.vb where i store shared functions and variables but could put
above in to it.
could anyone point me to right direction?
thanks
 
to make it clear, here is my class

--------------
Public Class MyFunctions
Public Shared Function CheckLogin(ByVal MyUnInput As String, ByVal
MyPwInput As String) As String
Dim MyResult As Integer
Dim MySql As String
MySql = "Select count(*) from users where un='" & MyUnInput & "' and
pw='" & MD5Encrypt(MyPwInput) & "'"
Dim Conn As New OleDbConnection(MyDbPath)
Dim Cmd As New OleDbCommand(MySql, Conn)
Conn.Open()
MyResult = Cmd.ExecuteScalar
Conn.Close()
Return MyResult
End Function
End Class
 
create a global.asa and add:

void Application_AuthorizeRequest(object sender, EventArgs e)
{
// call by validation code here
}


note: while shared functions are ok, shared variables (or public module
variables) are shared across all requests.

-- bruce (sqlwork.com)
 
old habits die hard, isn't there any other option to do it? i dont want to
use global.asa or web.config. reason is that i want to be able to put
project in any folder on my server without having setup an appliaciton on
iis for it. that way it is portable and can be moved without any setup on
web server
 
one thing:
this is not the right way:
MySql = "Select count(*) from users where un='" & MyUnInput & "' and
pw='" & MD5Encrypt(MyPwInput) & "'"

use parameters! this way up here you will have trouble with
sqlinjection.
that way it is portable and can be moved without any setup on web server
Click to expand...

I am curious the way you are developing...
in my idea: just put global.asax and web.config in the root folder of
the website using the asp.net page, and is done, what else?
I mean web.config is required.

Simone Foschi
MCTS Sql Server 2005
 
Back
Top