Use of the connectionstring from my web.config

  • Thread starter Thread starter egsdar
  • Start date Start date
E

egsdar

Hello, I'd like to improve this code, because there's is a better way to use
the connectionstring from my web.config file instead of using:

Dim objConn As New
OleDbConnection("Provider=SQLNCLI;Server=db2fx981\comware;Database=SIP;Trusted_Connection=yes;")

This is my code:

<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.OleDb" %>

<script runat="server">

Sub Page_Load(ByVal obj As Object, ByVal e As EventArgs)
Hidden1.Value = Request.QueryString("id")
If IsPostBack() Then
Dim objConn As New
OleDbConnection("Provider=SQLNCLI;Server=db2fx981\comware;Database=SIP;Trusted_Connection=yes;")
objConn.Open()
Dim sSQL, Resul As String
sSQL = "Insert into Propuesta (idprospecto, Objeto, fecharecibo,
fechaentrega, idusuario, idestado ) values ('" & Hidden1.Value & "', '" &
TxtObjeto.Text & "', " & TxtFechaRecibo.Text & ", " & TxtFechaCierre.Text &
", '" & DropDownVendedor.SelectedValue & "', '" &
DropDownEstado.SelectedValue & "')"
Response.Write(sSQL)
'Response.End()
Dim objCmd As New OleDbCommand(sSQL, objConn)

Resul = objCmd.ExecuteNonQuery
If Resul Then
Label1.Visible = True
End If
End If
End Sub
</script>

Thx.
 
AAMOI, is there a reason that you're using the SQL Native Client instead of
the SQL Server .NET data provider?
Well, there's no reason at all, just i found that, do you have any
suggestions?
 
there is a <connectionStrings> section in the web.config. add one for your
database then:

var s = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString;

also you should read about sql injection because your code has this huge
security hole.

-- bruce (sqlwork.com)
 
Thx all for your support, but unfortunately after the changes I'm receiving
this error message:

Keyword not supported: 'provider'.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information about
the error and where it originated in the code.

Exception Details: System.ArgumentException: Keyword not supported:
'provider'.

Source Error:

An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can
be identified using the exception stack trace below.

Stack Trace:


[ArgumentException: Keyword not supported: 'provider'.]
System.Data.Common.DbConnectionOptions.ParseInternal(Hashtable
parsetable, String connectionString, Boolean buildChain, Hashtable synonyms,
Boolean firstKey) +263
System.Data.Common.DbConnectionOptions..ctor(String connectionString,
Hashtable synonyms, Boolean useOdbcRules) +129
System.Data.SqlClient.SqlConnectionString..ctor(String connectionString)
+124
System.Data.SqlClient.SqlConnectionFactory.CreateConnectionOptions(String
connectionString, DbConnectionOptions previous) +46

System.Data.ProviderBase.DbConnectionFactory.GetConnectionPoolGroup(String
connectionString, DbConnectionPoolGroupOptions poolOptions,
DbConnectionOptions& userConnectionOptions) +201
System.Data.SqlClient.SqlConnection.ConnectionString_Set(String value) +81
System.Data.SqlClient.SqlConnection.set_ConnectionString(String value) +28
System.Web.UI.WebControls.SqlDataSource.CreateConnection(String
connectionString) +63

System.Web.UI.WebControls.SqlDataSourceView.ExecuteSelect(DataSourceSelectArguments arguments) +215
System.Web.UI.DataSourceView.Select(DataSourceSelectArguments arguments,
DataSourceViewSelectCallback callback) +84
System.Web.UI.WebControls.DataBoundControl.PerformSelect() +154
System.Web.UI.WebControls.BaseDataBoundControl.DataBind() +99
System.Web.UI.WebControls.GridView.DataBind() +24
System.Web.UI.WebControls.BaseDataBoundControl.EnsureDataBound() +91
System.Web.UI.WebControls.CompositeDataBoundControl.CreateChildControls()
+101
System.Web.UI.Control.EnsureChildControls() +134
System.Web.UI.Control.PreRenderRecursiveInternal() +109
System.Web.UI.Control.PreRenderRecursiveInternal() +233
System.Web.UI.Control.PreRenderRecursiveInternal() +233
System.Web.UI.Control.PreRenderRecursiveInternal() +233
System.Web.UI.Control.PreRenderRecursiveInternal() +233
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +4418


And this is what I got from the web.config file:

<connectionStrings>
<add name="SIPConnectionString"
connectionString="Provider=SQLNCLI;Server=db2fx981\comware;Database=SIP;Trusted_Connection=yes;" providerName="System.Data.SqlOleDb"/>
</connectionStrings>

And this is my code at my aspx page:


<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Configuration" %>
<%@ Import Namespace="System.Data.OleDb" %>

<script runat="server">

Sub Page_Load(ByVal obj As Object, ByVal e As EventArgs)
Hidden1.Value = Request.QueryString("id")
If IsPostBack() Then
Dim objConn As New
OleDbConnection(ConfigurationManager.ConnectionStrings("SIPConnectionString").ConnectionString)
objConn.Open()
Dim sSQL, Resul, COP, USD As String
COP = Replace(TxtCOP.Text, ".", ",")
USD = Replace(TxtUSD.Text, ".", ",")
sSQL = "Insert into Propuesta (idprospecto, Objeto, fecharecibo,
fechaentrega, idusuario, idestado, presupuestocop, presupuestousd ) values
('" & Hidden1.Value & "', '" & TxtObjeto.Text & "', " & TxtFechaRecibo.Text &
", " & TxtFechaCierre.Text & ", '" & DropDownVendedor.SelectedValue & "', '"
& DropDownEstado.SelectedValue & "', '" & COP & "', '" & USD & "')"

Dim objCmd As New OleDbCommand(sSQL, objConn)

Resul = objCmd.ExecuteNonQuery
If Resul Then
Label1.Visible = True
End If
End If
End Sub
</script>

How can I solve this out?




bruce barker said:
there is a <connectionStrings> section in the web.config. add one for your
database then:

var s = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString;

also you should read about sql injection because your code has this huge
security hole.

-- bruce (sqlwork.com)


egsdar said:
Hello, I'd like to improve this code, because there's is a better way to use
the connectionstring from my web.config file instead of using:

Dim objConn As New
OleDbConnection("Provider=SQLNCLI;Server=db2fx981\comware;Database=SIP;Trusted_Connection=yes;")

This is my code:

<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.OleDb" %>

<script runat="server">

Sub Page_Load(ByVal obj As Object, ByVal e As EventArgs)
Hidden1.Value = Request.QueryString("id")
If IsPostBack() Then
Dim objConn As New
OleDbConnection("Provider=SQLNCLI;Server=db2fx981\comware;Database=SIP;Trusted_Connection=yes;")
objConn.Open()
Dim sSQL, Resul As String
sSQL = "Insert into Propuesta (idprospecto, Objeto, fecharecibo,
fechaentrega, idusuario, idestado ) values ('" & Hidden1.Value & "', '" &
TxtObjeto.Text & "', " & TxtFechaRecibo.Text & ", " & TxtFechaCierre.Text &
", '" & DropDownVendedor.SelectedValue & "', '" &
DropDownEstado.SelectedValue & "')"
Response.Write(sSQL)
'Response.End()
Dim objCmd As New OleDbCommand(sSQL, objConn)

Resul = objCmd.ExecuteNonQuery
If Resul Then
Label1.Visible = True
End If
End If
End Sub
</script>

Thx.
 
Back
Top