Are we back to this????
What if the sun will not come up tomorrow.....
Any programming is based on assumptions.... And it's good to have those
assumptions.
Let say ProductId is id in MsSql database which is marked as integer. Then
the page will return an error trying to convert productid to integer and
database will be protected from virus that hits your site with urls like
this
/product.aspx?id=31147'%20and%20char(124)%2Buser%2Bchar(124)=0%20and%20''='
Again, let me repeat myself that any programming is based on assumptions.
Assumptions can be as simple as for example in DB first name is only
limited to 250 characters. It's an assumption. Very realistic but still it
is.
George.
Mark Rae said:
And what if Request("productid") is "ABCD" ?
I would point out that unless there is a good case for it the Options Strict
and Explict should be set to on. This will help to ensure that this kind of
problem is pointed out prior to testing.
The line Dim intProductID As Integer = Trim(o.ToString()) will be flagged
indicating that since o is an object (could be just about anything) needs to
be converted to an integer.
LS
