|
-
Jun 23rd, 2010, 10:10 PM
#1
Thread Starter
Member
Session Query?
Using VS2010, NET 3.5 - VB
Is this the proper way to do a query from a session?
"SELECT * FROM Members WHERE " + Session("Email") + "= Email"
Thanks!
-
Jun 24th, 2010, 01:33 AM
#2
Re: Session Query?
So, this is an ASP.NET application and you have the an email address in a session variable, correct? You then want to get all the information for the member with that email address, correct? If so then it should be like this:
vb.net Code:
myCommand.CommandText = "SELECT * FROM Members WHERE Email = @Email" myCommand.Parameters.AddWithValue("@Email", Session("Email"))
For more information on using parameters, follow the last link in my signature.
-
Jun 24th, 2010, 10:48 AM
#3
Lively Member
Re: Session Query?
 Originally Posted by acrow
"SELECT * FROM Members WHERE " + Session("Email") + "= Email"
That is asking for a SQL Injection Attack
I wrote a book  Visual Studio 2008 Programming
Amazon.com / Visual Studio 2008 Programming / By Jamie Plenderleith & Steve Bunn
-
Jun 24th, 2010, 07:14 PM
#4
Re: Session Query?
Hi.
I don't suppose you mean, Membership.GetUser().Email.ToString ?
ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|