Client Program-To-Web Database

**cjqp** · Aug 4th, 2004, 11:56 AM

I'm writing a VB application that has to talk to a database on a website. The method I've come up with is this:
Client program submits an SQL statement to a webpage through a querystring (IE: http://test.com/default.asp?SQL=SELECT * FROM BOOKS)
The page would then run the query string, and then return a recordset (if it was a SELECT statement).

Two questions:
1)Is there a better way?
2)How do I keep the page from caching?

cjqp

**Danial** · Aug 4th, 2004, 12:37 PM

Originally posted by cjqp
I'm writing a VB application that has to talk to a database on a website. The method I've come up with is this:
Client program submits an SQL statement to a webpage through a querystring (IE: http://test.com/default.asp?SQL=SELECT * FROM BOOKS)
The page would then run the query string, and then return a recordset (if it was a SELECT statement).

Two questions:
1)Is there a better way?
2)How do I keep the page from caching?

cjqp

That is extremly dangerous !!

Imageine if a some one passes this
"Delete From Books"

Or even worse Delete all the Table using SQL Statement. Even without passing SQL stement "Injection Attack" are causing havoc on many web sites. Under no circomostance you should pass SQL Query over a HTTP connection.

My suggestion would be to Return data as XML and your VB App will simply read the returned XML and display the data.

say in Server you will have Book.asp

Design your book asp which can take up parameters such as BookName, Category, AuthorName, Publisher etc and return the filter data as XML.

Hope this helps.

Hope this helps.

**cjqp** · Aug 4th, 2004, 09:49 PM

Well, I also need to update/add/delete records from the database, and I was going to make it passworded.

cjqp

**Danial** · Aug 5th, 2004, 05:46 AM

Originally posted by cjqp
Well, I also need to update/add/delete records from the database, and I was going to make it passworded.

cjqp

When you pass data over HTTP it's passed as Plain Text, anyone with a limited amount of knowledge can grab the password.

Anyhow its your wish, i am letting you know what could happen.

**cjqp** · Aug 5th, 2004, 10:36 AM

Thanks for the warning, I hadn't thought about it, maybe I'll add an encryption...anyway, how can I prevent any pages from caching?

cjqp

**Danial** · Aug 5th, 2004, 11:10 AM

Originally posted by cjqp
Thanks for the warning, I hadn't thought about it, maybe I'll add an encryption...anyway, how can I prevent any pages from caching?

cjqp

Yes encription is an good option, but never send Password (even encrypted) over HTTP.

Put this at the top of your ASP page, this will stop the Browser from caching your page. I tend to put these lines in a Include file and just include it in each pages i dont wish to cache.

VB Code:

Response.CacheControl="no-cache"
Response.AddHeader "Pragma","no-cache"
Response.Expires=0

**cjqp** · Aug 6th, 2004, 07:18 PM

Ok, thanks for the thoughts and the ASP for no caching, I've only seen the Response.Expires before, didn't know about the other headers.

cjqp

**Danial** · Aug 8th, 2004, 03:27 PM

Originally posted by cjqp
Ok, thanks for the thoughts and the ASP for no caching, I've only seen the Response.Expires before, didn't know about the other headers.

cjqp

Some time Response.Expires do not work, so just to be in the safe side i use all of them. I think it could be a bug or some browser ignores it.

Thread: Client Program-To-Web Database

Thread Tools

Display

Client Program-To-Web Database

Re: Client Program-To-Web Database

Posting Permissions