Results 1 to 4 of 4

Thread: Session Query?

  1. #1

    Thread Starter
    Member
    Join Date
    Dec 2009
    Posts
    62

    Session Query?

    Using VS2010, NET 3.5 - VB

    Is this the proper way to do a query from a session?

    "SELECT * FROM Members WHERE " + Session("Email") + "= Email"

    Thanks!

  2. #2
    Super Moderator jmcilhinney's Avatar
    Join Date
    May 2005
    Location
    Sydney, Australia
    Posts
    111,221

    Re: Session Query?

    So, this is an ASP.NET application and you have the an email address in a session variable, correct? You then want to get all the information for the member with that email address, correct? If so then it should be like this:
    vb.net Code:
    1. myCommand.CommandText = "SELECT * FROM Members WHERE Email = @Email"
    2. myCommand.Parameters.AddWithValue("@Email", Session("Email"))
    For more information on using parameters, follow the last link in my signature.
    Why is my data not saved to my database? | MSDN Data Walkthroughs
    VBForums Database Development FAQ
    My CodeBank Submissions: VB | C#
    My Blog: Data Among Multiple Forms (3 parts)
    Beginner Tutorials: VB | C# | SQL

  3. #3
    Lively Member
    Join Date
    Apr 2010
    Posts
    105

    Re: Session Query?

    Quote Originally Posted by acrow View Post
    "SELECT * FROM Members WHERE " + Session("Email") + "= Email"
    That is asking for a SQL Injection Attack
    I wrote a book Visual Studio 2008 Programming
    Amazon.com / Visual Studio 2008 Programming / By Jamie Plenderleith & Steve Bunn

  4. #4
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    6,763

    Re: Session Query?

    Hi.
    I don't suppose you mean, Membership.GetUser().Email.ToString ?
    ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
    πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width