how to know a Request.Param value is numeric type or not?

[2003et]

How can I understand a Request.Params object's type?

I need this:
User enters www.domain.com/myfile.aspx?6
then myfile.aspx.cs use
"SELECT name FROM people WHERE id="+Request.Params[0];

so if the user enters the parameter as string instead of integer:
www.domain.com/myfile.aspx?test

the page fails!

How can I prevent this? I think I should analize the first param's type but
how?

Thanks in advance

E.T.

 

[Jason DeFontes]

try
{
int id = int.Parse(Request.Params[0]);
// continue with your sql processing
}
catch
{
// show an error message
}

-Jason

 

[2003et]

oh right...

Thank you

try
{
int id = int.Parse(Request.Params[0]);
// continue with your sql processing
}
catch
{
// show an error message
}

-Jason

How can I understand a Request.Params object's type?

I need this:
User enters www.domain.com/myfile.aspx?6
then myfile.aspx.cs use
"SELECT name FROM people WHERE id="+Request.Params[0];

so if the user enters the parameter as string instead of integer:
www.domain.com/myfile.aspx?test

the page fails!

How can I prevent this? I think I should analize the first param's type but
how?

Thanks in advance

E.T.

 

[John Lemp]

And if a user enters:
www.domain.com/myfile.aspx?1;DROP DATABASE master

the page will really fail.


"SELECT name FROM people WHERE id="+Request.Params[0];

oh right...

Thank you

try
{
int id = int.Parse(Request.Params[0]);
// continue with your sql processing
}
catch
{
// show an error message
}

-Jason

How can I understand a Request.Params object's type?

I need this:
User enters www.domain.com/myfile.aspx?6
then myfile.aspx.cs use
"SELECT name FROM people WHERE id="+Request.Params[0];

so if the user enters the parameter as string instead of integer:
www.domain.com/myfile.aspx?test

the page fails!

How can I prevent this? I think I should analize the first param's type

but

how?

Thanks in advance

E.T.