Query String Example

Patrick.O.Ige · Apr 30, 2004

I need example in ASP.NET where i can use a link for example:-
http://localhost/naija.aspx?id=1
And recieve my data from the database table where id="1"
Thx alot

Matt Berther · Apr 30, 2004

Hello Patrick.O.Ige,

SqlConnection conn = new SqlConnection("yourConnectionString");
SqlCommand cmd = new SqlCommand("SELECT * FROM table where id=@ID", conn);
cmd.Parameters.Add("@ID", Request.QueryString["id"]);
using (IDataReader rdr = cmd.ExecuteReader(CommandBehavior.CloseConnection))
{
... do something with your data
}

Joerg Jooss · May 8, 2004

Matt said:
Hello Patrick.O.Ige,

SqlConnection conn = new SqlConnection("yourConnectionString");
SqlCommand cmd = new SqlCommand("SELECT * FROM table where id=@ID",
conn); cmd.Parameters.Add("@ID", Request.QueryString["id"]);
using (IDataReader rdr =
cmd.ExecuteReader(CommandBehavior.CloseConnection)) {
.. do something with your data
}

While the code is fine, this approach is a bad idea if the information read
from the database is sensitive. Users can simply probe the database contents
by "walking" ids.

Cheers,

Query String Example

Patrick.O.Ige

Matt Berther

Joerg Jooss