(SOLVED) Having problem showing just a section of a page.
-
Greetings again experts. Could you please help me out on this one. I have a very long markup page that is used for various activities. There is a section that allows users to enter a value into a search box and click the search button. If there is a hit, a page is populated with the values from the search hit. This works. If however, the search turns up nothing, then we would like to popup a section of the page with several form controls which allows user to enter the values that did not turn up during search and submit to the database. I tried using hide/show panel control but nothing is showing up. I tried hide and show div but no luck. I would truly appreciate any assistance with this. I am pasting only the section of the code that needs to be displayed in a popup, perhaps in the middle of the page. Many thanks in advance.
Add Rebatable Toilets **How many toilets?** < -
Greetings again experts. Could you please help me out on this one. I have a very long markup page that is used for various activities. There is a section that allows users to enter a value into a search box and click the search button. If there is a hit, a page is populated with the values from the search hit. This works. If however, the search turns up nothing, then we would like to popup a section of the page with several form controls which allows user to enter the values that did not turn up during search and submit to the database. I tried using hide/show panel control but nothing is showing up. I tried hide and show div but no luck. I would truly appreciate any assistance with this. I am pasting only the section of the code that needs to be displayed in a popup, perhaps in the middle of the page. Many thanks in advance.
Add Rebatable Toilets **How many toilets?** <samflex wrote:
Dim sqlStatement As String = "Select o.PrimaryFirst, o.PrimaryLast, ap.applicant, FORMAT(ap.DateReceived, 'd','us') as DateReceived,o.SecondaryFirst,o.SecondaryLast,ad.InstallAddress,ad.InstallCity, ad.InstallState, ad.InstallZip, ad.WaterAcctNo from Applications ap "
sqlStatement += "inner Join Addresses ad on ap.WaterAccountNo = ad.WaterAcctNo inner join Owner o on ap.OwnerCode = o.OwnerID Where ad.InstallAddress Like '%" & address.Replace("'", "''").Trim() & "%'"Your code is almost certainly vulnerable to SQL Injection[^]. NEVER use string concatenation/interpolation to build a SQL query. ALWAYS use a parameterized query.
Const sqlStatement As String = "Select o.PrimaryFirst, o.PrimaryLast, ap.applicant, FORMAT(ap.DateReceived, 'd','us') as DateReceived, o.SecondaryFirst, o.SecondaryLast, ad.InstallAddress, ad.InstallCity, ad.InstallState, ad.InstallZip, ad.WaterAcctNo from Applications ap inner Join Addresses ad on ap.WaterAccountNo = ad.WaterAcctNo inner join Owner o on ap.OwnerCode = o.OwnerID Where ad.InstallAddress Like @query"
Using sqlCmd2 As New SqlCommand(sqlStatement, myConnection)
sqlCmd2.Parameters.AddWithValue("@query", address.Trim())
Using reader As SqlDataReader = sqlCmd2.ExecuteReader()
If reader.HasRows Then
div1.Visible = False
While reader.Read()
' NB: Overwriting the contents of a single set of controls with the
' data from each record; you will only display the last record.installationAddress.Text = String.Format("{0} {1}, {2} {3}", reader("InstallAddress"), reader("InstallCity"), reader("InstallState"), reader("InstallZip")) waterAccountNumber.Text = reader("WaterAcctNo").ToString() ownerInformation.Text = String.Format("{0} {1}", reader("PrimaryFirst"), reader("PrimaryLast")) dateReceived.Text = reader("dateReceived").ToString() applicantName.Text = reader("applicant").ToString() End While Else div1.Visible = True End If End UsingEnd Using
-
samflex wrote:
Dim sqlStatement As String = "Select o.PrimaryFirst, o.PrimaryLast, ap.applicant, FORMAT(ap.DateReceived, 'd','us') as DateReceived,o.SecondaryFirst,o.SecondaryLast,ad.InstallAddress,ad.InstallCity, ad.InstallState, ad.InstallZip, ad.WaterAcctNo from Applications ap "
sqlStatement += "inner Join Addresses ad on ap.WaterAccountNo = ad.WaterAcctNo inner join Owner o on ap.OwnerCode = o.OwnerID Where ad.InstallAddress Like '%" & address.Replace("'", "''").Trim() & "%'"Your code is almost certainly vulnerable to SQL Injection[^]. NEVER use string concatenation/interpolation to build a SQL query. ALWAYS use a parameterized query.
Const sqlStatement As String = "Select o.PrimaryFirst, o.PrimaryLast, ap.applicant, FORMAT(ap.DateReceived, 'd','us') as DateReceived, o.SecondaryFirst, o.SecondaryLast, ad.InstallAddress, ad.InstallCity, ad.InstallState, ad.InstallZip, ad.WaterAcctNo from Applications ap inner Join Addresses ad on ap.WaterAccountNo = ad.WaterAcctNo inner join Owner o on ap.OwnerCode = o.OwnerID Where ad.InstallAddress Like @query"
Using sqlCmd2 As New SqlCommand(sqlStatement, myConnection)
sqlCmd2.Parameters.AddWithValue("@query", address.Trim())
Using reader As SqlDataReader = sqlCmd2.ExecuteReader()
If reader.HasRows Then
div1.Visible = False
While reader.Read()
' NB: Overwriting the contents of a single set of controls with the
' data from each record; you will only display the last record.installationAddress.Text = String.Format("{0} {1}, {2} {3}", reader("InstallAddress"), reader("InstallCity"), reader("InstallState"), reader("InstallZip")) waterAccountNumber.Text = reader("WaterAcctNo").ToString() ownerInformation.Text = String.Format("{0} {1}", reader("PrimaryFirst"), reader("PrimaryLast")) dateReceived.Text = reader("dateReceived").ToString() applicantName.Text = reader("applicant").ToString() End While Else div1.Visible = True End If End UsingEnd Using
