Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Matthew Berner 47 posts 327 karma points
    Sep 20, 2018 @ 16:55
    Matthew Berner
    0

    I have a search form on ASP.net web form site. I tried using a UserControl and form did not submit or work. I trired form tags. Any Ideas? Here is enter code hereform code:

    <%@ Control Language="C#" AutoEventWireup="true" CodeFile="medicineSearchform.ascx.cs" Inherits="usercontrols_MedicineSearch_medicineSearchform" %>
    
    
                    <a id="top"></a> 
                    <div class="feature">
        <div class="title-bar search">
            Asthma Medicine Search
        </div>
        <div class="inner table">
            <table>
                <tr>
                    <td>
                        <table>
                            <tr>
                                <td colspan="2"><p><b>Brand or Drug Name:</b></p></td></tr>
    
                            <tr>
                                <td colspan="2"><asp:TextBox ID="TextBox1" runat="server"></asp:TextBox></td>
                            </tr>
                        </table>
                    </td>
    
                </tr>
                <tr>
                    <td>
                        <table>
                            <tr>
                                <td style="width:70%"><p><b>Filter by:</b></p></td></tr>
                                <tr>
                            <td style="text-align:left";><p><b>Medicine Use</b></p><br /><asp:DropDownList ID="DropDownList1" runat="server">
                                                                    <asp:ListItem Value="">All</asp:ListItem>
                                                                    <asp:ListItem Value="Long-term control">Long-term control</asp:ListItem>
                                                                    <asp:ListItem Value="Quick-relief">Quick-relief</asp:ListItem>
                                                                    </asp:DropDownList>
                                   <asp:TextBox ID="TextBox2" runat="server" style="display:none"></asp:TextBox>
                                <asp:TextBox ID="TextBox3" runat="server" style="display:none"></asp:TextBox>
                                </td></tr>
                            <tr>
                                <td style="text-align:left">
                                    <br />
                                    <p><b>Type of Medicine</b></p><br /><asp:DropDownList ID="DropDownList2" runat="server">
                                        <asp:ListItem Value="">All</asp:ListItem>
                                        <asp:ListItem Value="Anticholinergics">Anticholinergics</asp:ListItem>
                                        <asp:ListItem Value="Biologics">Biologics</asp:ListItem>
                                        <asp:ListItem Value="Combination inhaled medicines">Combination inhaled medicines</asp:ListItem>
                                        <asp:ListItem Value="Cromolyn Sodium">Cromolyn Sodium</asp:ListItem>
                                        <asp:ListItem Value="Inhaled corticosteroid">Inhaled corticosteroid</asp:ListItem>
                                        <asp:ListItem Value="Inhaled long-acting beta agonists">Inhaled long-acting beta agonists</asp:ListItem>
                                        <asp:ListItem Value="Leukotriene modifiers">Leukotriene modifiers</asp:ListItem>
                                        <asp:ListItem Value="Oral corticosteroids">Oral corticosteroids</asp:ListItem>
                                        <asp:ListItem Value="Short-acting beta agonists">Short-acting beta agonists</asp:ListItem>
                                        <asp:ListItem Value="Theophylline">Theophylline</asp:ListItem>
    
                                    </asp:DropDownList>
                                </td>
                            </tr>
                        </table>
    
                    </td>
                  </tr>
            </table>
            <div class="clearfix" style="padding:0 10px 0;">
                <div style="float:right">
                    <asp:Button ID="Button1" runat="server" Text="Submit" onclick="Button1_Click" />
                    <br style="clear:both" />
                    <br />
    
               </div>
            </div>
    
    
        </div>
    </div>
            <div class="search-results" id="resultsPanel" runat="server">
                <div id="res">
                <p>
                    <asp:Label ID="Label1" runat="server" Text="Label" ForeColor="Maroon"></asp:Label>
                </p>
                <p>
                    <asp:Label ID="Label2" runat="server" Text="Label" ForeColor="Maroon"></asp:Label>
                </p>
    
                <asp:Repeater ID="AsthmaRepeater" runat="server">
                    <HeaderTemplate>
                        <div class="headerSection">
                            <div class="headerDrug">
                                <h3>Drug Information</h3>
                            </div>
                            <div class="headerSideEffects">
                                <h3>Possible Side Effects</h3>
                            </div>
                            <div class="headerImage">
                                <h3>Image</h3>
                            </div>
                        </div>
    
                    </HeaderTemplate>
                    <ItemTemplate>
                        <div class="itemSection">
    
                                <div class="itemDrug">
                                <p><strong>Drug Name:</strong>
                                <asp:Label ID="Label1" runat="server" Text='<%# Eval("DrugName") %>' /><br style="line-height:24px"/>
                                <strong>Brand:</strong>
                                <asp:Label ID="lblBrand" runat="server" Text='<%# Eval("Brand") %>' /><br style="line-height:24px"/>
                                <strong>Medicine Use:</strong>
                                <asp:Label ID="lblMedicineUse" runat="server" Text='<%# Eval("MedicineUse") %>' /><br style="line-height:24px"/>
                                <strong>Type of Medicine:</strong>
                                <asp:Label ID="LblTypeMedicine" runat="server" Text='<%# Eval("TypeMedicine") %>' /><br style="line-height:24px"/>
    
                                <strong>Form:</strong>
                                <asp:Label ID="LblForm" runat="server" Text='<%# Eval("Form") %>'  /><br style="line-height:24px"/>
    
    
                                <strong>Prescribing Information:</strong>
                                <asp:Label ID="LblPrescribingInfo" runat="server" Text='<%# Eval("PrescribingInfo") %>' /><br style="line-height:24px"/>
                                 <!--
                                 <span style="font-size:12px"> 
                                     <strong>Notes:</strong>
                                <asp:Label ID="LblNotes" runat="server" Text='<%# Eval("Notes") %>'  /></span><br style="line-height:24px"/>
                                    -->
    
                                </p>
    
    
    
    
    
                            </div>
    
                            <div class="itemSideEffets"><asp:Label ID="LblPossibleSideEffects" runat="server" Text='<%# Eval("PossibleSideEffects") %>' /></div>
    
                            <div class="itemImage"><asp:Label ID="LblImage" runat="server" Text='<%# Eval("Picture") %>' /></div>
    
                        </div>
                        <div style="clear:both"></div>
                        <hr />
                    </ItemTemplate>
                    <FooterTemplate></FooterTemplate>
    
                </asp:Repeater></div>
                <p><a href="/medical-scientific-council/">Medical Review</a> August 2018.</p>
                <a href="#top">Return to top of search</a>
    

    How do I get this to work?

  • Matthew Berner 47 posts 327 karma points
    Sep 20, 2018 @ 17:03
    Matthew Berner
    0

    Here is the back end code:

    using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls;using System.Text; using System.Data; using System.Data.SqlClient; using System.Configuration; using Umbraco.Core;using Umbraco.Core.Persistence.DatabaseAnnotations; using Umbraco.Core.Persistence; public partial class usercontrols_MedicineSearch_medicineSearchform : System.Web.UI.UserControl{
    public SqlConnection con;
    public string query;
    public string constr;
    
    
    public void connection()
    {
        constr = ConfigurationManager.ConnectionStrings["umbracoDbDSN"].ToString();
        con = new SqlConnection(constr);
        con.Open();
    }
    
    protected void Page_Load(object sender, EventArgs e)
    {
    
        Label1.Visible = false;
        Label2.Visible = false;
    
    }
    
    private void Medicine_Bind()
    {
        TextBox2.Text = DropDownList1.SelectedItem.Value;
        TextBox3.Text = DropDownList2.SelectedItem.Value;
    
        connection();
        StringBuilder sb = new StringBuilder();
        sb.Append("SELECT * FROM CMasthmaMedicines WHERE MedicineUse LIKE '");
        sb.Append(TextBox2.Text);
        sb.Append("%'");
    
        sb.Append(" AND ");
        sb.Append("(DrugName LIKE'");
        sb.Append("%'");
        sb.Append(" OR ");
    
        sb.Append("Brand LIKE'");
        sb.Append(TextBox1.Text);
        sb.Append("%')");
    
        sb.Append(" AND ");
        sb.Append("TypeMedicine LIKE'");
        sb.Append(TextBox3.Text);
        sb.Append("%'");
    
        sb.Append("ORDER BY DrugName ASC");
    
        query = sb.ToString();
        SqlDataAdapter da = new SqlDataAdapter(query, con);
        DataSet ds = new DataSet();
        da.Fill(ds);
        AsthmaRepeater.DataSource = ds;
        AsthmaRepeater.DataBind();
    
    }
    protected void Button1_Click(object sender, EventArgs e)
    {
    
        Label1.Visible = true;
        Label1.Text = "We could not find '" + TextBox1.Text + "'&nbsp;in our records. Please check the spelling of your search term and reset Medicine Use and Type of Medicine to All."; ;
    
        TextBox2.Text = DropDownList1.SelectedItem.Value;
        TextBox3.Text = DropDownList2.SelectedItem.Value;
    
        connection();
        StringBuilder sb2 = new StringBuilder();
        sb2.Append("SELECT DrugName, Brand, MedicineUse, TypeMedicine FROM AsthmaMedicines WHERE MedicineUse LIKE '");
        sb2.Append(TextBox2.Text);
        sb2.Append("%'");
    
    
        sb2.Append(" AND ");
        sb2.Append("(DrugName LIKE'");
        sb2.Append(TextBox1.Text);
        sb2.Append("%'");
        sb2.Append(" OR ");
    
        sb2.Append("Brand LIKE'");
        sb2.Append(TextBox1.Text);
        sb2.Append("%')");
    
        sb2.Append(" AND ");
    
    
    
    
        sb2.Append("TypeMedicine LIKE'");
        sb2.Append(TextBox3.Text);
        sb2.Append("%'");
    
        sb2.Append("ORDER BY DrugName ASC");
    
    
        string query = sb2.ToString();
    
    
    
        SqlCommand com = new SqlCommand(query, con);
    
        SqlDataReader dr;
        dr = com.ExecuteReader();
        if (dr.HasRows)
        {
            dr.Read();
    
            Medicine_Bind();
            AsthmaRepeater.Visible = true;
            TextBox3.Text = "";
            TextBox2.Text = "";
            TextBox1.Text = "";
            Label1.Text = "";
    
                  }
        else
        {
            AsthmaRepeater.Visible = false;
        }
    
    }
    
  • Dan Diplo 1554 posts 6205 karma points MVP 5x c-trib
    Sep 20, 2018 @ 21:11
    Dan Diplo
    1

    In Umbraco you should really be using MVC forms. See https://our.umbraco.com/documentation/reference/templating/mvc/forms

    But apart from that I would seriously look at rewriting your code behind for this form as you have a really big security issue here for potential SQL Injection with the way you are building your SQL query (by concatenation).

    You need to use properly parameterized queries in order to prevent this vector otherwise you run a very serious risk of having your entire database leaked or deleted. See https://stackoverflow.com/questions/35163361/how-can-i-add-user-supplied-input-to-an-sql-statement?answertab=votes#tab-top

  • Matthew Berner 47 posts 327 karma points
    Sep 25, 2018 @ 18:07
    Matthew Berner
    0

    Thanks I used one of your links to help me render the form. Now all I have to do figure how to take submitted data and search the database in questions. If you have any ideas or thoughts that would be great. I am coming up empty. The old site used webforms and connected to db and pulled the data. Now I am stuck

  • Matthew Berner 47 posts 327 karma points
    Nov 29, 2018 @ 21:43
    Matthew Berner
    100

    I got form working on the site.

Please Sign in or register to post replies

Write your reply to:

Draft