Click here to Skip to main content
14,574,365 members

Web Development

 
PinnedHow to get an answer to your question Pin
Chris Maunder4-Sep-10 2:25
cofounderChris Maunder4-Sep-10 2:25 
PinnedHOW TO ANSWER A QUESTION PinPopular
Chris Maunder12-Jul-09 22:40
cofounderChris Maunder12-Jul-09 22:40 
QuestionRust Language Rocket Framework Pin
Saim Irfan17hrs 37mins ago
MemberSaim Irfan17hrs 37mins ago 
AnswerRe: Rust Language Rocket Framework Pin
ZurdoDev17hrs 21mins ago
mveZurdoDev17hrs 21mins ago 
Questionwhat would you recommend me to use graphs in PHP+MySQL? Pin
Joan M18-Jun-20 9:49
professionalJoan M18-Jun-20 9:49 
Questionnode js express redirect from http to https Pin
ok2113-Jun-20 1:45
Memberok2113-Jun-20 1:45 
QuestionPlotting points on interactive map Pin
StampedePress9-Jun-20 5:07
MemberStampedePress9-Jun-20 5:07 
AnswerRe: Plotting points on interactive map Pin
Saim Irfan17hrs 43mins ago
MemberSaim Irfan17hrs 43mins ago 
Questionweb development Pin
moustafa arabi6-Jun-20 3:39
Membermoustafa arabi6-Jun-20 3:39 
AnswerRe: web development Pin
Mycroft Holmes6-Jun-20 12:07
professionalMycroft Holmes6-Jun-20 12:07 
QuestionHow to successfully Async download a pdf file to a client PC vb.net web application Pin
Amer Amer5-Jun-20 22:47
MemberAmer Amer5-Jun-20 22:47 
AnswerRe: How to successfully Async download a pdf file to a client PC vb.net web application Pin
F-ES Sitecore6-Jun-20 2:40
mveF-ES Sitecore6-Jun-20 2:40 
AnswerRe: How to successfully Async download a pdf file to a client PC vb.net web application Pin
Richard Deeming8-Jun-20 0:24
mveRichard Deeming8-Jun-20 0:24 
Amer Amer wrote:
Dim sqlcom As New SqlCommand("select bookcontent,bookname from books where  bookn=" & Page.RouteData.Values("bookn").ToString & "", conn)
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.
Dim ds As New DataTable
Using sqlcom As New SqlCommand("select bookcontent,bookname from books where bookn = @bookn", conn)
    sqlcom.Parameters.AddWithValue("@bookn", Page.RouteData.Values("bookn"))
    Dim da As New SqlDataAdapter(sqlcom)
    da.Fill(ds)
End Using

If ds.Rows.Count <> 0 Then
    Dim filename As String = ds.Rows(0).Field(Of String)("bookcontent")
    Dim fff As String = ds.Rows(0).Field(Of String)("bookname")
    Dim fileInfo As FileInfo = New FileInfo(filename)
    If fileInfo.Exists Then
        Response.Clear()
        Response.Cache.SetCacheability(HttpCacheability.NoCache)
        Response.ContentType = "application/pdf"
        Response.AddHeader("Content-Disposition", "inline; filename=""" & fff & ".pdf" & """")
        Response.AddHeader("Content-Length", fileInfo.Length.ToString())
        Response.TransmitFile(filename)
        Response.Flush()
        Context.ApplicationInstance.CompleteRequest()
        Return
    End If
End If
Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

As already mentioned, this is the only way to send the file to the user. IIS is pretty good at handling file transfers; requests from other users shouldn't be blocked whilst the file is downloading.



"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer

GeneralRe: How to successfully Async download a pdf file to a client PC vb.net web application Pin
Amer Amer8-Jun-20 4:11
MemberAmer Amer8-Jun-20 4:11 
QuestionGoogle SignIn and regular account, using the same email Pin
jkirkerx2-Jun-20 12:53
professionaljkirkerx2-Jun-20 12:53 
QuestionWhere can passwords for webpages be stored, except in browser itself and Credentials Manager? Pin
arnold_w18-May-20 21:23
Memberarnold_w18-May-20 21:23 
AnswerRe: Where can passwords for webpages be stored, except in browser itself and Credentials Manager? Pin
Richard Deeming19-May-20 0:22
mveRichard Deeming19-May-20 0:22 
GeneralRe: Where can passwords for webpages be stored, except in browser itself and Credentials Manager? Pin
arnold_w19-May-20 9:16
Memberarnold_w19-May-20 9:16 
GeneralRe: Where can passwords for webpages be stored, except in browser itself and Credentials Manager? Pin
Richard Deeming19-May-20 9:25
mveRichard Deeming19-May-20 9:25 
QuestionPHP: Filtering a Wordpress admin post list by role Pin
TectonicEng17-May-20 4:30
MemberTectonicEng17-May-20 4:30 
SuggestionRe: PHP: Filtering a Wordpress admin post list by role Pin
Richard MacCutchan17-May-20 5:44
mveRichard MacCutchan17-May-20 5:44 
QuestionPowershell timer question Pin
Member 144746071-May-20 10:31
MemberMember 144746071-May-20 10:31 
QuestionWeb API Design Question Pin
Kevin Marois30-Apr-20 8:33
professionalKevin Marois30-Apr-20 8:33 
Questionweb creation Pin
Member 1480564017-Apr-20 22:01
MemberMember 1480564017-Apr-20 22:01 
AnswerRe: web creation Pin
OriginalGriff17-Apr-20 22:13
mveOriginalGriff17-Apr-20 22:13 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.