tags:

views:

191

answers:

2
Q: 

Odd issue with textbox and ASP.NET

This code was working properly before, basically I have a master page that has a single text box for searching, I named it searchBox. I have a method to pull the content of searchBox on form submit and set it to a variable userQuery. Here is the method:

Public Function searchString(ByVal oTextBoxName As String) As String
    If Master IsNot Nothing Then
        Dim txtBoxSrc As New TextBox
        txtBoxSrc = CType(Master.FindControl(oTextBoxName), TextBox)
        If txtBoxSrc IsNot Nothing Then
            Return txtBoxSrc.Text
        End If
    End If
    Return Nothing
End Function

The results are displayed on search.aspx. Now, however, if searchBox is filled and submitted on a page other than search.aspx, the contents of the text box are not passed through. The form is very simple, just:

<asp:TextBox ID="searchBox" runat="server"></asp:TextBox>
<asp:Button ID="searchbutton" runat="server" Text="search" UseSubmitBehavior="True" PostBackUrl="~/search.aspx" CssClass="searchBtn" />.

+1  A: 

I think because you are using PostBackUrl, you are going to be required to use the "PreviousPage" identifier to reference your variable.

Another solution would to not use the PostBackUrl property and to capture the event within the user control (I'm assuming you are encapsulating this in one location) and then use the:

Response.Redirect("/search.aspx?sQuery=" & Server.URLEncode(searchBox.Text))

since you are not necessarily passing sensitive data, this should be acceptable as well.

Kyle B.  2008-10-30 21:02:25
If you do decide to do the above, the for the love of all that is holy, please make sure you are properly sanitizing that sQuery variable (or using a parameterized query) before you shove it off to your database.
Eoin Campbell  2008-10-30 21:09:49
Agreed. Good point. Having a data access layer which properly sanitizes parameters is crucial. That should be the case regardless of whether or not it is being sent through the QueryString.
Kyle B.  2008-10-30 21:13:23
I use parameterized queries for all my SQL transactions, however is sanitizing necessary for a search function?
Anders  2008-10-30 21:15:23
+1  A: 

I agree with Kyle as to why it doesn't work and the solution if you want to continue to access the value via the text control, but you can also pluck the form data out of the httprequest. I think like this (my asp.net is a bit rusty)

Request.Form[txtBoxSrc.UniqueID]

This plus other techniques (using the previouspage property) are documented here: http://msdn.microsoft.com/en-us/library/6c3yckfw(VS.80).aspx. It seems all you need to do is:

if (Page.PreviousPage != null)
{
    TextBox SourceTextBox = 
        (TextBox)Page.PreviousPage.FindControl("TextBox1");
    if (SourceTextBox != null)
    {
       return SourceTextBox.Text;
    }
}

Updated: Thanks to Jason Kealey for pointing out I needed to use UniqueID.

Tony Lee  2008-10-30 23:23:57
I'm guessing the ID will be more complex as it probably is included in user controls, etc.
Jason Kealey  2008-10-31 15:10:17
Right! You'll have to get the id from the control
Tony Lee  2008-10-31 16:44:15

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps