Handling ASP postbacks from Javascript Widget

views:

191

answers:

Handling ASP postbacks from Javascript Widget

I am trying to make a small, data-driven widget that is populated with data from a database on the fly. I can load it initially just fine, but when the index of an ASP DropDownMenu is changed, the widget returns a 404.

This could be a symptom of how I am using the Javascript, or how I am using the ASP. I honestly don't know for sure.

Javascript: http://pastebin.com/f127d6b84
ASP: http://pastebin.com/f38c73708
VB.NET codebehind: http://pastebin.com/f7881a903

+1 A:

If the postback is returning 404, I'd look at the url that you're sending the postback to.

http://webwidgetstest.reeceandnichols.com/rDeskWidgetMLSt.aspx?agentname=jendene

Gavin Miller 2008-12-03 16:56:41

It's the same url that I'm sending the initial request to, and the initial request works. I apologize, but could I ask you to be more verbose? I don't understand.Also, the Request here is supposed to be sanitized by the page this will be used on. (that is what i've been told anyway)

2008-12-03 17:26:47

Also your widget has some security issues going on, namely SQL Injection.

Dim SelectString As String = "select ListingNumber, ListingSearchHitCount, ListingDetailHitCount, VirtualTourHitCount from FNIS.dbo.ListingHitCountCurrent, RAN.dbo.Heartland_Residential where Heartland_Residential.LIST_AGENT_1_ID = '" & Request("agentname") & "' and Heartland_Residential.MLS_Number = FNIS.dbo.ListingHitCountCurrent.ListingNumber and Heartland_Residential.Status = 'A'"

This inline SQL statement is not parameterizing the Request("agentname") field.

Gavin Miller 2008-12-03 16:59:38

This is supposed to be santizied anyway, but you're right that I shouldn't really rely on others for that. I went ahead and used a regular expression to sanitize the data. Anything not alphanumeric is stripped now.

2008-12-03 17:30:05

ansaurus

tags:

views:

answers:

Handling ASP postbacks from Javascript Widget

related questions