Using a line of code from codebehind in actual HTML page

Question

I have a database connection which takes an input from the querystring to access the appropriate data. However i have now upgraded things by encoding this data. As a result i now need to run the QueryString value through a function to unencode it.

At present i have this code for the DataSource:

<asp:SqlDataSource ID="SqlDataSource1" runat="server" 
                    ConnectionString="<%$ ConnectionStrings:spareathoughtConnectionString %>" 
                    SelectCommand="campaign_Statistics" SelectCommandType="StoredProcedure">
                    <SelectParameters>
                        <asp:QueryStringParameter DefaultValue="0" Name="tmp_Campaign" 
                            QueryStringField="camp" Type="Int64" />
                    </SelectParameters>
                </asp:SqlDataSource>

The QueryString value is 'camp'.

In my code behind i would process this value via the following code;

Convert.ToInt64(HttpUtility.UrlDecode(TamperProofQueryString.decode(Request.QueryString["camp"])))

So, how can incorporate the above line of code into the datasource? ie i need to effectively replace 'camp' with 'Convert.ToInt64(HttpUtility.UrlDecode(TamperProofQueryString.decode(Request.QueryString["camp"])))'

I hope this makes sense?

Thanks

Answer 1

Change it to a plain <asp:Parameter rather than a <asp:QueryStringParameter. Then handle the OnSelecting event for the datasource. You should be able to set the parameter value for the SqlCommand in your code-behind there.

In the aspx markup:

<asp:SqlDataSource ID="SqlDataSource1" runat="server" 
                ConnectionString="<%$ ConnectionStrings:spareathoughtConnectionString %>" 
                SelectCommand="campaign_Statistics" SelectCommandType="StoredProcedure"
                OnSelecting="SqlDataSource1_Selecting">
    <SelectParameters>
        <asp:Parameter DefaultValue="0" Name="tmp_Campaign" Type="Int64" />
    </SelectParameters>
</asp:SqlDataSource>

In the code-behind:

protected void SqlDataSource1_Selecting(object sender, SqlDataSourceSelectingEventArgs e)
{
    e.Command.Parameters["@tmp_Campaign"].Value = Convert.ToInt64(TamperProofQueryString.decode(HttpUtility.UrlDecode(Request.QueryString["camp"])));
}

Also, looking at that, shouldn't you UrlDecode before the TamperProof decode?

Answer 2

If you want to do all of it without a codebehind, you could do something like:

<asp:SqlDataSource 
    ID="SqlDataSource1" runat="server" 
    ConnectionString="<%$ ConnectionStrings:spareathoughtConnectionString %>" 
    SelectCommand="campaign_Statistics" SelectCommandType="StoredProcedure">
</asp:SqlDataSource>
<%
    SqlDataSource1.SelectParameters.Add(
      "tmp_Campaign", 
      Convert.ToString(HttpUtility.UrlDecode(TamperProofQueryString.decode(Request.QueryString["camp"]))));
%>