views:

36

answers:

2

Hello,

I get the feeling I am still using asp type scripting techniques in the script below instead of proper asp.net scripting...

If this is true, how do I do the below the proper .net way?

<%@ Page Language="VB" %>

<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Text" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <title></title>
    <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />

    <script runat="server">
        Dim objSQLConnection As SqlConnection
        Dim objSQLCommand As SqlCommand
        Dim objSQLDataReader As SqlDataReader
        Dim sbWidget As StringBuilder

        Dim strUser As String

        Function getWidgets() As String
            Dim strUserInitials() As String = Request.ServerVariables("LOGON_USER").Split(CChar("\"))
            strUser = LCase(Trim(strUserInitials(strUserInitials.GetUpperBound(0)))).ToString()

            sbWidget = New StringBuilder()

            objSQLConnection = New SqlConnection(System.Configuration.ConfigurationManager.AppSettings("connString"))

            For intColumn As Integer = 0 To 2
                objSQLCommand = New SqlCommand("select w.widget_id, w.widget_data " & _
                "from widgets w " & _
                "inner join widget_layout wy on w.widget_id = wy.widget_id " & _
                "where wy.column_id = " & intColumn & " " & _
                "and wy.user = '" & strUser & "' " & _
                "and w.inactive = 0", objSQLConnection)

                sbWidget.Append("<div class=""divWidgetColumn"" id=""divWidgetColumn_")
                sbWidget.Append(intColumn)
                sbWidget.Append(""">" & Environment.NewLine & vbTab & vbTab)

                objSQLCommand.Connection.Open()
                objSQLDataReader = objSQLCommand.ExecuteReader()

                While objSQLDataReader.Read()
                    sbWidget.Append("<div class=""divWidget"" id=""divWidget_")
                    sbWidget.Append(objSQLDataReader("widget_id"))
                    sbWidget.Append(""">" & Environment.NewLine)

                    sbWidget.Append("<div class=""divWidgetHeader"" id=""divWidgetHeader_")
                    sbWidget.Append(objSQLDataReader("widget_id"))
                    sbWidget.Append(""">")
                    sbWidget.Append("header goes here")
                    sbWidget.Append("</div>" & Environment.NewLine)

                    sbWidget.Append("<div class=""divWidgetSubHeader"" id=""divWidgetSubHeader_")
                    sbWidget.Append(objSQLDataReader("widget_id"))
                    sbWidget.Append(""">")
                    sbWidget.Append("sub header goes here")
                    sbWidget.Append("</div>" & Environment.NewLine)

                    sbWidget.Append("<div class=""divWidgetContent"" id=""divWidgetContent_")
                    sbWidget.Append(objSQLDataReader("widget_id"))
                    sbWidget.Append(""">")
                    sbWidget.Append("content goes here")
                    sbWidget.Append("</div>" & Environment.NewLine)

                    sbWidget.Append("<div class=""divWidgetFooter"" id=""divWidgetFooter_")
                    sbWidget.Append(objSQLDataReader("widget_id"))
                    sbWidget.Append(""">")
                    sbWidget.Append("footer goes here")
                    sbWidget.Append("</div>" & Environment.NewLine)

                    sbWidget.Append("</div>" & Environment.NewLine)
                End While

                sbWidget.Append("</div>" & Environment.NewLine)

                objSQLDataReader.Close()
                objSQLCommand.Connection.Close()
            Next intColumn

            Return sbWidget.ToString
        End Function
    </script>
    </head>

    <body>
        <div class="divWidgets">
            <%=getWidgets()%>
        </div>
    </body>
</html>
+1  A: 

There is no one "proper" way. However , if you want to make a clean break from ASP classic and ASP.NET tag soup, I suggest you investigate ASP.NET MVC. For an example of really clean presentation layer code, check out the Razor and Spark view engines.

RedFilter
+1 for ASP.NET MVC - (or any MVC pattern)
scunliffe
A: 
  • As suggested by RedFilter, move to asp.net mvc. It has a lot less resistance than web forms, and a lot clearer guidance on moving that code out of the view.
  • Read about SQL Injection. Use .Parameters, entity framework, linq, nhibernate, or whatever, but stop concatenating user sql parameters like that.
eglasius