Solved

How Do I Hide an ADO Database Connection String from the Client?

Posted on 2006-07-11
4
236 Views
Last Modified: 2008-03-17
Hello,

I have inherited webmaster duties  and am trying to make a page that allows users to select search criteria from a series of dropdowns on a web page and then click a "submit" button to retrieve a list of matching documents.  The code behind the "submit" button builds a query against our SQL Server database and returns the results in an HTML table.  The "old" page hid the database connection string by putting it in an ASP include file.  Since that code ran on the server, it isn't available to my JavaScript routines.  My company requires that the connect string be hidden.  I'm very limited in the tools I can use to do this job so I don't have the flexibility to just pitch evrything and use the ideal language/database.  In addition, everything is "done" except for hiding the string and the deadline is pretty close so there isn't time for massive re-development.  Most of the solutions I've seen on various web sites are of the "you should have used X" variety and these are not at all helpful.  So, does some JavaScript guru know how to do this?

Thanks!
0
Comment
Question by:gandalf97
  • 2
4 Comments
 
LVL 2

Expert Comment

by:almes
ID: 17081857
I'm sorry but I don't understand how the connection string to the database appears in your javascript code. You don't connect from the client to the database directly, aren't you?? You have to do this on the server side!! If so, the clients won't see it.

Please paste your code to clear this out...
0
 
LVL 9

Accepted Solution

by:
jmanGJHS97 earned 500 total points
ID: 17082902
So, you are building a SQL string on the client side and the getting data from the database?  Is that correct?

You can get the data using AJAX.  Here's an example.

var http_request = false;
var contentDetailList = new Array();
var arrResults = new Array();
var url = '';

function makeDBRequest(strArg1, strArg2)
{
  http_request = null;
  http_request = false;
  if (window.XMLHttpRequest) // Mozilla, Safari,...
  {
    http_request = new XMLHttpRequest();
    if (http_request.overrideMimeType)
    {
      http_request.overrideMimeType('text/xml');
      // See note below about this line
    }
  }
  else if(window.ActiveXObject) // IE
  {
    try
    {
      http_request = new ActiveXObject("Msxml2.XMLHTTP");
    }
    catch (e)
    {
      try
      {
        http_request = new ActiveXObject("Microsoft.XMLHTTP");
      }
      catch (e)
      {
      }
    }
  }

  if (!http_request)
  {
    alert('Giving up ... Cannot create an XMLHTTP instance');
    return false;
  }

  url = 'GetDataFromDB.asp?arg1=' + strArg1 + '&arg2=' + strArg2;
 
  http_request.onreadystatechange = alertResults;
  http_request.open('GET', url, true);
  http_request.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");
  http_request.send(null);
}

function alertBalanceTransactions()
{
  if (http_request.readyState == 4)
  {
    if (http_request.status == 200)
    {
      buildHTMLForm(http_request.responseText);
    }
    else
    {
      document.getElementById('TempSpan').innerHTML = "There was a problem with the request.";
    }
  }
}

function buildHTMLForm(strData)
{
  var arrData = '';
  var arrRow = '';
 
  if (strData.length > 0)
  {
    arrData = strData.split('~');
       
    for (var i = 0; i < arrData.length; i++)
    {
      arrRow = arrData[i].split('|');
    }
  }
}

Basically, you would need to modify the makeDBRequest function to pass in the values you need in order to build your query.  Then, you append those to the url in the form of a querystring.  Then, your ASP page can request them out of the querystring and do what it does.  Once you get the data out of the database, built it into a "~" and "|" delimited string.  I use "|" to separate elements in a single row and "~" to separate rows from each other.  Then, once your data is built into a string, you just response.write the string from the ASP page, and the AJAX will catch the response, which you can split into an array and go nuts with the data.  So, you basically call makeDBRequest from your onClick of your button, or however else you want to fire the db query.

jmanGJHS97
0
 
LVL 2

Author Comment

by:gandalf97
ID: 17423027
Hello...

I'm sorry this took me so long to get back to this question.  Now that I am learning AJAX, I can see that this would be a much neater solution than the one I implemented.  Thanks for the answer.

Gandalf
0
 
LVL 9

Expert Comment

by:jmanGJHS97
ID: 17431002
No problem.  Glad you got it working.

jmanGJHS97
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This article shows how to create and access 2-dimensional arrays in JavaScript.  It includes a tutorial in case you are just trying to "get your head wrapped around" the concept and we'll also look at some useful tips for more advanced programmers. …
When you need to keep track of a simple list of numbers or strings, the Array object is your most direct tool.  As we saw in my earlier EE Article (http://www.experts-exchange.com/A_3488.html), typical array handling might look like this: (CODE) B…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now