Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How Do I Hide an ADO Database Connection String from the Client?

Posted on 2006-07-11
4
Medium Priority
?
274 Views
Last Modified: 2008-03-17
Hello,

I have inherited webmaster duties  and am trying to make a page that allows users to select search criteria from a series of dropdowns on a web page and then click a "submit" button to retrieve a list of matching documents.  The code behind the "submit" button builds a query against our SQL Server database and returns the results in an HTML table.  The "old" page hid the database connection string by putting it in an ASP include file.  Since that code ran on the server, it isn't available to my JavaScript routines.  My company requires that the connect string be hidden.  I'm very limited in the tools I can use to do this job so I don't have the flexibility to just pitch evrything and use the ideal language/database.  In addition, everything is "done" except for hiding the string and the deadline is pretty close so there isn't time for massive re-development.  Most of the solutions I've seen on various web sites are of the "you should have used X" variety and these are not at all helpful.  So, does some JavaScript guru know how to do this?

Thanks!
0
Comment
Question by:gandalf97
  • 2
4 Comments
 
LVL 2

Expert Comment

by:almes
ID: 17081857
I'm sorry but I don't understand how the connection string to the database appears in your javascript code. You don't connect from the client to the database directly, aren't you?? You have to do this on the server side!! If so, the clients won't see it.

Please paste your code to clear this out...
0
 
LVL 9

Accepted Solution

by:
jmanGJHS97 earned 2000 total points
ID: 17082902
So, you are building a SQL string on the client side and the getting data from the database?  Is that correct?

You can get the data using AJAX.  Here's an example.

var http_request = false;
var contentDetailList = new Array();
var arrResults = new Array();
var url = '';

function makeDBRequest(strArg1, strArg2)
{
  http_request = null;
  http_request = false;
  if (window.XMLHttpRequest) // Mozilla, Safari,...
  {
    http_request = new XMLHttpRequest();
    if (http_request.overrideMimeType)
    {
      http_request.overrideMimeType('text/xml');
      // See note below about this line
    }
  }
  else if(window.ActiveXObject) // IE
  {
    try
    {
      http_request = new ActiveXObject("Msxml2.XMLHTTP");
    }
    catch (e)
    {
      try
      {
        http_request = new ActiveXObject("Microsoft.XMLHTTP");
      }
      catch (e)
      {
      }
    }
  }

  if (!http_request)
  {
    alert('Giving up ... Cannot create an XMLHTTP instance');
    return false;
  }

  url = 'GetDataFromDB.asp?arg1=' + strArg1 + '&arg2=' + strArg2;
 
  http_request.onreadystatechange = alertResults;
  http_request.open('GET', url, true);
  http_request.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");
  http_request.send(null);
}

function alertBalanceTransactions()
{
  if (http_request.readyState == 4)
  {
    if (http_request.status == 200)
    {
      buildHTMLForm(http_request.responseText);
    }
    else
    {
      document.getElementById('TempSpan').innerHTML = "There was a problem with the request.";
    }
  }
}

function buildHTMLForm(strData)
{
  var arrData = '';
  var arrRow = '';
 
  if (strData.length > 0)
  {
    arrData = strData.split('~');
       
    for (var i = 0; i < arrData.length; i++)
    {
      arrRow = arrData[i].split('|');
    }
  }
}

Basically, you would need to modify the makeDBRequest function to pass in the values you need in order to build your query.  Then, you append those to the url in the form of a querystring.  Then, your ASP page can request them out of the querystring and do what it does.  Once you get the data out of the database, built it into a "~" and "|" delimited string.  I use "|" to separate elements in a single row and "~" to separate rows from each other.  Then, once your data is built into a string, you just response.write the string from the ASP page, and the AJAX will catch the response, which you can split into an array and go nuts with the data.  So, you basically call makeDBRequest from your onClick of your button, or however else you want to fire the db query.

jmanGJHS97
0
 
LVL 2

Author Comment

by:gandalf97
ID: 17423027
Hello...

I'm sorry this took me so long to get back to this question.  Now that I am learning AJAX, I can see that this would be a much neater solution than the one I implemented.  Thanks for the answer.

Gandalf
0
 
LVL 9

Expert Comment

by:jmanGJHS97
ID: 17431002
No problem.  Glad you got it working.

jmanGJHS97
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my daily work (mainly using ASP.net), I need to write a lot of JavaScript code. One of the most repetitive tasks I do are the jQuery Ajax calls. You know: (CODE) I don't know if for you it's the same, but for me is soooo tedious to write the …
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…
Suggested Courses

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question