0

I had used the SqlDataSource to retrieve data from database to gridview.

<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:HRMS_DBConnectionString1 %>"
        DeleteCommand="DELETE FROM [tblEmployeeDetail] WHERE [EmpId] = @EmpId" InsertCommand="INSERT INTO [tblEmployeeDetail] ([EmpId], [Name], [UserName], [Password], [Gender], [Age], [Address], [IdentityCardNo], [Race], [Position], [Section], [Department], [JoinDate], [ResignDate], [HodId], [Email]) VALUES (@EmpId, @Name, @UserName, @Password, @Gender, @Age, @Address, @IdentityCardNo, @Race, @Position, @Section, @Department, @JoinDate, @ResignDate, @HodId, @Email)"
        ProviderName="<%$ ConnectionStrings:HRMS_DBConnectionString1.ProviderName %>"
        SelectCommand="SELECT [EmpId], [Name], [UserName], [Password], [Gender], [Age], [Address], [IdentityCardNo], [Race], [Position], [Section], [Department], [JoinDate], [ResignDate], [HodId], [Email] FROM [tblEmployeeDetail] WHERE ([Name] IS NULL)"

For security purpose is there any ways so I can hide this coding. It obviously showing the table name and its entities all. I wish to use this function as its easier to manage data in gridview with direct auto edit and delete function but at sametime the presentation layer suppose not reveal the database content in coding. Is there anyway?

4
  • 1
    Hide it from whom? These controls don't render to the client (unless your server is mis-configured and not actually processing the ASP.NET code). Commented Dec 13, 2011 at 18:40
  • "the presentation layer suppose not reveal the database content in coding" - you don't have a presentation layer in this monolithic architecture. You can only keep database-specific stuff out of the presentation layer if you have another layer to put it into. Commented Dec 13, 2011 at 18:47
  • Let say a mistakes has been happened and the code cant find the specific entity from database. Isn't later will comes out an error message at aspx stating obviously that this entity from this table cud not be found, appearing in client side.. Commented Dec 13, 2011 at 18:51
  • @Memoc Properly handle errors? Sounds like a classic XY question to me. Commented Dec 13, 2011 at 18:53

2 Answers 2

1

Are you under the impression that your code example will be present in the HTML and publicly view-able? It will not be. The SQLDataSource is compiled and generates data that is inserted into the various HTML elements before the page is ever served to the client.

http://msdn.microsoft.com/en-us/library/ms178472.aspx#lifecycle_events

Sign up to request clarification or add additional context in comments.

Comments

0

You can set those properties in the .cs file if that's what you wish. But maybe that's not deep enough for you, i.e. that is still the presentation layer?

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.