Friday, March 16, 2012

passing a very long string to another page - javascript

I have a search page with an export to excel button. The button runs some javascript that opens a new window. This button does not post back to the server.

When someone searches the page, I build the sql query string. Then I set the buttons onClick method to pass this sql to javascript, and then to the new window (using url parameters). i.g.:

function exportToExcel(sqlQuery)
{
var newWindow = window.open("ExportToExcel.aspx?sqlQuery=" + sqlQuery , "test","width=800,height=600,resizable, scrollbars,menubar=yes");

newWindow.focus();
return false;
}

btnExportToExcel.Attributes.Add("onClick", "exportToExcel(""" & Server.UrlEncode(strExportToExcelQuery) & """); return false;")

My problem is that my sql string has become too long to be passed as a URL paramenter. Does anyone have a solution as to how I can do this?I would highly discourrage you from putting a sql query in your querystring. Querystrings are passed in plain text and you ARE (I can't stress this enough) open to SQL Injection attacks.
I thought about that, but this is an internal system only so I dont think it will be a problem. If you have any better ways of passing the string, I am open to suggestions.

The problem is that I need to open a new window for the excel file. This means that I need to do this in javascript. But how else can I pass the query to the next page then?

You can see my problem :-(
With an internal system, you are a little safer (never know about some employees these days) but I would still try and avoid it.

What if instead of client side you posted back say with a link button. On the postback you register a startup script and open a new window that way. You could put the sql statement into session or store it in a db and retrieve it, then execute it. With the db example you would only be passing a key value to the new page.
You can do this:

put the strExportToExcelQuery into an hidden field and also create a hidden field in the popup page..

then when the popup page gets opened (onload js event) for the first time you could do something like:

document.formName.txtMyPopupHiddenField.value =window.opener.formName.txtMyHiddenField.value;
document.formName.submit()

in the server code check if the hidden field has a value, if so, then now do whatever u are supposed to do. Caveats?, the popup will open the first time and then re-post to perform the action -- yucks
Great idea ccalderon. Cannot believe I didnt think of it. I'll try it today and let you know.

Jagdip

0 comments:

Post a Comment