Some small VB Organization questions

[SapAuthor]

Hello all,

I'm working on a calendar app for the place I work, I'm using VB.Net. To be honest, I've worked with the .Net platform for programs (non web), and worked with web based langauges like PHP, but I have not used the .Net platform for web based sites yet.

I'm struggling trying to find where the application based coding practices end and web based practices start.

Right now the problem i'm running into is I have a nice SQL management class to handle queries. When someone types in the username, and hits "next" it queries and finds their security question and answer. They type in their answer and hit "Reset Password" to reset the password, where in it checks to see if the password typed matches.

Do i have to re-create my SQL management class, or is there a way to make a global variable that stays through posts? Or is the only way to save information is through things like hidden fields and session variables? And can whole classes be saved or only static data.

Any insight would be a great help, I'm trying to make my code as OO as possible, and reduce repetitive code. I appreciate it.

Imports sqlInterface ' Imports the SQL interface class
Imports System.Collections
Imports System.Data
Partial Class retrieve_password
    Inherits System.Web.UI.Page


    Private sqlCon As sqlInterface  'Global Interface Connection
    Private dr As DataRow           'Data row containing username, security question and answer

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        tblSecurity.Visible = False
        sqlCon = New sqlInterface() 'Generates new sqlInterface to query to
    End Sub



    Protected Sub btnNext_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnNext.Click
        ' Get information based on field
        Dim givenUsername As String = tbxUsername.Text
        Dim str As String = "SELECT users.userName, securityQuestion.securityQuestion, securityQuestion.answer FROM users INNER JOIN securityQuestion ON users.ID = securityQuestion.userID WHERE users.Username = '" + givenUsername + "'"
        Dim myTable As DataTable = sqlCon.getDataTable(str)

        If myTable.Rows.Count = 1 Then
            ' There is a valid username found
            Dim dr As DataRow
            ' Gets the Row from the Table (0) and Row(0) (first table, first row)
            dr = myTable.Rows(0)
            lblSecurityQuestion.Text = dr(1).ToString 'Gets the 2nd Column (Security Question)
            tblUsername.Visible = False
            tblSecurity.Visible = True
        ElseIf myTable.Rows.Count > 1 Then ' This should never happen
            lblError.Text = "ERROR: Multiple Username Match.  Contact Administrator!"
        Else
            lblError.Text = "No matching username found.  Please try again."
        End If
    End Sub

    Protected Sub btnEmailPassword_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnEmailPassword.Click
        Dim givenAnswer As String = tbxAnswer.Text
        If dr(2).ToString = givenAnswer Then
            lblError.Text = "Password reset to <b>password1</b>.  <a href='default.aspx'>Login</a> and then change your password."
            tblSecurity.Visible = False
        Else
            lblError.Text = "Incorrect!"
        End If
    End Sub
End Class

 

[jmcilhinney]

Each time the user sends a request to the server, it's like starting a new instance of your app. As such, all data needed by the app has to either be passed in (i.e. Hidden fields) or else stored in a common location (i.e. Session variables). A session variable can store any .NET object while a hidden field can store anything that can be serialised to a string.