I've installed a Free TextBox editor to allow clients to do a write up about themselves and style it with HTML. Been reading about cross site script attacks (XSS) and want to make sure I'm correctly uploading the data collected with the Server.encode method.
Is this the right way to do it?:
[code]....
I've been tryin to find an example of the syntax for getting an html 'title' for a string when using Html.Encode(). I want to display the full name in the mouseover title, if it's too long.
Is there a way to do this without wrapping the string in a < span >, i.e.
<span title = "<%=Html.Encode(model.Name) %>"> //displays the full name on mouseover
<%=Html.Encode(model.Name.Substring(0, 10))%>... //displays the name up to a max length
</span>
Or should I just do it this way?
I know this is an XSS risk but for my sepcific scenario am willing to accept it.
I want to use an ASP.NET label control in suh a way that I give it some HTML and it renders it as html without being encoded.
I have a listview in a User Control. It uses FreeTextBox for one of the fields.
I do not want to utilize
[Code]....
Here is my code from the listview edit item template:
[Code]....
What else can I do to not have the validate request set to false and still get beyond the error?
I have a text in the DB:<B>My new text</b> is a good text.
I want "My new text" was as Bold style. But I have original text on my site (<B>My new text</b> is a good text). How I can make text format from DB?
Code how I show data:[Code]....
I have a Gridview and I try to Iterate through the NewValues collection and HTML encode all.
I am following MSDN CODE.... using their code (posted here) I receive an error:
Collection was modified; enumeration operation may not execute.
I would like ask you a Full simple example how to implement it, so beginners like me can start use this function.
PS: I posted a similar questions here and people replied but I still do not understand it and i Would need a simple example.
[code]....
I'd like to html encode all user input on the ASP.NET MVC 2 site but default. Can this be done anywhere on model binder level?
If I disable input validation for action -- I will need to html-encode every other value. If I keep ASP.NET request validation on -- it will throw erros "A potentially dangerous Request.Form value was detected from the client"
P.S. I do use encoding when outputting data (<%: %> syntax), but I'd like to encode everything on posting it too.
A sample linq query from MSDN: var expensiveInStockProducts = from p in products where p.UnitsInStock > 0 && p.UnitPrice > 3.00M select p; Does this query select EVERY column from the database table immediately, or does it return some sort of pointer that retieves the actual column data on demand? ie. If there are 50 columns in my table and I only use a single p.UnitsInStock in my actual code, then am I retrieving 50 times more data than I expected?
View 2 RepliesI have this code in my controller:
public ActionResult Index()
{
MembershipUser currentUser = Membership.GetUser();
Guid UserId = (Guid)currentUser.ProviderUserKey;
using (var db = new MatchGamingEntities())
{
var MyAccount = from m in db.Accounts..........
I want to be able to do a join query between my two tables Accounts and BankTransactions. This is a one to many relationship, there can be multiple BankTransactions per Account. I want to query this and display the account information including all the bank statements that are associated with it. I did a join in order to get it, but I am having trouble handling the model. I keep getting this error:
LINQ to Entities does not recognize the method 'System.Collections.Generic.List1[MatchGaming.Models.BankTransaction] ToList[BankTransaction](System.Collections.Generic.IEnumerable1[MatchGaming.Models.BankTransaction])' method, and this method cannot be translated into a store expression.
I am trying to delete record from table with proper mapping from linq to sql.There is an error stating that Rmove method not found and are u missing an assembly reference.
AdventureWorks db = new AdventureWorks("Integrated Security=sspi");
var query = from con in db.Contact
where con.LastName == "Klein"
select con;
foreach (Contact del in query)
{
db.Contact.Remove(del);//???Remove not working
}
db.SubmitChanges();
textBox1.Text = "Contact deleted.";
I'm working on this big project in MVC ASP.NET w VB.NETOne of my views is getting me headaches since a few and i'm not sure what's up.I've used the Begin.Form and Html.Encode methods alot in my other views and i never had any problems. Now this new Create.aspx view for one of my object called Automation is giving me multiple build errors such as those cited in the title plus
Error 184 'Context' is not a member of
'ASP.views_automatisation_create_aspx'.
BeginForm is not a member of 'Html'
Encode is not a member of HTML
My header is as follow (just like all of my other working views headers) :
\
<%@ Page Title="" Language="VB" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage(Of XXXXX_XXXXX.Automatisation)" %>
I got the following query to group the table. I am wondering how to add a subtotal record with anonymous type.
string prevOriginator = string.Empty;
var oOriginator = (from I in dtIssue.AsEnumerable()
group I by new {RaisedBy = I.Field<string>("RaisedBy"), ItemType = I.Field<string>("ItemType")} into grp
[code]...
How I can write following SQL query using LINQ. There is no default constraint define for the ID column so we have explicitly pass the NEWID().
I want to replicate the products of a company to another company.
Insert Into Products Select NEWID() AS ProductID, ProductName, CompanyID = @DestinationID, ProductCategoryID From Products Where CompanyID = @SourceID
Also once I get these result how can I use InsertAllOnSubmit to insert all the records at once without looping it.
i have a Tag Table TagId TagName
Post Table PostId PostName
TagPost Table TagId PostId
How can i do a many to many insert into database in one transaction?
I have a number of tables that together make up a "Test" that somebody can take. There are multiple types (scripts) of Test a person can take. I'm working on an Edit function that will allow somebody to edit the Test Questions. I want these edited questions to show up on all new Tests of that type, but still show the old questions when viewing past test scores.
To do this each "Test" has a TestId auto-increment identity (along with its name). When a test is edited I want to make a copy of the test with a new TestId and present the questions for editing.
So what is the best way to make the copy and insert it into my table using LINQ to SQL? This:
DataContext db = new DataContext(ConnectionString);
//Copy old test into identical new test but with a different script ID
var oldScript = db.TestScripts.Single(ds => ds.TestScriptId == oldScriptID);
var newScript = oldScript;
db.TestScripts.InsertOnSubmit(newScript);
db.SubmitChanges();
of course tells me that I Cannot add an entity that already exists.
Is the only way to do this to go through every column in the TestScript and copy it manually, then insert it, and the database will give it a new Id?
deleted old code
View 3 RepliesI have a view on my database and I am trying to add a new record using the AddTo method but it is not working. I noticed that LinqToEntities is creating the insert statement like this
Insert into (select field1, field2 from my_view) (field1, field2) values (value1, value2)
Is it possible to make LinqToEntities create the insert statement like the one below ?
Insert into my_view (field1, field2) values (value1, value2)
I worked with LINQ to SQL to insert and delete the data,but i want to use LINQ TO ENTITY to insert the data but i know LINQ to ENTITY is used for querying the database.I have searched the code for inserting records but i dint get any.
View 7 RepliesHow can I retrieve the row ID immediately as I insert a new record with LINQ? I need to refer back to it to update the row since it will be the only unique data in this particular table ( it's the primary key and the ID number is auto generated)
View 3 RepliesI am using Linq-To-Sql to add people to a one-to-one table. Sometimes I get a error "Violation of PRIMARY KEY constraint" when the person is already added. Can anyone give me instruction on how to handel the exception.
[Code]....
Let's say I have a dataset in an ASP.NET website (.NET 3.5) with 5 tables, each has roughly 30,000 rows and an average of 12 columns. I want to insert all of the data from the dataset into 5 very-similar-but-not-quite-identical tables in SQL Server 2008. I also want to use LINQ (personal preference - trying to learn something new).
Is it as simple as iterating through the dataset and, for each row, creating a new instance of the associated class, initializing its data with the dataset's row, adding it to the data model, and then doing one giant SubmitChanges at the end?
Are there better ways of doing this with LINQ? Or is this the de-facto standard?
I am trying to insert the data via linq to sql concept. i wrote down the code like this. here customers is the table name in which i want to insert the data. How to achieve it? following code is not working. How to insert the data via this concept.
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As EventArgs) Handles Button1.Click
Dim context As New linq_to_sql_classesDataContext
Dim custid As New Customer
custid.CustomerID = Trim(txt_custid.Text)
[Code]....
I am trying to do an update and if no selection has been made in a dropdownlist (integer) or date field I would like to insert a dbnull value. But I am new to Linq to Sql and wonder if this is possible and if so how to process. I have the following code but the DBNull.Value is giving me an error.
Dim context As New SondageDataContext()
Dim repondant = (From r In context.Repondants Where r.RefRepondant = iRefRepondant Select r).Single
repondant.Prenom = strPrenom
repondant.Nom = strNom
'dates
If dtAdhesion > Date.MinValue Then
repondant.DateAdhesion = dtAdhesion
else
repondant.DateAdhesion = DBNull.Value
End If
'Integer for dropdownmenu
If iOccupation <> -1 Then
repondant.RefOccupation = iOccupation
Else
repondant.RefOccupation = DBNull.Value
End If
context.SubmitChanges()
how to insert record in sql server database by using linq?
still i m using MVC 3.0 send me full detail example for insert record using Linq
I use the following code to insert recode to a sql 2008 table, the field ID of DBProgram is IDENTITY, so SQL 2008 SERVER will pass a value to it automatically. How can I get the ID value of the record I just insert ?
DBProgram dbProgram = new DBProgram();
db.DBPrograms.InsertOnSubmit(dbProgram);
db.SubmitChanges();