I have written a tiered application for a mate of mine to store and manage his massive CD collection. When I save the Album name I HTMLEnchode the input. I then use a drop down list on another page that pulls back all the Albums liked to a Specific artist but when i get the data back from my Object data source the data is still enchoded. At what point do i need to decode the data? Is it right at the begining in the DAL or in the actual drop down list.
I have a text area and I want to store the text entered by user in database with html formatting like paragraph break, numbered list. I am using HTMLencode and HTMLdecode for this.Sample of my code is like this:
If user entered text with 2 paragraphs, str1 shows characters between paragraphs. but when it writes it to screen, just append 2nd paragraph with 1st. While I'm decoding it, why doesn't it print 2 paragraphs?
Trying to protect against XSS on a CMS I'm working and I therefore encode all necessary client input but on retrieval from DB, I'm getting all these funny HTML characters displayed on the HTML Page as a result of the encoding.
I'm considering appending a decode on retrieval but I'm wondering what the point of the inital encoding is if I decode eventually.
Please how do I effectively mitigate the XSS issue using the encode/decode avenue.
I have this string test = HttpUtility.HtmlDecode("http://test.com/Folder1/Folder2/my%20view.aspx");When I look into test it still has %20 instead of a space. Why is it not decoding this?
I have a url which I wish to encode that contains a couple of encrypted querystring parameters:
[URL]
I've been asked by a client I'm working with to html encode this url. I've used HttpUtility.HtmlEncode() to do this. This returned the following:
[URL]
This appears to be correct as the '&' has been replaced with '&'. However a problem arises when I try to use HttpUtility.HtmlDecode() on this new value as I get the following returned:
[URL]
What appears to have occurred is the '&' has had the 'amp' removed and the ';' has been html encoded (I checked the value of '%3b' and it corresponds with the html encoded value of a semi-colon). I'm not sure why this is happening?
I realise I could manually do a .Replace("%3b", "") as a temporary fix but I can't see this being a good long-term solution.
I have a list of character that display fine in WebBrowser in the form of encoded characters such as € � ... But when posting these characters onto server to I realized that HttpUtility.HtmlDecode cannot convert them to characters as browser did, they all become space.
text = System.Web.HttpUtility.HtmlDecode("€");
I expect it to return € but it return space instead. The same thing happen for some other characters as well.
This stems from a recent similiar issue: I have since add edit capabilities.My access db is made up of imported records from recipes. In the memo fields are paragraphs users have typed replete with ingredients listed in succession (1 per line) then a normal paragraph follows. When in editmode(multi line textbox), suddenly in each line ends with <br>. How to fix this? I want to preserve the line breaks od course.
As the title of this post already mentioned, I'm using a modal popup window to edit rows in the gridview. One column in the gridview contains an URL code. When I fire the edit button a popup opens and show the URL in a textbox in this format: [URL]
When I am using the Server.HTMLDecode function, the modal popup doesn't close anymore.
I am using the following code:
[Code]....
The funny thing is, when I change it to: txtURL.Text = row.Cells[3].Text; then I can close the modal popup, but unfortunately it is not decoded.
i have problem white Object datasource. i have a multi-tier Application that include common layer ,DAL Layer,business logic and persantation layerwhen i add a object datasource to my page, it bring me only common layer classes . but i want use bisuiness layer classes what do i do ?
I am storing a custom "Organisation" object as a session variable. One of the properties of the Organisation object is "OrganisationID" (integer). I have a DataSource that requires a parameter value to run, and I want to use a SessionParameter to populate this. In a previous version, I stored the OrganisationID directly as a session variable. In that case, I could easily access it like this:
[Code]....
However, how do I now access the OrganisationID property of an "Organisation" type session variable (called "Organisation")? I have tried this, which does not seem to work: <asp:SessionParameter Name="OrganisationID" SessionField="Organisation.OrganisationID" Type="Int32" />
This is the first time I have been working on databases and I am trying to insert data using an object datasource but no data is being inserted and no exception is thrown. I'm not sure where I am going to wrong. I am putting user data into session variables and inserting the session variables into the dataacess class layer and have a try and exception but nothing being thrown. Any help would be really appreciated because I don't know even where to start looking with this or how I can get the error to be thrown. Please see some of my code below to give an idea of what I am doing
Object Access Class public void InsertCarPolicyHolder(PolicyHolderClass ph, CarInsuranceOptions options) {
I have a Public Sub listed in a class file that I am using to store Select, Update,etc...methods for an Object Datasource. When I attempt to configure the datasource, the Class appears as a business object, but the sub within the class is not available for method selection. (It does not appear in drop down list in wizard.)
The sub exists, so where is a good place for me to start looking for a fix? I have part of the class file listed below:
Traditionally with an Object Data Source, the wired up class will have its public properties available for binding (i.e. Gridview columns, etc.) which works well. But what if one of my wired up business objects has a property that is an object itself; can I drill down to a property on that object property and still use it?
So in additiona to the traditional:MyBusniessObject.OrderID...I want to use:MyBusniessObject.Customer.NameID Your 1st response might be to just wire up the 'Customer' class, but I need properties both on 'MyBusinessObject'and 'Customer'. I do not think this can be done, as the ODS will not display properties on an object instance property. I have tried manually typing in the drilled down value as well, but that wasn't a success either.
I'm getting the old "Object reference not set to an instance of an object" error on this code:
nonqueryCommand.Parameters.Add("@comment", SqlDbType.VarChar, 500) nonqueryCommand.Parameters("@comment").Value = CType(FormView1.Row.FindControl("CommentsLabel"), TextBox).Text "CommentsLabel" is a textbox, despite it's name (and I've tried the CTYPE ot Label too).
have an object datasource that calls a web method to retrieve a set of data. That web service resides on another remote server with Windows Authentication enforced. How do I pass in the credentials required for the authentication from my web application? My code is as follows:
I am developing on application in that i have taken one list box and getting data to it using an object source.up to this stage it is fine.I need to compare these value what i get into list box and need to represent data in to a report viewer ..how to get these values from objectsource.i m new to c# i placing the code.
I am trying to get an asp:SessionParameter of a SelectParameters, to use a property of an object in session instead of having a string in the session like Session["CustomerID"]
Something like Session["Customer"] where the property is ((Customer) Session["Customer"]).CustomerID)
My code:
<asp:sqldatasource id="SqlDataSource1" runat="server" connectionstring="<%$ ConnectionStrings:DBConnectionString %>" xmlns:asp="#unknown"> SelectCommand="SELECT * FROM getStoreCustomers (@customerID,@week,@day)" ProviderName="System.Data.SqlClient"> <selectparameters> <asp:sessionparameter name="customerID" sessionfield="Customer" /> ?????? (what is the syntax to pass the property here?) <asp:controlparameter controlid="ddWeek" defaultvalue="-1" name="week" propertyname="SelectedValue" /> <asp:controlparameter controlid="ddDay" defaultvalue="-1" name="day" propertyname="SelectedValue" /> </selectparameters>
The class I use is like any other class (but serializable)
[Serializable] public class Customer { public int CustomerID { get; set; } }
