MVC :: Create Url Safe Names For Any String In A Database?
Dec 15, 2010
Given a string in my database like "Computer Gadget", I am trying to achieve a url format like "http://xyz.com/products/details/computer-gadget" when a user clicks a link to the item "computer gadget" from a list view.In my list view for the products, I have Action links that read like this
[Code]....
When I hover over this link on the rendered page I get a link that looks like "http://xyz.com/products/details/computer+gadget"and the correct product detail is returned after I have url.decoded the string in my Details method. However, the returned page displays a url that looks like "http://xyz.com/products/details/computer%2bgadget"How can I get the returned url to show "computer-gadget" instead?Also when a name has "&" or "/" the server throws a Http 400 error message. I know these are unsafe values, but is there a way to work around this safely to allow the strings keep these characters?
View 3 Replies
Similar Messages:
Feb 25, 2010
I need a way to create a regular expression from a string or an array of domain names. for example string array = [URL]. Once I click save I would want to create a regular expression that would match all 3 with or without '.com' extension. Then Another task would be to pull this data out of regular expression and put it back into an array.
View 5 Replies
Oct 21, 2010
I'm trying to make an existing ASP.NET web forms app more unit testable by using some of the ASP.NET MVC objects, specifically HttpContextWrapper. I've seen examples of its usage and they always create a new object. I disassembled the source with Reflector and see all it does is store the passed HttpContext. But I was curious as to whether or not it's safe to always create a new instance of HttpContextWrapper or follow the singleton pattern somehow? Below is the class I'm using in my app
public static class AppHttpContext {
public static HttpContextBase Current { get { return Getter(); } }
public static void SetContext(Func<HttpContextBase> getter) {
Getter = getter;
}
private static Func<HttpContextBase> Getter = () => new HttpContextWrapper(HttpContext.Current);
}
And I use it similar to HttpContext.Current
AppHttpContext.Current.Session["blah"] = "something";
View 1 Replies
Feb 1, 2010
I have been in the process of updating my code with security methods, and I've been learning this from [URL] (or "Security Guidelines: ASP.NET 2.0"). In the middle of the page under "When Constructing SQL Queries, Use Type Safe SQL Parameters" it says "Use type safe parameters when constructing SQL queries to avoid possible SQL injection attacks that can occur with unfiltered input". Now, what they suggested was to use code like:
"DataSet userDataset = new DataSet();
SqlDataAdapter myCommand = new SqlDataAdapter(LoginStoredProcedure", connection);
myCommand.SelectCommand.CommandType = CommandType.StoredProcedure;
myCommand.SelectCommand.Parameters.Add("@au_id", SqlDbType.VarChar, 11);........"
But, I was already using code like:
"var dataSource = (SqlDataSource)form1.FindControl("sqlDataSource5") ;
dataSource.UpdateParameters.Add("someVal", val);"
So now, to use type safe parameters, I decided to include it like:
"var dataSource = (SqlDataSource)form1.FindControl("sqlDataSource5") ;
dataSource.UpdateParameters.Add("@someVal", DbType.Int16, val);
dataSource.UpdateParameters["@someVal"].Size = 1;"
So, that would be how I would modify my current code base to use type safe parameters in sql updating/inserting.
Getting to my actual question, as it was said "Use type safe parameters when constructing SQL queries to avoid possible SQL injection attacks that can occur with unfiltered input". First off, this suggests that this should apply to unfiltered input. Also, in their example they only did this for an ID.
So, what I'd like to know, when it comes to "unfiltered input", does this mean as long as the input is unfiltered I must use type safe parameters, or even filtered input shall have this (just to be sure), like, input that has been ran through a regularexpression check? Shall I do this for all values I insert/update into the database, or just IDs and important things?
The way I see it right now is that it would be a good precaution to just do type safe checks on everything (literally) that updates/inserts into the database just to be extra safe. But, I really am unsure if this is really the best idea, because if I did, would this possibly cause overprocessing of information? Can this cause too much strain on server resources? If my fears serve true, what would be a good suggestion of how I could implement this properly without having to worry about what I said?
View 1 Replies
Aug 5, 2010
Is it possible to insert a connection string into a web.config file if it isnt there?Would this work?The connection string is for a APS.NET user login and create account database.
View 3 Replies
Aug 17, 2010
How can I replace the field names in sql query string with variables like:-
string field1="ID";
string field2="Name";
sql = "Insert into [Sheet1$] ('" + field1 + "','" + field2 + "') values('1','abc')";
I am inserting data into an Excel document which has got nearly 100 columns.
I am inserting data using OLEDB as follows:-
System.Data.OleDb.OleDbConnection MyConnection ;
System.Data.OleDb.OleDbCommand myCommand = new System.Data.OleDb.OleDbCommand();
string sql = null;
MyConnection = new System.Data.OleDb.OleDbConnection(connectionstring);
MyConnection.Open();
myCommand.Connection = MyConnection;
sql = "Insert into [Sheet1$] (ID,Name) values('1','abc')";
myCommand.CommandText = sql;
myCommand.ExecuteNonQuery();
MyConnection.Close();
I want to specify the field names at runtime as mentioned above - sql = "Insert into [Sheet1$] ('" + field1 + "','" + field2 + "') values('1','abc')"; When I try this I am getting error.
View 12 Replies
Dec 20, 2010
I'm trying to use a function in my code behind to let me select a different column each time by calling the function with a different parameter.
However, I keep being told 'invalid column name', even though in the error page the column name appears perfectly valid.
Private Function getData(ByVal s As String) As String
View 4 Replies
Feb 5, 2010
I have DropDownList displays all server present in my network I want to populate the databse names when i changed it into another dropdown I want a LINQ query to get this.
View 3 Replies
Jun 1, 2010
I have been working with this database for some time. Here is the situation...
I inherited a MS SQL database that has hundreds of tables with similar data. For instance:
FordTampa_customer is a table,
ChevyAtlanta_customer is a table, etc....
All of the columns are the same...just different tables with their own ID field. All I have done...Inside of another database id is created a table called 'Customer' and added an 'Dealer ID' column along with the rest of the other columns in the other tables...
So the combination of the 'Dealer ID' and the 'ID' field are unique.....I know...its not the best way to do things...but I cannot change the old data structure because I cannot have access to it. I am give back-ups on a weekly basis, so this is all I have to work with.
All right, on to the real point of my post...
Currently, I have an application that I use to select all of the data from the 'Ford_customers','Chevy_customers',etc... and inserts them into my new main 'Customer' table. I do this by selecting the table names, bind it to an arraylist, loop through the list and execute an insert statement.
I do this in VB.NET, but I would prefer to do it in a Stored procedure of some kind....I just am not sure how to accomplish it. I use this syntax to get my list of tables:
[Code]....
I am not sure how to take those names from the table and do another select based on that list of names.
View 1 Replies
Jul 14, 2010
I am learning asp.net web development. I have create a table with the column "username". But i don't know how to prevent the Duplicate "username".
View 5 Replies
Dec 11, 2010
We are buling a hosted ecommerce shopping cart solution and I would like to use asp.net's built-in membership provider. We dont really want to have a seperate database for each domain, we want to share the same database across mupltiple domains for different customers. Each domain is a seperate store.
My problem is that since it's a shared hosted solution people coming from different domains might use the same user name and it would show as if already existed. Is there an addional field I can use to store the domain name so basicly would be unique by username and domain name. We don't want to share information between stores.
View 7 Replies
Feb 24, 2010
Like this: select * from foo where @nameofdbcolumnprovidedbyparam = 1? Whenever I attempt this with sqldatasource or in ado I get errors such as: Syntax error converting the nvarchar value 'foo' to a column of data type int.
View 3 Replies
Jun 21, 2010
Rather than having a details button next to the database entry I would like to make a link out of the name field.basically i want the item.Name field to be the name of the link in theHtml.ActionLink(" **here*** ", "Details", new blablalba)What is the syntax to do this in asp.net
View 1 Replies
Jun 25, 2010
I have a mssql table of names. This table contains names from A thru Z. However, I want to be able to display names by their beginning alphabet...Like first Display names A thru CThen Display Names D thru F
and ..so on....and so forth....thru ZI using asp.net and have a grid view with paging enabled.....
View 2 Replies
Oct 27, 2010
I've watched the Slideshow videos and created a number of examples that run fine. The code I've attached at the bottom is the smallest one, but instead of hard coding the image locations, I would like to select the slides from either of the following statements, which return the top 5 images selected randomly from our floorplans database.
<asp:AccessDataSource id="AccessDataSource1" runat="server" DataFile="../fpdb/J3_2005.mdb" SelectCommand="SELECT TOP 5 [Elev_Pimage] FROM [PLANS_Active] ORDER BY RND(INT(NOW*[SF_Total])-NOW*[SF_Total])" />
or,
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:J3_2005Slideshow %>" ProviderName="<%$ ConnectionStrings:J3_2005Slideshow.ProviderName %>" SelectCommand="SELECT TOP 5 [Elev_Pimage] FROM [PLANS_Active] ORDER
BY RND(INT(NOW*[SF_Total])-NOW*[SF_Total])" />
<title>SlideShow</title>
View 9 Replies
May 28, 2010
[Code]....
Refer to datatable columns with database column names?
View 3 Replies
Jan 19, 2010
Here is what I am basically trying to accomplish I want to upload images to the server separated into categories and save the file path into the database. I have found plenty of documentation on saving to a file and the file path to a database. But, I haven't found anything that will allow me to seperate the images into categoies.
I have made three tables in the database
[code]....
What I am trying to do is create a gallery for our clients to browse and download different vesions of posters and ad cards.
View 15 Replies
Feb 28, 2010
We have a row of aspx code that lists employees and hours worked and total hours. The text is quite simple and uses ajax to update the entries when the user selects a control for employees or enters hours worked on a particular project.
Currently, we have "hard coded" these lines of code. It works fine, but is quite tedious to change when requested. The difference between row1 and row2 is minimal. Just some control name differences such as
dlEmployees1 and ddlNrOfHoursWorkedRow1Col1, ddlNrOfHoursWorkedRow1Col2, ddlNrOfHoursWorkedRow1Col3, ..., lblTotalHoursRow1
on one row, and then
dlEmployees2 and ddlNrOfHoursWorkedRow2Col1, ddlNrOfHoursWorkedRow2Col2, ddlNrOfHoursWorkedRow2Col3, ..., lblTotalHoursRow2
on the next row. Etc.
Our first goal is to re-write one of these lines into something like an array that can be similar to dlEmployees[j], ddlNrOfHoursWorkedRow[j]Col1 and lblTotalHoursRow[j]
so we can add and reference the different drop down boxes in the c# code.Below is the actual code for 2 lines (sorry for the long post).
==================== code follows for 2 sample lines =====================
<!-- Drop Down Lists for Employee Names (1st Employee Row) (Row Nr 7 of Table) -->
[code]....
View 3 Replies
Sep 21, 2010
There is not a clear category on the site where to post this, so giving it a shot here.
Has anyone used VS 2008? I current user Turtoise for some projects, and Source Gear Valut for others.
The company where I work is thinking about moving to VSS because of the MSDN subscription.
My experience with VSS prior to VSS 2005 was that it conied the name "Visual Source Unsafe" and I know first hand that it trashed my work more that once and I stopped using it. Source Gear Valut on the other hand is rock solid.
So is VSS 2008 Really "safe" was VSS 2005 "safe" ?
View 3 Replies
Jul 29, 2010
you could create your own custom Profile provider that operates against existing database tables .i want u to help me out if u have an idea where i can get steps by steps to carry out the above operation.i know there are various options in creating profile , particularlly the use of web. configuration, the default ASPNETDB, and XML files, BUT i wish to use an existing database which i prefer.
View 11 Replies
Feb 28, 2011
I wonder if its safe to use the CTP5 in production yet. My main use would be for 2 small projects. I Know they pre released it but any thoughts on this if it would hold up for production are welcome.
View 1 Replies
Mar 1, 2011
how I can correct an error. I've built the MVCMusicStore tutorial here:
http://mike-ciccone.com/Store/
The first time I visit the site and attempt a database connection I get this error:
Exception Details: System.Data.SqlClient.SqlException: CREATE DATABASE permission denied in database 'master'.
But when I refresh, it all works fine. I'm at a bit of a loss. I don't believe I'm attempting to create a database, but I realise that the error may not really have anything to do with that. This is hosted at GoDaddy shared hosting. The database was created and I used an SQL script to create the tables initially and populate the data. My connection string works as I can pull data from the database, but I do have
a feeling it will be a web.config setting that will correct this.
View 3 Replies
Nov 12, 2010
I've a blog-driven ASP.NET website. Under the post, there is a Comment block to let readers post comments.I've used some TextBoxes and TextArea for that.To Prevent XSS:I've filtered the input by using: Server.HtmlEncode() Method (I don't care about text formatting).To Prevent SQL-Injection:I'm using Linq To SQL (that should be like parametrized queries I think!).
ArticlesDataClasses dc = new ArticlesDataClasses();
ArticleComment newComm = new ArticleComment()
{
ArticleID = int.Parse(Request.QueryString["ArticleID"]),
CommentAuthor = Server.HtmlEncode(txtName.Text),
CommentText = Server.HtmlEncode(txtComment.InnerHtml).Replace("
", "<br />"),
CommentAuthorEmail = Server.HtmlEncode(txtMail.Text),
CommentTime = DateTime.Now,
Enabled = false
};
View 1 Replies
Jan 12, 2011
For example, this is the code that I am using:
String commandString = "UPDATE Members SET UserName = @newName , AdminLevel = @userLevel WHERE UserID = @userid";
using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["sqlconnectionstring"].ConnectionString))
{
SqlCommand cmd = new SqlCommand(commandString, conn);
cmd.Parameters.Add("@newName", newName);
cmd.Parameters.Add("@userLevel", userLevel);
cmd.Parameters.Add("@userid", userid);
conn.Open();
cmd.ExecuteReader();
Reader.Close();
}
View 3 Replies
Apr 23, 2010
When storing a value in a cookie using C#, what is the best way to encode (or escape) the value so that it can be retrieved and decoded/unescaped reliably?
I'm not talking about encryption.
View 1 Replies