MVC :: Create Url Safe Names For Any String In A Database?

Dec 15, 2010

Given a string in my database like "Computer Gadget", I am trying to achieve a url format like "http://xyz.com/products/details/computer-gadget" when a user clicks a link to the item "computer gadget" from a list view.In my list view for the products, I have Action links that read like this

[Code]....

When I hover over this link on the rendered page I get a link that looks like "http://xyz.com/products/details/computer+gadget"and the correct product detail is returned after I have url.decoded the string in my Details method. However, the returned page displays a url that looks like "http://xyz.com/products/details/computer%2bgadget"How can I get the returned url to show "computer-gadget" instead?Also when a name has "&" or "/" the server throws a Http 400 error message. I know these are unsafe values, but is there a way to work around this safely to allow the strings keep these characters?

View 3 Replies


Similar Messages:

Web Forms :: Create A Regular Expression From A String Or An Array Of Domain Names?

Feb 25, 2010

I need a way to create a regular expression from a string or an array of domain names. for example string array = [URL]. Once I click save I would want to create a regular expression that would match all 3 with or without '.com' extension. Then Another task would be to pull this data out of regular expression and put it back into an array.

View 5 Replies

C# - Is It Safe To Always Create A New HttpContextWrapper

Oct 21, 2010

I'm trying to make an existing ASP.NET web forms app more unit testable by using some of the ASP.NET MVC objects, specifically HttpContextWrapper. I've seen examples of its usage and they always create a new object. I disassembled the source with Reflector and see all it does is store the passed HttpContext. But I was curious as to whether or not it's safe to always create a new instance of HttpContextWrapper or follow the singleton pattern somehow? Below is the class I'm using in my app

public static class AppHttpContext {
public static HttpContextBase Current { get { return Getter(); } }
public static void SetContext(Func<HttpContextBase> getter) {
Getter = getter;
}
private static Func<HttpContextBase> Getter = () => new HttpContextWrapper(HttpContext.Current);
}

And I use it similar to HttpContext.Current

AppHttpContext.Current.Session["blah"] = "something";

View 1 Replies

DataSource Controls :: Type Safe SQL Parameters And Update/ Insert Of Database

Feb 1, 2010

I have been in the process of updating my code with security methods, and I've been learning this from [URL] (or "Security Guidelines: ASP.NET 2.0"). In the middle of the page under "When Constructing SQL Queries, Use Type Safe SQL Parameters" it says "Use type safe parameters when constructing SQL queries to avoid possible SQL injection attacks that can occur with unfiltered input". Now, what they suggested was to use code like:

"DataSet userDataset = new DataSet();
SqlDataAdapter myCommand = new SqlDataAdapter(LoginStoredProcedure", connection);
myCommand.SelectCommand.CommandType = CommandType.StoredProcedure;
myCommand.SelectCommand.Parameters.Add("@au_id", SqlDbType.VarChar, 11);........"

But, I was already using code like:

"var dataSource = (SqlDataSource)form1.FindControl("sqlDataSource5") ;
dataSource.UpdateParameters.Add("someVal", val);"

So now, to use type safe parameters, I decided to include it like:

"var dataSource = (SqlDataSource)form1.FindControl("sqlDataSource5") ;
dataSource.UpdateParameters.Add("@someVal", DbType.Int16, val);
dataSource.UpdateParameters["@someVal"].Size = 1;"

So, that would be how I would modify my current code base to use type safe parameters in sql updating/inserting.

Getting to my actual question, as it was said "Use type safe parameters when constructing SQL queries to avoid possible SQL injection attacks that can occur with unfiltered input". First off, this suggests that this should apply to unfiltered input. Also, in their example they only did this for an ID.

So, what I'd like to know, when it comes to "unfiltered input", does this mean as long as the input is unfiltered I must use type safe parameters, or even filtered input shall have this (just to be sure), like, input that has been ran through a regularexpression check? Shall I do this for all values I insert/update into the database, or just IDs and important things?

The way I see it right now is that it would be a good precaution to just do type safe checks on everything (literally) that updates/inserts into the database just to be extra safe. But, I really am unsure if this is really the best idea, because if I did, would this possibly cause overprocessing of information? Can this cause too much strain on server resources? If my fears serve true, what would be a good suggestion of how I could implement this properly without having to worry about what I said?

View 1 Replies

Connection String And User Login Create Account Database?

Aug 5, 2010

Is it possible to insert a connection string into a web.config file if it isnt there?Would this work?The connection string is for a APS.NET user login and create account database.

View 3 Replies

ADO.NET :: How To Replace The Field Names In SQL Query String With Variables

Aug 17, 2010

How can I replace the field names in sql query string with variables like:-

string field1="ID";
string field2="Name";
sql = "Insert into [Sheet1$] ('" + field1 + "','" + field2 + "') values('1','abc')";

I am inserting data into an Excel document which has got nearly 100 columns.

I am inserting data using OLEDB as follows:-

System.Data.OleDb.OleDbConnection MyConnection ;
System.Data.OleDb.OleDbCommand myCommand = new System.Data.OleDb.OleDbCommand();
string sql = null;
MyConnection = new System.Data.OleDb.OleDbConnection(connectionstring);
MyConnection.Open();
myCommand.Connection = MyConnection;
sql = "Insert into [Sheet1$] (ID,Name) values('1','abc')";
myCommand.CommandText = sql;
myCommand.ExecuteNonQuery();
MyConnection.Close();

I want to specify the field names at runtime as mentioned above - sql = "Insert into [Sheet1$] ('" + field1 + "','" + field2 + "') values('1','abc')"; When I try this I am getting error.

View 12 Replies

SQL Server :: Using String Variables As Column Names In A Select Statement?

Dec 20, 2010

I'm trying to use a function in my code behind to let me select a different column each time by calling the function with a different parameter.

However, I keep being told 'invalid column name', even though in the error page the column name appears perfectly valid.

Private Function getData(ByVal s As String) As String

View 4 Replies

How To Get Database Names From Given Sql Server In LINQ

Feb 5, 2010

I have DropDownList displays all server present in my network I want to populate the databse names when i changed it into another dropdown I want a LINQ query to get this.

View 3 Replies

DataSource Controls :: Take Names From The Table And Do Another Select Based On That List Of Names?

Jun 1, 2010

I have been working with this database for some time. Here is the situation...

I inherited a MS SQL database that has hundreds of tables with similar data. For instance:

FordTampa_customer is a table,

ChevyAtlanta_customer is a table, etc....

All of the columns are the same...just different tables with their own ID field. All I have done...Inside of another database id is created a table called 'Customer' and added an 'Dealer ID' column along with the rest of the other columns in the other tables...

So the combination of the 'Dealer ID' and the 'ID' field are unique.....I know...its not the best way to do things...but I cannot change the old data structure because I cannot have access to it. I am give back-ups on a weekly basis, so this is all I have to work with.

All right, on to the real point of my post...

Currently, I have an application that I use to select all of the data from the 'Ford_customers','Chevy_customers',etc... and inserts them into my new main 'Customer' table. I do this by selecting the table names, bind it to an arraylist, loop through the list and execute an insert statement.

I do this in VB.NET, but I would prefer to do it in a Stored procedure of some kind....I just am not sure how to accomplish it. I use this syntax to get my list of tables:

[Code]....

I am not sure how to take those names from the table and do another select based on that list of names.

View 1 Replies

Prevent Duplicate User Names In Database

Jul 14, 2010

I am learning asp.net web development. I have create a table with the column "username". But i don't know how to prevent the Duplicate "username".

View 5 Replies

Security :: How To Use Duplicate User Names With The Same Database Over Different Domains

Dec 11, 2010

We are buling a hosted ecommerce shopping cart solution and I would like to use asp.net's built-in membership provider. We dont really want to have a seperate database for each domain, we want to share the same database across mupltiple domains for different customers. Each domain is a seperate store.

My problem is that since it's a shared hosted solution people coming from different domains might use the same user name and it would show as if already existed. Is there an addional field I can use to store the domain name so basicly would be unique by username and domain name. We don't want to share information between stores.

View 7 Replies

Can Sqlcommand Parameters Provide Names Of Database Columns?

Feb 24, 2010

Like this: select * from foo where @nameofdbcolumnprovidedbyparam = 1? Whenever I attempt this with sqldatasource or in ado I get errors such as: Syntax error converting the nvarchar value 'foo' to a column of data type int.

View 3 Replies

Web Forms :: Using Dynamic Database Data For Actionlink Names?

Jun 21, 2010

Rather than having a details button next to the database entry I would like to make a link out of the name field.basically i want the item.Name field to be the name of the link in theHtml.ActionLink(" **here*** ", "Details", new blablalba)What is the syntax to do this in asp.net

View 1 Replies

DataSource Controls :: Search Database For Names Beginning With A Thru C......SQLDATASOURCE?

Jun 25, 2010

I have a mssql table of names. This table contains names from A thru Z. However, I want to be able to display names by their beginning alphabet...Like first Display names A thru CThen Display Names D thru F
and ..so on....and so forth....thru ZI using asp.net and have a grid view with paging enabled.....

View 2 Replies

AJAX :: Slideshow Using Access Or Sql Database To Obtain Image Names?

Oct 27, 2010

I've watched the Slideshow videos and created a number of examples that run fine. The code I've attached at the bottom is the smallest one, but instead of hard coding the image locations, I would like to select the slides from either of the following statements, which return the top 5 images selected randomly from our floorplans database.

<asp:AccessDataSource id="AccessDataSource1" runat="server" DataFile="../fpdb/J3_2005.mdb" SelectCommand="SELECT TOP 5 [Elev_Pimage] FROM [PLANS_Active] ORDER BY RND(INT(NOW*[SF_Total])-NOW*[SF_Total])" />
or,

<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:J3_2005Slideshow %>" ProviderName="<%$ ConnectionStrings:J3_2005Slideshow.ProviderName %>" SelectCommand="SELECT TOP 5 [Elev_Pimage] FROM [PLANS_Active] ORDER
BY RND(INT(NOW*[SF_Total])-NOW*[SF_Total])" />
<title>SlideShow</title>

View 9 Replies

DataSource Controls :: Refer To Datatable Columns With Database Column Names?

May 28, 2010

[Code]....

Refer to datatable columns with database column names?

View 3 Replies

DataSource Controls :: Saving Images To A Server Folder With Different Category Names And The Path To A Database?

Jan 19, 2010

Here is what I am basically trying to accomplish I want to upload images to the server separated into categories and save the file path into the database. I have found plenty of documentation on saving to a file and the file path to a database. But, I haven't found anything that will allow me to seperate the images into categoies.

I have made three tables in the database

[code]....

What I am trying to do is create a gallery for our clients to browse and download different vesions of posters and ad cards.

View 15 Replies

Web Forms :: How To "parameterize" Dropdownlist Names To Create Several Copies Of The Aspx Code

Feb 28, 2010

We have a row of aspx code that lists employees and hours worked and total hours. The text is quite simple and uses ajax to update the entries when the user selects a control for employees or enters hours worked on a particular project.

Currently, we have "hard coded" these lines of code. It works fine, but is quite tedious to change when requested. The difference between row1 and row2 is minimal. Just some control name differences such as

dlEmployees1 and ddlNrOfHoursWorkedRow1Col1, ddlNrOfHoursWorkedRow1Col2, ddlNrOfHoursWorkedRow1Col3, ..., lblTotalHoursRow1

on one row, and then

dlEmployees2 and ddlNrOfHoursWorkedRow2Col1, ddlNrOfHoursWorkedRow2Col2, ddlNrOfHoursWorkedRow2Col3, ..., lblTotalHoursRow2

on the next row. Etc.

Our first goal is to re-write one of these lines into something like an array that can be similar to dlEmployees[j], ddlNrOfHoursWorkedRow[j]Col1 and lblTotalHoursRow[j]

so we can add and reference the different drop down boxes in the c# code.Below is the actual code for 2 lines (sorry for the long post).

==================== code follows for 2 sample lines =====================

<!-- Drop Down Lists for Employee Names (1st Employee Row) (Row Nr 7 of Table) -->
[code]....

View 3 Replies

Is VSS 2008 Really "safe"  Was VSS 2005 "safe"?

Sep 21, 2010

There is not a clear category on the site where to post this, so giving it a shot here.

Has anyone used VS 2008? I current user Turtoise for some projects, and Source Gear Valut for others.

The company where I work is thinking about moving to VSS because of the MSDN subscription.

My experience with VSS prior to VSS 2005 was that it conied the name "Visual Source Unsafe" and I know first hand that it trashed my work more that once and I stopped using it. Source Gear Valut on the other hand is rock solid.

So is VSS 2008 Really "safe" was VSS 2005 "safe" ?

View 3 Replies

Security :: How To Create Profile Using An Existing Database Raither Than Default Database

Jul 29, 2010

you could create your own custom Profile provider that operates against existing database tables .i want u to help me out if u have an idea where i can get steps by steps to carry out the above operation.i know there are various options in creating profile , particularlly the use of web. configuration, the default ASPNETDB, and XML files, BUT i wish to use an existing database which i prefer.

View 11 Replies

ADO.NET :: EF4 CTP5 Safe To Use?

Feb 28, 2011

I wonder if its safe to use the CTP5 in production yet. My main use would be for 2 small projects. I Know they pre released it but any thoughts on this if it would hold up for production are welcome.

View 1 Replies

SQL Server :: Windows Shared Hosting Error: Create Database Permission Denied In Database 'master'?

Mar 1, 2011

how I can correct an error. I've built the MVCMusicStore tutorial here:

http://mike-ciccone.com/Store/

The first time I visit the site and attempt a database connection I get this error:

Exception Details: System.Data.SqlClient.SqlException: CREATE DATABASE permission denied in database 'master'.

But when I refresh, it all works fine. I'm at a bit of a loss. I don't believe I'm attempting to create a database, but I realise that the error may not really have anything to do with that. This is hosted at GoDaddy shared hosting. The database was created and I used an SQL script to create the tables initially and populate the data. My connection string works as I can pull data from the database, but I do have
a feeling it will be a web.config setting that will correct this.

View 3 Replies

Web Config Safe From SQL Injection And XSS

Nov 12, 2010

I've a blog-driven ASP.NET website. Under the post, there is a Comment block to let readers post comments.I've used some TextBoxes and TextArea for that.To Prevent XSS:I've filtered the input by using: Server.HtmlEncode() Method (I don't care about text formatting).To Prevent SQL-Injection:I'm using Linq To SQL (that should be like parametrized queries I think!).

ArticlesDataClasses dc = new ArticlesDataClasses();
ArticleComment newComm = new ArticleComment()
{
ArticleID = int.Parse(Request.QueryString["ArticleID"]),
CommentAuthor = Server.HtmlEncode(txtName.Text),
CommentText = Server.HtmlEncode(txtComment.InnerHtml).Replace("
", "<br />"),
CommentAuthorEmail = Server.HtmlEncode(txtMail.Text),
CommentTime = DateTime.Now,
Enabled = false
};

View 1 Replies

C# - Is It Safe Using Dynamic SQL With Parameters

Jan 12, 2011

For example, this is the code that I am using:

String commandString = "UPDATE Members SET UserName = @newName , AdminLevel = @userLevel WHERE UserID = @userid";
using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["sqlconnectionstring"].ConnectionString))
{
SqlCommand cmd = new SqlCommand(commandString, conn);
cmd.Parameters.Add("@newName", newName);
cmd.Parameters.Add("@userLevel", userLevel);
cmd.Parameters.Add("@userid", userid);
conn.Open();
cmd.ExecuteReader();
Reader.Close();
}

View 3 Replies

Safe Way To Encode A Cookie Value In C#?

Apr 23, 2010

When storing a value in a cookie using C#, what is the best way to encode (or escape) the value so that it can be retrieved and decoded/unescaped reliably?

I'm not talking about encryption.

View 1 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved