Web Forms :: Are Server.Htmlencode,Urlencode Useless Functions!
Feb 2, 2010
For protect against XSS we should make all input from textboxes thoht Server.Htmlencode function.
1) If i let a input go thorgh Server.Htmlencode and save it in database. But what happen if i letter show this input data from database on browerser ...if database input data have <script> it will then make Xss!!!!.
2) I use Server.Htmlencode.. and the user write <b>ss<b>... (label.text = userinput.text;) and i WANT to show ss in browser. What shuld i do for make this happen ??
View 4 Replies
Similar Messages:
Dec 7, 2010
What is the difference between HttpUtility.HtmlEncode and Server.HTMLEncode in c#
View 1 Replies
Apr 13, 2010
import/export wizard in 2000 had lots of options.
I could copy databases without a care in the world. Including constraints, stored proc., AND the data, etc.
Now, with v2008, the wizard is dumbed down too much. It's a "stupid" copy function that fails on the first constraint it meets.
"Copy database.." is not an option here: it needs sysadmin on both source and destination server.
Re-adding the constraints manually is not an option either: the database is WAY too large.
I'm actually hoping there is a temporary bug in the import/export wizard. Each option (and you have THREE...) returns with a new error.
Googling, I found I am not alone:
http://itknowledgeexchange.techtarget.com/itanswers/sql-server-2008-export-data-problem/
This post is exactly my situation. Here's what his post says: (bolded key parts)
I'm trying to get used to sql server 2008 having been forced to upgrade by my isp. I need to back up my key db on a weekly remote schedule, so have been trying to use ssms to export data from my remote db to a local copy.
Firstly I created a new empty db on the local machine. Then I scripted the structure of the db on the remote machine and ran the resulting query on the local machine to copy the table structure into the new db. This gave me empty target tables to map to (see
below).
I used the export data wizard and selected my remote tables, then highlighted the tables to be copied and used the Edit Mappings option. Here I need to do two things, firstly checking'Enable Identity Insert' (because I have a unique id in most tables which is identity seeded, and I've read that if this is not checked sql server will helpfully renumber your entire table, rendering all your foreign key references useless). Secondly I need to decide what to do with the data already in the destination table. SQL 2k DTS simply dropped the destination table and recreated it. SQL 2008 will either keep the structure and delete the rows therein, or drop the table and recreate it. Because I intend to save this package and call it on a schedule in the future, I need to choose one of these options, because next time the target db won't be empty.
If I choose the delete rows option, when the package runs I get the following error when the process gets ot the first table with an identity ID which is used elsewhere in the db as a foreign key.
Error 0xc002f210: Preparation SQL Task 4: Executing the query "Truncate TABLE [dbo][tblCompany] failed with the following error 'Cannot truncate table tblCompany because it is being referenced by a foreign key constraint. Possible failure reasons: Problems with the query, "Result Set" property not set correctly, parameters not set correctly or connection not established correctly'
Half a dozen preceding tables did seem to transfer fine, but the process falls down on this one table. What I want is for the process to ignore constraints whilst it does the backup.
Undeterred I tried the other option, dropping each table and creating a new version. This time I get the error:
Error 0cx0202009: Data Flow Task 1: SSIS Error Code DTS_E_OLEDBERROR. An OLE DB error has occurred. Error code 0x80004005. An OLE DB record is available. Source MS SQL Server Native Client 10.0. Hresult 0x80004005 Description "The statement has been terminated".
An OLE DB record is available. Source MS SQL Server Native Client 10.0. Hresult 0x80004005 Description "Violation of Primary Key constraint 'PK_LoginClasses'. Cannot insert duplicate key in object 'dbo.LoginClasses'.
Then I try unchecking the Enable Identity Insert option to see what happens. This happens:
- Validating (Error)Messages
Error 0xc0202049: Data Flow Task 1: Failure inserting into the read-only column "UserID".
(SQL Server Import and Export Wizard)
Error 0xc0202045: Data Flow Task 1: Column metadata validation failed.
(SQL Server Import and Export Wizard)
Error 0xc004706b: Data Flow Task
1: "component "Destination - Login" (40)" failed validation and returned validation status "VS_ISBROKEN".
(SQL Server Import and Export Wizard)Error 0xc004700c: Data Flow Task 1: One or more component failed validation.
(SQL Server Import and Export Wizard)
Error 0xc0024107: Data Flow Task 1: There were errors during task validation.
(SQL Server Import and Export Wizard)
I can't see any more options to try. So how do I get SSMS 2008 to do what Enterprise Manager 2k did with no drama?
View 11 Replies
Aug 5, 2012
I have two page
1-index.aspx
protected void ImageButton3_Click(object sender, ImageClickEventArgs e) {
string data = Server.UrlEncode(txtNumeric.Text);
SqlCommand _cmd = new SqlCommand("traidname", _cn);
_cmd.CommandType = CommandType.StoredProcedure;
_cmd.Parameters.Add("@BehCode", data);
[Code] ....
Here I use textbox .text for server.urlEncode according to this code it go to tName + "?BehCode=" that
SP
ALTER procedure [dbo].[traidname]
@Behcode nvarchar(30)
as
begin
select T_name
from House_Info
where Behcode=@Behcode
end
And this is code in my destination(depending to tname column in house_info tabel) page
I use below code to bind data from database in destination pages
string data = Server.UrlDecode(Request.QueryString["BehCode"]); _cmd.Parameters.AddWithValue("@behcode", data);
Now in index.aspx page i have linkbutton that i want when users click on it, it do something like
ImageButton3_Click event
This is my datalist code that linkbutton is in this datalist
<asp:DataList ID="DDLstore" runat="server" RepeatColumns="3" RepeatDirection="Horizontal" "> <ItemTemplate> <table class="DDL2h"> <tr> <td style="height: 35px"> <asp:Label ID="Label3" runat="server" Text='<%# Eval("Name") %>' CssClass="TDnameH"></asp:Label> </td> <tr> <td> <asp:LinkButton ID="LinkButton2" runat="server" CssClass="LBP2" onclick="LinkButton2_Click">see all product</asp:LinkButton> </td> </tr> </table> </ItemTemplate> </asp:DataList>
Now how I can write code for linkbutton event that do same thing like ImageButton3_Click event?
and notice that both linkbutton and imagebutton are in index.aspx page ...
View 1 Replies
Sep 23, 2010
I have used Server.HtmlEncode(MY TEXT) to display data,
I have setted the page property validateRequest="false" in .config file,
all this is working fine.since I have large application using hundreds of labels and text boxes to show data,
so, now it is almost impossible ( time consuming ) for me to place Server.HtmlEncode(MY TEXT) every where while setting data to them e.g. in label.text, textbox.text, etc
is there is any way to set the property some where and all the labels and text boxes automatically use Server.HtmlEncode() when i set there text
View 1 Replies
Jan 4, 2011
I would like to use Server.UrlEncode in .ashx.
I try with the following code.
HttpServerUtility ser = new HttpServerUtility();
ser.UrlEncode(pfile.FileName);
That's wrong but however I would like to use Server.UrlEncode so let know the way.
View 1 Replies
Jan 6, 2010
In ASP:
Server.URLEncode("+&(). -*<>/|")
' returns %2B%26%28%29%2E+%2D%2A%3C%3E%2F%5C%7C
In ASP.NET
Uri.EscapeDataString("+&(). -*<>/|")
// returns %2B%26().%20-*%3C%3E%2F%5C%7C
HttpUtility.UrlEncode("+&(). -*<>/|")
// returns %2b%26().+-*%3c%3e%2f%5c%7c
Is there any elegant way how to mimic old ASP behavior in ASP.NET?
View 2 Replies
Jan 29, 2010
So I have a Hyperlink called lnkTwitter:And I'm trying to set the url in the code behind:lnkTwitter.NavigateUrl = string.Format("http://www.twitter.com/home?status={0}", Server.UrlEncode("I'm Steven"));When I do that and hover over the link, the url displays correctly in the status bar as "http://www.twitter.com/home?status=I'm+Steven", but the actual url, if I click on the link or look at the link's properties, is "http://www.twitter.com/home?status=I%27m+Steven".For some reason, this only happens in Firefox; in IE, I am taken to the correct url.
View 3 Replies
Nov 9, 2010
I am trying to set up a POST from one aspx file to another progromatically. Inside the POST is a String of XML data which i have properly added to Server.HtmlEncode(). For some reason, when I grab it in my logs on the other page, it is showing with 3 question marks. I at first thought it was logging text i left somewhere, but have narrowed it down to a Encoding error of some sort because when i change the encoding it changes the character, and when I just put some text in there, i see it on the other side fine. i have tried UTF 8,UTF32,Unicode,ASCII... Can't seem to find the right combination. Can't find the UTF-16
when I use the Encoding object
Below is my Code:
[Code]....My Sending Debug log has the Extension xml coming out in HTML format correctly before POST. Below is just a piece of it[Code]....
And then on the other side log I get the below
Extensions =??
View 1 Replies
Jan 21, 2010
I put this code Server.HTMLEncode on a class module, and I cant fint the IMPORTS class for it??
Where is it for Server. ???
View 2 Replies
Jun 14, 2010
how can I use this in class project c#
Server.HtmlEncode ?
View 1 Replies
Nov 26, 2010
I have many TextBox in a page.I would like to know if there is a ways to check pro grammatically all input for this TextBox and
apply Server.HtmlEncode to each one.
So I do not need apply Server.HtmlEncode for every single String.
View 4 Replies
Mar 25, 2011
I would like to ask when im trying to store some data into sql using Server.HtmlEncode Could i use code behind for example like this ?
[code]....
View 3 Replies
Nov 16, 2010
I'm trying to mock Server.HtmlEncode(), but I keep having a null reference exception.I'm pretty new to the Moq framework, here is my code:
var context = new Mock<HttpContextBase>();
var request = new Mock<HttpRequestBase>();
var response = new Mock<HttpResponseBase>();
var session = new Mock<HttpSessionStateBase>();
var server = new Mock<HttpServerUtilityBase>();
server.Setup(svr => svr.HtmlEncode(It.IsAny<string>())).Returns((string s) => s);
context.Setup(ctx => ctx.Request).Returns(request.Object);
context.Setup(ctx => ctx.Response).Returns(response.Object);
context.Setup(ctx => ctx.Session).Returns(session.Object);
context.Setup(ctx => ctx.Server).Returns(server.Object);
I've also tried the following:
context.Setup(ctx => ctx.Server.HtmlEncode(It.IsAny<string>())).Returns((string s) => s);
I've found a solution but it seems an outdated solution as expect is replaced with setup.
View 2 Replies
Jan 26, 2010
Is there a way to run server side functions by javascript? There are two things I need to do:
1. Either emulate clicking a link/button, or calling the OnClick function directly (not OnClientClick)
2. Control the back and forward control of the wizard control by using the keyboard
View 2 Replies
Mar 23, 2010
I work on an asp.net web application (3.5) with Visual Studio 2008. There are a lot of files in this project (approximately 500 aspx files) and I think I can remove some of them.
My question is: Is there a way to identify the useless files, I mean, the files that are no longer used in the project (like an image, aspx, etc.); by using Visual Studio or an external tool?
View 2 Replies
Nov 25, 2010
I'm being really thich today. Can anyone tell me why I can't fire a client side then server event from this code:
[Code]....
[Code]....
View 2 Replies
Sep 2, 2010
I have spent quite a bit of time researching this here on Asp.Net's Forums, but also on the web in general, and I am still drawing a blank.
The problem: I am trying pass a values such as ... "Jacob's Carpentry" as a query string to another page. However, the other pages keeps seeing "Jacob\s Carpentry".
What I have tried: I have tried using both the Server.UrlEncode and HttpUtility.UrlEncode, and neither have worked. I have also tried using them twice as was suggested in this article, but still with no luck. Finally, I went so far as to try and encode the string, but then do a String.Replace on the " ' " apostrophe and substitute with a "%27". This also did not work, as it appeared that the String.Replace wiped out the encoding.
So I am stuck/lost. It appears the standard PHP functions easily encode the apostrophe, but for some reason the .Net function isn't working.
Here is the code I am using ...
[Code]....
I notice, however, then if I put a breakpoint where the PostBackUrl is set, the encoded string is still only showing "Jacob's+Carpentry", no %27.
View 5 Replies
Aug 11, 2010
Server.UrlEncode("2*")return 2*while it should return 2%2Aas tested on this demo site
View 2 Replies
Mar 21, 2010
What is the best way to encode the url in Hyperlink without writing code behind. I have many uses and I would like to do it in the Hyperlink statemeent if possible. Some thing such as the following would be great:
(This does not work)
<asp:HyperLink
ID="HyperLink1"
NavigateUrl=
"<%=UrlEncode(~/All_Videos.aspx?tag=full length movie&title=The Movie)%>"runat="server">Movies</asp:HyperLink>
View 2 Replies
Feb 19, 2011
How we use a function in a sql query.me some example of using functions in query.Please donot provide me example for using inbuilt sql aggregate functions.Please give some userdefined sql functions example in a query.
View 2 Replies
Jun 22, 2010
I have my app running on asp.net 4.0 and IIS 5.1.
I'm having problems running IO functions on my PUBLISHED website, on the server running IIS. I can run everything just fine on my own machine without any issues in debug mode.
I pinpointed the errors to some IO functions Im trying to add.
Example:
StreamWriter sw = new StreamWriter(outputfile, true);
sw.WriteLine(DateTime.Now.Date.ToString());
or
File.Copy(sourceFile, destinationFile), true);
When I add something of this nature.. I get the generic runtime error (since I'm not sure how to make it show more specific errors at this point)
I was thinking it has something to do with a security issue. But, Im not sure where to look.
View 6 Replies
Mar 27, 2012
I have an ASP.NET control (a button) in a WebApp. It has an onclick attribute:
onclick="SaveButton_Click"
SaveButton_Click()
is a C# function in the codebehind file. When the user clicks the button, SaveButton_Click() is executed.
What I would like to know is whether there's a way to set up a javascript callback junction. I know how this is done in AJAX, but I'm not sure in ASP.NET (with controls that run on the server) how (or if) this can be done.
View 3 Replies
May 23, 2010
it's my first question to this nice site :) ... i use ckeditor.com in my asp.net web site and it have a great features but if any check the full feature example when inserting image you have two feature ( upload to server - browse server and choose image ) as shown in below image
http://i45.tinypic.com/2rmp5ds.jpg
My Questions : 1- Browse Server function integrate with another product called CKfinder .. i don't want to use it i search for such one but in asp.net and can be integrating with ckeditor ?
2- is there an example Upload image function that can save in SQL DB and can be integrated with ckeditor ?
View 1 Replies
Dec 20, 2010
I have a url which I wish to encode that contains a couple of encrypted querystring parameters:
[URL]
I've been asked by a client I'm working with to html encode this url. I've used HttpUtility.HtmlEncode() to do this. This returned the following:
[URL]
This appears to be correct as the '&' has been replaced with '&'. However a problem arises when I try to use HttpUtility.HtmlDecode() on this new value as I get the following returned:
[URL]
What appears to have occurred is the '&' has had the 'amp' removed and the ';' has been html encoded (I checked the value of '%3b' and it corresponds with the html encoded value of a semi-colon). I'm not sure why this is happening?
I realise I could manually do a .Replace("%3b", "") as a temporary fix but I can't see this being a good long-term solution.
View 4 Replies
