So I have a Hyperlink called lnkTwitter:And I'm trying to set the url in the code behind:lnkTwitter.NavigateUrl = string.Format("http://www.twitter.com/home?status={0}", Server.UrlEncode("I'm Steven"));When I do that and hover over the link, the url displays correctly in the status bar as "http://www.twitter.com/home?status=I'm+Steven", but the actual url, if I click on the link or look at the link's properties, is "http://www.twitter.com/home?status=I%27m+Steven".For some reason, this only happens in Firefox; in IE, I am taken to the correct url.
For protect against XSS we should make all input from textboxes thoht Server.Htmlencode function.
1) If i let a input go thorgh Server.Htmlencode and save it in database. But what happen if i letter show this input data from database on browerser ...if database input data have <script> it will then make Xss!!!!.
2) I use Server.Htmlencode.. and the user write <b>ss<b>... (label.text = userinput.text;) and i WANT to show ss in browser. What shuld i do for make this happen ??
I have a classic ASP page that connects to the mySQL server with the following code:
Set oConnection = Server.CreateObject("ADODB.Connection") Set oRecordset = Server.CreateObject("ADODB.Recordset") oConnection.Open "DRIVER={MySQL ODBC 3.51 Driver}; SERVER=xxx.com; PORT=3306; DATABASE=xxx; USER=xxx; PASSWORD=xxx; OPTION=3;" sqltemp = "select * from userinfo WHERE emailAddress = '" & theUN & "'" oRecordset.Open sqltemp, oConnection,3,3 if oRecordset.EOF then ...
However, i am unable to find anything to connect to mySQL in ASP.NET (VB.NET). I have only found this peice of code that does not seem to work once it gets to the "Dim conn As New OdbcConnection(MyConString)" code:
Dim MyConString As String = "DRIVER={MySQL ODBC 3.51 Driver};" & _ "SERVER=xxx.com;" & _ "DATABASE=xxx;" & _ "UID=xxx;" & _ "PASSWORD=xxx;" & _ "OPTION=3;" Dim conn As New OdbcConnection(MyConString) conn.Open() Dim MyCommand As New OdbcCommand MyCommand.Connection = MyConnection MyCommand.CommandText = "select * from userinfo WHERE emailAddress = '" & theUN & "'"" MyCommand.ExecuteNonQuery() MyConnection.Close() I have these import statements also: <%@ Import Namespace=System %> <%@ Import Namespace=System.IO %> <%@ Import Namespace=System.Web %> <%@ Import Namespace=System.ServiceProcess %> <%@ Import Namespace=Microsoft.Data.Odbc %> <%@ Import Namespace=MySql.Data.MySqlClient %> <%@ Import Namespace=MySql.Data %> <%@ Import Namespace=System.Data %> The error is as follows: Compiler Error Message: BC30002: Type 'OdbcConnection' is not defined. Source Error: Line 121: "OPTION=3;" Line 122: Line 123: Dim conn As New OdbcConnection(MyConString) '<--error line Line 124: conn.Open() Line 125:
EDIT: GOT IT WORKING USING THIS WAY
Dim MyConString As String = "DRIVER={MySQL ODBC 3.51 Driver};" & _ "SERVER=xxx.com;" & _ "DATABASE=xxx;" & _ "UID=xxx;" & _ "PASSWORD=xxx;" & _ "OPTION=3;" Dim conn As OdbcConnection = New OdbcConnection(MyConString) conn.Open() Dim MyCommand As New OdbcCommand MyCommand.Connection = conn 'MyCommand.CommandText = "INSERT INTO tablename VALUES("val1","val2","val3")" 'MyCommand.ExecuteNonQuery() conn.Close() AND WITH THE mysql.data.DLL IN PLAY Dim MyConString As String = "DRIVER={MySQL ODBC 3.51 Driver};" & _ "SERVER=xxx.com;" & _ "DATABASE=xxx;" & _ "UID=xxx;" & _ "PASSWORD=xxx;" & _ "OPTION=3;" Dim conn As New MySqlConnection(MyConString) conn.Open() Dim MyCommand As New MySqlCommand MyCommand.Connection = conn 'MyCommand.CommandText = "INSERT INTO tablename VALUES("val1","val2","val3")" 'MyCommand.ExecuteNonQuery() conn.Close()
I have to access a web page and click on a specific button that will allow to trigger an action. I want to just use the HttpWebRequest and HttpWebResponse but I don't want to use a browser control or class if possible. I have code that will read in the page to make sure the exact button name exists and if it does I want to be able to click that button.
I have a button called btnDelete on a page with a function behind the click event. Can anyone tell me how I might programmatically call the click event for that button?
We are trying to remove the global.asax from our many web applications in favor of HttpModules that are in a common code base. This works really well for many application events such as BeginRequest and PostAuthentication, but there is no Application Start event exposed in the HttpModule.
I can think of a couple of smelly ways to overcome this deficit. For example, I can probably do this:
protected virtual void BeginRequest(object sender, EventArgs e) { Log.Debug("Entered BeginRequest..."); var app = HttpContext.Current.Application; var hasBeenSet app["HasBeenExecuted"] == null ? false : true; if(!hasBeenSet) { app.Lock(); // ... do app level code app.Add("HasBeenExecuted", true); app.Unlock(); } // do regular begin request stuff ... }
But this just doesn't smell well to me.
What is the best way to invoke some application begin logic without having a global.asax?
I'm currently working on a project that will allow users to do the following:. Choose one or more reports from the report library.2. Cycle through each report, choosing the parameter values to use to run each report.3. Generate a pdf containing all of the reports in one large file.4. Download the pdf.I'm handling 1, 3, and 4 just fine but running into some problems with item 2. The multi-select parameters are giving me headaches. Basically I want a page that contains the parameter selection piece of the standard SSRS web interface but instead of "View Report" it would fire off a function I've created that saves the parameter values and then reloads the page for the next report in the list chosen by the userDoes anyone know if the Report.aspx source code is available somewhere? I'm currently using a PopupControlExtender, CheckboxList, and Textbox to try and mimic the functionality of the multi-select parameter interface that's provided by SSRS but am having trouble getting the page to postback when the user clicks outside the list of parameter values (the default SSRS interface does this).
I've a dropdown and a listview inside an updatepanel (Master/Child relationship) so based on value selected in dropdown the listview gets populated. The Listview allow user to perform Edit/Insert/delete of records. I have to implement a scenario when a user is editing/inserting a record and if he tries to navigate away/change the value in dropdown he should be prompted to save the data and if he choose yes in JS Confirm Dialogue then the currently edited/inserting record should be saved (for which i'm trying to mimic the click of the update/insert button using js). I've attached change eventhandler of dropdown using JQuery which is getting called properly bind. [Code]....
This code gets bind using Sys.Application.add_load(saveChanges); I also tried the following Sys.WebForms.PageRequestManager.getInstance().add_initializeRequest(saveChanges);Sys.WebForms.PageRequestManager.getInstance().add_endRequest(saveChanges). The eventhandler gets called correctly but the click() doesn't work! Also the reason I'm calling click() method of button is to perform the validations via RequireValidator/RangeValidators.
I am in need of validating a TreeView to make sure that users have selected something. What I need is something that mimics a RequiredFieldValidator and stops a page from posting back with any data until something is selected.
i have a requirement to encode the url in javascript and in redirected page i can't use javascript so i must decode the url back in code. so i needs a javascript encode method which encodes url like URLEncode method of asp.net so that i can decode it in code with UrlDecode method
I have spent quite a bit of time researching this here on Asp.Net's Forums, but also on the web in general, and I am still drawing a blank.
The problem: I am trying pass a values such as ... "Jacob's Carpentry" as a query string to another page. However, the other pages keeps seeing "Jacob\s Carpentry".
What I have tried: I have tried using both the Server.UrlEncode and HttpUtility.UrlEncode, and neither have worked. I have also tried using them twice as was suggested in this article, but still with no luck. Finally, I went so far as to try and encode the string, but then do a String.Replace on the " ' " apostrophe and substitute with a "%27". This also did not work, as it appeared that the String.Replace wiped out the encoding.
So I am stuck/lost. It appears the standard PHP functions easily encode the apostrophe, but for some reason the .Net function isn't working.
Here is the code I am using ...
[Code]....
I notice, however, then if I put a breakpoint where the PostBackUrl is set, the encoded string is still only showing "Jacob's+Carpentry", no %27.
Cat.net is nabbing the following code, but I tried to use UrlEncode, but I am getting a http 400 bad requestencodedLink = Default2.aspx%3freturnURL%3d~%2fDefault.aspx
What is the best way to encode the url in Hyperlink without writing code behind. I have many uses and I would like to do it in the Hyperlink statemeent if possible. Some thing such as the following would be great: (This does not work)
According to old AntiXss article on MSDN AntiXss.UrlEncode is used to encode link href (Untrusted-input in the following example):[URL]My understanding was, that UrlEncode should be used only when setting something to URL, like when setting document.location with JS. So why don't I use HtmlAttributeEncode in the previous example to encode [Untrusted-input]? On the other hand is there a security flaw if I use UrlEncode to encode HTML attributes like in the above sample?
everything .net works fine, but when i try to run a .asp file i get this error: Server Error in '/xx' Application. This type of page is not served. Description: The type of page you have requested is not served because it has been explicitly forbidden. The extension '.asp' may be incorrect. Please review the URL below and make sure that it is spelled correctly. Requested URL: /index.asp Version Information: Microsoft .NET Framework Version:2.0.50727.3607; ASP.NET Version:2.0.50727.3082 is there something i need to enable?
I am new to ASP.Net. I am working on an ASP application in which I need to use an existing C# class (.cs) to get a return and pass to my ASP code. I know it may be impossible to call C# class directly from classic ASP.
Just two many pages to re-write. A Microsoft consultant informed us it would cost about $750,000 to rewrite all of our pages. The school district's budget is only $67,500 so this is out of the question. Therefore I am going to have to stick to asp Classic.
I am asking my self many times before start writing a new app or data access library , should I use LINQ to SQL or classic ADO.net , I have used both and the development time I spend on building an app with LINQ to SQL is like the 1/3 compared to ADO.net.
The only think I like using LINQ to SQL is that I don't have to design the domain objects LINQ does that for me and saves me from spend my time on boring things :P But is LINQ to SQL suitable for large scale projects, is there an overhead that we can avoid when using ADO.net ?
I currently work for a company that uses a combination of ASP.NET Webforms and legacy ASP pages for web development. This works fairly well for their current projects but I would like to convince / suggest to them to switch over to ASP.NET MVC since most of their codebase consists of wiring form elements to stored procedure parameters. Just using an ORM is also a possibility but I think it would be a good idea to use this opportunity to switch to an MVC framework.
However, I'm not sure how easy it will be to deploy an ASP.NET MVC app along side ASP.NET and Classic ASP code while the codebase is updated. First, I would like to ask if this is even possible. I've seen threads about running ASP.NET with Classic ASP and ASP.NET MVC with Webforms but not all three in the same application. They currently have Webforms and Classic ASP working together so the pitfalls associated with that are already solved.
I'm migrating a site from classic asp to asp.net 4.0
Before I rework all the code, I wanted to get clarification that the way i think my database code should be updated is fairly correct. (I'm using SQLClient objects)
First, when old code would use forward only recordsets or access single record/value, I'm fairly sure i'd use SqlCommand and SqlDataReader. That is pretty straightforward.
Now, when my old code navigates a recordset (movePrevious, find, etc.)... I believe the way to go is with SqlDataAdapter and DataTable to retrieve the data and DataView to filter/find/navigate the data.
I'n looking to do a quick migration... i don't want to get too bogged down in the new entity framework... so - just trying to stick with similar objects/logic.
I know this is one of those questions that doesn't really have a right/wrong answer... and I think that is part of my problem in finding an answer - there are so many.