C# - How To Handle Input And Parameter Validation Between Layers
Mar 5, 2010
If I have a 3 layer web forms application that takes user input, I know I can validate that input using validation controls in the presentation layer. Should I also validate in the business and data layers as well to protect against SQL injection and also issues? What validations should go in each layer?
Another example would be passing a ID to return a record. Should the data layer ensure that the id is valid or should that happen in BLL / UI?
View 6 Replies
Similar Messages:
Dec 23, 2010
I have a quick question in regards to testing my validation. I have been looking through a few MVC examples and have noticed the 'Validating with a Service Layer' tutorial which is pretty nice. It discusses how to abstract your code out etc..My question is, that they have validation occuring in the service layer, if errors occur, the error + message then gets added to a model state dictionary.Now i want to test my model to make sure my business rules are being applied to it, but with this approach, for starters, the Validation method is not in the interface. Now, if the validation method was in the interface, during testing you would have to re-implement the validation on the testing side.Am i missing somthing? Where should your validation code go? I feel like it should go in the model, but then i have to track the errors on the model side.
View 1 Replies
Oct 7, 2010
I am migrating my application to MVC3 and getting this error message Validation parameter names in unobtrusive client validation rules must start with a lowercase letter and consist of only lowercase letters or digits.How can I ovoid it without going and modifying all my ViewModels
View 10 Replies
Jun 25, 2010
How am I going to handle time input because I am having a problem especially if the user inputs greater than 24:00:00.
View 2 Replies
May 1, 2010
I got this actionresult which I want to call with ajax:
[Code]....
and the call I do is:
[Code]....
but the input parameter id in the action is always emty. How come? I get into the action without a problem but the input parameter is emtpy. Please explain to me why and what a workaround is with $.get.
View 9 Replies
Mar 16, 2011
How to handle input/output streams to read some data sent from mobile phone app and send it back via ASP page?
The thing is, I've managed to do this with Java servlets, but now I need to do the same thing in ASP.
View 1 Replies
Sep 7, 2010
im passing one input parameter to the SP, based on that parameter i have written the code like below create procedure SP1(@inpName varchar(10))
declare @where varchar(20);
if @inpName = 'ABCD'
@where = 'A';
else if @inpName = '1234'
@where = '1';
else if @inpName = 'AB12'
@where = 'A,B';
SELECT * FROM TABLE1 WHERE COLUMN1 IN(@where);
Now the above query was fine if its 'ABCD' or '1234', but if its 'AB12' then query failed.
How to resolve this issue.?
View 2 Replies
Sep 2, 2010
How do I pass an email address with a plus sign in my input parameter?
Username Value is "johnsmith+1@gmail.com"
http://domain.com/page1.aspx?username=johnsmith+1@gmail.com
View 5 Replies
Apr 4, 2011
I'm using some of the typical ASP.NET's Validation Controls in my website. Now I'm trying to disable the JavaScript in my browser to test my application and of course the Validation Controls no longer works. I think it's best to try to make them work using one of the solutions down here instead of reinvesting the wheel and build a validation layer for the page or my objects -Am I thinking right?-
What do you think of these options and why:
Include in clicked button's event a code to check if the page is valid and if not explicitly call the Page.Validate(); method Check if whether the JavaScript is enabled and if not I should call Page.Validate();
View 3 Replies
Mar 3, 2010
for some reason i get an error saying the following. i have tried to look it up on google but there seems to be nothing about this error.
View 2 Replies
Nov 11, 2010
I have a webservice method which needs to accept SOAP as input parameter. I've worked webservices between .NET clients but I've never worked using raw SOAP so I don't know what to do. The format of the input like this:
<?xml version="1.0" encoding="utf-8"?>
<S:Envelope xmlns:S = "[URL]/">
<S:Body>
<ns2:RemoteService xmlns:ns2 = "some.ns.url">
<RemoteServiceInput>
<param1>123</param1>
<param2>Asd Qwe</param2>
<param3 xsi:nil = "true" xmlns:xsi = "[URL]"/>
</RemoteServiceInput>
</ns2:RemoteService >
</S:Body>
</S:Envelope>
How should my method input be to accept this SOAP as parameter?
View 1 Replies
Jan 8, 2010
I am trying to test a SPROC from my ASP.net page by passing a date from my page or from visual studio server manager.
The date value is like so 2009-01-01.
I keep getting an error message this input parameter cannot be converted.
I tried all combinations like '2009-01-01', "2009-09-01" , 20091001.
Nothing seems to work.
But the SPROC works on the SQL side just fine.
View 1 Replies
Jan 18, 2011
i like to pass two i/p parameters to the SP and fetch 2 output parameters.This should done using simple ADO .NET code.
View 1 Replies
Jul 16, 2010
in asp.net how to fill a dropdown using stored procedure,the sp has one input parameter.
View 4 Replies
Oct 26, 2010
In my application the user uploads three files ( Resume, Cover Letter, Selection Creteria).
I want users not to upload more then 4 MB files, so In my web.confing file I have allowed max of 5 MB. <httpRuntime maxRequestLength="5000"/>. I did this so that I can validate the file and give user a message that they are trying to upload more then 4 MB file.
It all works fine if the user is only uploading resume. But if the user uploads all three files of size 4MB then my validation does not work and it goes to connection time out.
How can i handle the validation to check the file size of all 3 files?
View 2 Replies
Jul 3, 2010
What is the common practice of input validation? In other words do you check for input validation on client-side, on server-side or on both sides?
Also, if performance is crucial to me, would just the client-side input validation be sufficient for my website without presenting any security risks?
View 6 Replies
Nov 3, 2010
I'm working on an application that has a large number of inputs for certain types (50 money inputs, 30 date inputs etc). I have been creating an CompareValidator for each one to make sure users are putting in the correct information but I am curious if there is an easier way to create the validation once and apply it to all desired inputs? Writing out 80 validators that do basically the same thing seems like a waste. Am I missing something that already does this in .NET or are there anything out there that can make validation easier?
Note: All validation needs to be done on both the client AND server side. I've read a little about ASP.NET MVC validation but unfortunately that won't be an option here.
View 1 Replies
Jun 10, 2010
I have 3 tables as follows:
1 - Members containing the following fields:
MemberID int
MemberName
2 - Companies containing the following:
CompanyID int
CompanyName
CompanyType (S=Supplier, R=Retailer, C=Competitor)
3 - Member_Company_Link containing the following:
MemberID int
CompanyID int
The Company table contains any Company with a potential relationship to a "Member". For example:
Companyabc = C (Competitor)
Companyxyz = S (Supplier)
When a new Member record is entered, the user selects from two dropdowns: CompanyType (Supplier, Retailer,Competitor); and CompanyName. The CompanyName dropdown is populated depending on the value selected for CompanyType so if the user selects "Supplier" for CompanyType then only those Companies with a CompanyType of "S" for Supplier will be listed in the CompanyName dropdown.
The use can enter up to 10 CompanyType/CompanyName combinations. When the record is saved, these CompanyType/CompanyName combinations are saved in the Member_Company_Link table. One record for each CompanyType/CompanyName combination is entered in the table.
The problem I'm having is in the retrieval process. I have a "search" screen in which users can select certain criteria to list Members by and one of them is CompanyName. For example they want to see all Member records with "company xyz" as a Supplier and/or "companyabc" as a Competitor. Because each Member can have multiple Supplier and/or Comptitor records I can't figure out how to loop through them to match on the value entered by the user. If Member1 has 5 corresponding records in theMember_Company_Link file and 4 of them contain Companies that are Competitors (Competitor1, Competitor2, Competitor3 and Competitor4) and the search criteria is to find records containing "Competitor3" how can I loop through the values in the Member_Company_Link file for each MemberID to see if there is a match for "Competitor3"?
I know this post is too long and most of you will have ignored it by now but I'm hoping someone will have a clue because I've already spent more than a day trying to figure it out. It seems I have to store multiple values in an array but I have no clue how to do this.
View 5 Replies
Jan 12, 2010
It should be simple; although I'm having a hard time to figure out the best way to do it. I've MVC2 pages with multiple forms on the same page having different functionalities.
What's the best way to handle this; including the MVC2 way of validation from the model?
View 2 Replies
Jul 28, 2010
Stored procedure ALTER proc [dbo].[spSearchCombo](@searchBy nvarchar(50),@searchKey nvarchar(50)) as select * from CD_DETAILS where @searchBy like '%' +@searchKey+ '%' I'm using ASP.net2.0 with c# to extract rows basedon search key from a text box and searchBy for the column to be searched. When i use column name instead of @searchBy which comes from value selected from a ddropdownlist i get the desired result . There seems to be a problem with format of @searchBy and i get a blank page.
protected void btnSearch_Click(object sender, EventArgs e)
{
string constring = ConfigurationManager.AppSettings.Get("con").ToString();
SqlConnection conn = new SqlConnection(constring);
conn.Open();
SqlCommand cmdSP = new SqlCommand("spSearchCombo", conn);
cmdSP.CommandType=CommandType.StoredProcedure;
cmdSP.Parameters.Add(new SqlParameter("@searchBy",SqlDbType.NVarChar,50));
cmdSP.Parameters["@searchBy"].Value=ddlSearchBy.SelectedValue.ToString();
cmdSP.Parameters.Add(new SqlParameter("@searchKey", SqlDbType.NVarChar, 50));
cmdSP.Parameters["@searchKey"].Value=txtSearch.Text.Trim();
SqlDataAdapter da=new SqlDataAdapter(cmdSP);
DataSet ds=new DataSet();
da.Fill(ds);
this.dgv1.DataSource=ds.Tables[0].DefaultView;
dgv1.DataBind();
}
View 3 Replies
Mar 31, 2010
Using ReportViewer control v9 in .aspx page - When displaying date type parameter field in my report nothing happens when calendar icon is clicked (no calendar page, no error) in ie 8. FoxFire works.Same report works fine when viewed directly on the report server in ie8.
Report Server is SQL 2005
View 1 Replies
Apr 25, 2010
I am making some change to my MVC app to allow user to modify their existing email address contained in the profile. I have 'email' and 'confirm email' fields both which load the existing email address when the user enters the edit page (both textboxes are loaded from the same database field). The issue I am having is that when the user edits the 'email' text field and forgets or enters a different address into the 'confirm' field, validation occurs and instead of retaining what the user entered it loads what's contained in the Model when it tried to save into both fields once again (to the user it would appear that validation should not have occurred). I would like validation to fire and retain what the user initially entered in the text boxes.
For example, if the original email address is [URL] and the user enters [URL] for the 'email' address and forgers or enters a different address into the 'confirm' field, validation fires and loads [URL] into both because that's what was captured during the attempted Save. I would like for [URL] to remain in the 'confirm' textbox, or if the user entered something that never matched that would remain.
How can I get around this but still have the existing email address load into both fields when the user initially enters the 'Edit' area?
View 3 Replies
Oct 11, 2010
Search thru the wauy to do view input validation, have seen quite often refers this [Required], eg:
public class ProductViewModel {
[Price(MinPrice = 1.99)]
public double Price { get; set; }
[Required]
public string Title { get; set; }
}
What this [Required] actually is? In which assembly?
View 3 Replies
May 12, 2010
Is there any other good control for date field input apart from CalanderExtender of AJAX Control Toolkit?
View 2 Replies
Nov 10, 2010
I need to show some html code in TextBox.this is my TextBox description:
<asp:TextBox ID="responseTextBox" runat="server"
Width="910px" ReadOnly="True" TextMode="MultiLine" CausesValidation="false" />
i am passing the html to it programatically, and it works, but on postback from page i'am getting the following error:
A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$responseTextBox=" ...
How can i disable input validation ?
View 2 Replies