|
Hi
am trying to avoid sql injection.
i want to check only the input provided by the user and not the
viewstate how to avoid checking the view state .
the code i used is below
public static string[] checklist=
{"@@","declare","delete","drop","fetch","fetch_status",
"sys","sysobjects","syscolumns","execute", "update","truncate"};
void app_BeginRequest(object sender, EventArgs e)
{
HttpRequest Request = (sender as HttpApplication).Context.Request;
foreach (string key in Request.QueryString)
CheckInputform(Request.QueryString[key]);
foreach (string key in Request.Form)
CheckInputform(Request.Form[key]);
}
private void CheckInputform(string parameter)
{
for (int i = 0; i<checklist.length;> {
if ((parameter.IndexOf(checklist[i], StringComparison.OrdinalIgnoreCase) >= 0))
{
HttpContext.Current.Response.Redirect("~/Error.aspx");
}
}
}
Any help
ngrj.
|
|
|
|
|
Don't do it that way. Use parameterised queries (text or stored procs), or a decent data layer.
If you try to use a crappy hackish solution based on using a crap data access solution then expect complaints when Mr Joe Sysiman, or fetchdog69@hotmail.com wants to sign up for your services.
|
|
|
|
|
Thanks for the reply Mark
I will use the methods you suggested.
thanks for the example.
ngrj.
|
|
|
|
|
Hi,
In the wizard control, how to display the Sidebar horizantally at the top of the wizard. The sidebar displaying the steps in hyperlinks. Can we change those hyperlinks into buttons? And also how to distinguish between active step and other steps in the side bar?
Thanks in advance
|
|
|
|
|
i have to create a search form which contain a multi select listbox and 3 more drop down, user will select values from these ands hit search button, how i can create query on fly? i have to do concatenation work OR is there any other option that asp.net or vs2005 wizard support to generate query on the fly.
Thanks
|
|
|
|
|
dream_liner_7e7 wrote: asp.net or vs2005 wizard support to generate query on the fly.
ASP.NET should have nothing to do with SQL. Wizards in VS sure don't. Yes, you CAN write code that uses controls that try to magically generate SQL, but situations like this are where they hit their limits, and using them is always a nasty option.
I'd do something like this: say one of your possible things to search for is a name. I'd write a proc that does something like
AND (tb1.Name == @Name OR @Name = '')
In other words, you pass empty strings for things you don't want to look for, and write a proc that deals with them
This was a SQL question, you should ask those in the SQL forum
Christian Graus
Please read this if you don't understand the answer I've given you. If you're still stuck, ask me for more information.
|
|
|
|
|
i think there is something like query builder which is used in case of runtime scenario ... but i m not sure about that .... if u have any idea plz tell .
Thanks
|
|
|
|
|
I have an
<asp:checkboxlist xmlns:asp="#unknown"></asp:checkboxlist> with several asp:listItems and align them to left in the table cell but there is always some gap as you can see in this figure. the text boxes in the above row are correctly aligned.
http://picasaweb.google.com/arunagulla/Devloper/photo#5218822729113407922
can anyone tell me how can i get them correctly aligned to left.
here is my cell with the asp:checkboxlist
<td runat="server" align="left" class="tdContactBoxes">
<asp:CheckBoxList ID="chkContats" runat="server" TextAlign="Right" OnSelectedIndexChanged="Check" CssClass="chkContats">
<asp:ListItem>I am interested in the commercial version of doXtop (Hyper.Net)</asp:ListItem>
<asp:ListItem>I am interested in a joint venture or business partership with doXtop</asp:ListItem>
<asp:ListItem>I am interested in advertising on doXtop</asp:ListItem>
<asp:ListItem>I am interested in the open API of doXtop for development</asp:ListItem>
<asp:ListItem>I am interested in building my content business to doXtop</asp:ListItem>
<asp:ListItem>I am interested in opening a virtual publisher company on doXtop</asp:ListItem>
<asp:ListItem>I want to publish on doXtop and need help</asp:ListItem>
<asp:ListItem>I have a suggestion for improving doXtop</asp:ListItem>
<asp:ListItem>I have questions on doXtop</asp:ListItem>
<asp:ListItem>I want to report an error</asp:ListItem>
<asp:ListItem>Other</asp:ListItem>
</asp:CheckBoxList>
</td>
thanks
|
|
|
|
|
Try by giving
CellPadding="0" CellSpacing="0"
for the list box.
EVEN THE WORD IMPOSSIBLE SAYS I M POSSIBLE.
|
|
|
|
|
I have a table, i m adding rows in this table through the code-behind (.cs file).
Is there any way to add asp:textbox or asp:Button
in this table through the code-behind ???
The position (row no. in the table) depends on the data present in the xml file...
|
|
|
|
|
Try this
1[^]
2[^]
EVEN THE WORD IMPOSSIBLE SAYS I M POSSIBLE.
|
|
|
|
|
thanx Sherin Iranimose
How to add event handlers to these controls >
|
|
|
|
|
C#
<br />
control_Name.Event_Name += new EventHandler(Function_Name);<br />
vb
<br />
AddHandler control_Name.Event_Name, AddressOf Function_Name<br />
http://support.microsoft.com/kb/317794[^]
EVEN THE WORD IMPOSSIBLE SAYS I M POSSIBLE.
|
|
|
|
|
Sherin Iranimose wrote: C#
control_Name.Event_Name += new EventHandler(Function_Name);
Thanx
|
|
|
|
|
But, if your controls are added in page load or later, the event tree won't be built so the events will not fire.
Christian Graus
Please read this if you don't understand the answer I've given you. If you're still stuck, ask me for more information.
|
|
|
|
|
You are right.
But I have a doubt about 'page load'....
EVEN THE WORD IMPOSSIBLE SAYS I M POSSIBLE.
|
|
|
|
|
Christian Graus wrote: But, if your controls are added in page load or later, the event tree won't be built so the events will not fire.
Then, whats the solution ?
where else in the code-behind the controls can be added ?
|
|
|
|
|
Try it by adding on page load.
EVEN THE WORD IMPOSSIBLE SAYS I M POSSIBLE.
|
|
|
|
|
I'm trying to use a set of classes to add a document to LiveLink. I have never done this before and am being unsucessful. Has anyone dealt with this before? I do not have any code yet as I am still trying to figure out how to login a guest account for LiveLink. Or if you may happen to know of a good tutorial on this as I could not find one to suit my needs. All I need to do is a call from an ASP .NEt application to add a document to livelink through a few classes in 3 layers (.dl, .bl, and .dal) and then retrieve some information about the document I just added so I can add a link to the document for retrieval.
Thanks
|
|
|
|
|
i have a simillar situacion...
i am trying to use a Livelink code to create a document with its categories. I know how to programm ASP & VB .net but i dont know how to reference to the Livelink library (i don´t even know the library name)
so, if you or someone give the name of the Livelink library to reference in VB i can do the rest.
Oscar.
|
|
|
|
|
sir,
Actualy Problem is That when open my project run a form save the entry my form multiple date field his save successfully .when this project compile and run iss through then i will get error .
'date format is not in correct format' ,so i m not getting the actual date format of iss . Please send solution of to solve this problem.
Thanks & Regards
lav
lav naphade
|
|
|
|
|
You can reply to your(continue with your) old post!
EVEN THE WORD IMPOSSIBLE SAYS I M POSSIBLE.
|
|
|
|
|
i m waitting your reply.................
lav naphade
|
|
|
|
|
Can you show me some code that producing the error!
EVEN THE WORD IMPOSSIBLE SAYS I M POSSIBLE.
|
|
|
|
|
Hi
i have a button and image in my web page (Visibilty of image is false). i want when user click button, Visibilty of image set to true. for this, i write this code :
<asp:Button ID="Button2" runat="server" Text="Show Client Progress" OnClientClick="ShowProgress(); return false;"/>
<asp:Image ID="Image1" runat="server" ImageUrl="~/images/ajax-loader.gif" Visible="False" />
and write this JavaScript Code :
function ShowProgress(){
document.getElementById("Image1").setAttribute("Visible",true,null);
}
but, i didn't successful to Visible my Image web control.
can anyBody Help me ?
thanks
|
|
|
|