|
you are right, WSDL.exe seems to require admin rights no matter what you want it to do for you, which doesn't make much sense to me.
|
|
|
|
|
You don't need to generate the proxy using WSDL directly, the web reference should just work. If you have proxy classes available this is proof.
Your "restricted" environment is could well be causing your problem- see my reply to your post: For some reason the client is trying to connect to the service via a web proxy that it has no authorisation for.
|
|
|
|
|
Hi,
In VS.Net IDE, if I am in a particular .cs or .aspx file in a particular project considering that application or solution is having lot of projects included in it. Now I want to know is there any short cut key to see that particular branch or project. Because its making me lot of problem, I am getting that particular project by saying my file as save as then seeing whole path and then going to that particular project.
Is there any short cut key to go to that project directly without doing all these things. Like If we want to go to the previous visited line in VS IDE press Ctrl+hyphen. Like this I want to know how to go to the project directly in the solution explorer using any short cut keys.
Thanks in advance.
Thanks & Regards,
Md. Abdul Aleem
NIIT technologies
|
|
|
|
|
Been doing C# for years - but this is the first time I've needed to do a web app so I'm trying ASP.NET for the first time.
I have a listview bound to a SqlDataSource. My SelectCommand needs to be something like "SELECT .... FROM ... WHERE Field LIKE '%value%'
I have ControlParameter tied to a textbox that will be the value used in the LIKE clause.
Here is my question:
If I code my SelectCommand to look like ......WHERE Field LIKE '%' + @value + '%'
It works, but if somebody types a value like O'Hara into the text box - it will choke due to the concatenation (and I'm pretty sure open me up to SQL injection attacks)
If I code my SelectCommand to look like ......WHERE Field LIKE @value
It will work perfectly if I manually type the % signs in the text box for value. Including if I type %O'Hara% (the single quote no longer chokes it since I'm not concatenating anymore) - but obviously I don't want to have to teach the world to always put % sings at the start and end of their search strings on my web site.
So what is the best place to concatenate the % signs at the start and end of my search string?
This must be a VERY VERY COMMON thing to do. What are others doing about this?
|
|
|
|
|
Figmo2 wrote: I have ControlParameter tied to a textbox
Instead, tie parameter to a string variable. Set the string variable to the value of the text box, and then replace every singe ' with '' (ie escape out the single quotes in the input criteria. You can thyen use WHERE Field LIKE '%' + @value + '%' without exposing yourself to any injection attacks.
|
|
|
|
|
|
Figmo2 wrote: If I code my SelectCommand to look like ......WHERE Field LIKE @value It will work perfectly if I manually type the % signs in the text box for value. Including if I type %O'Hara% (the single quote no longer chokes it since I'm not concatenating anymore) - but obviously I don't want to have to teach the world to always put % sings at the start and end of their search strings on my web site.
I think this is correct functionality, it is looking for records where Field contains "%....%" rather than "....". I don't see the need to manually type the "%" in the majority of cases, it'll just confuse most [non-technical] users. Do you need to use wildcards?
|
|
|
|
|
Great suggestions all - thank you. What I ended up doing was a little different. I think elegant, but maybe not. Open to critiques...
I left the ControlParameter tied to my text box. (the parameter is called @SearchExpr)
My WHERE clause in the SelectCommand is simply "...WHERE Field LIKE @SearchExpr..." (no concatenation, thus no problems with single quotes needing to be escaped)
And added an event handler for SqlDataSource.Selecting that does this...
protected void SqlDataSource1_Selecting(object sender, SqlDataSourceSelectingEventArgs e)<br />
{<br />
e.Command.Parameters["@SearchExpr"].Value = "%" + e.Command.Parameters["@SearchExpr"].Value + "%";<br />
}
So now the user just enters ANY search string into the text box (e.g. "O'Hara")
This is passed to the SelectCommand as a parameter, thus it is not executable code - so no worries about SQL injection (I think)
And then, in the event handler, right before the SelectCommand is applied to the SqlDataSource, I modify the value to add the % signs front and back.
It works like a charm but the only thing I am not certain of is how well protected I am against injection attacks. Am I right in assuming that this should be adequate protection?
|
|
|
|
|
Figmo2 wrote: Am I right in assuming that this should be adequate protection?
You're using a parameterised query, so you should be OK on that front. However, take a look at http://msdn.microsoft.com/en-us/library/ms179859.aspx[^] for some more "magic characters" that might appear in your search string, and give unexpected results.
|
|
|
|
|
Hi All,
I had a task which is compare the customer age in the background and if he is 18+ then I have to show
him he is allowed for a new feature(this is typically a click link which in turn call another service) if he is under 18 then there is no display of new feature.
Client asked me to present that new feature to please the people who are eligible.
I have done all the background tasks except the presentation.
my code struck here
if(age>18)
{
///////////
}
Any suggestions????
Thanks
-- Modified Tuesday, October 5, 2010 10:06 AM
|
|
|
|
|
Jayadheer Reddy wrote: my code struck here
if(age>18)
{
///////////
}
use some link or linkbutton or tab according to your page need and display it in only when your condition gets true.
|
|
|
|
|
Hello I have a gridview with this form
ID_student -------exam_mark1 ------exam_mark2-----average
to calculate the average score I used this code
double average = 0;<br />
foreach (GridViewRow MRow in GridView1.Rows)<br />
{<br />
average = double.Parse(MRow.Cells[2].Text ) + double.Parse(MRow.Cells[3].Text);<br />
average = average / 2;<br />
MRow.Cells[4].Text = moyenne.ToString();<br />
}
but it returns me the following error: The format of the input string is incorrect.
Help me ,thanks
|
|
|
|
|
the Cells collection is zero-based, so you want to average Cells(1) and Cells(2) adn put the answer in Cells(3), not 2, 3 adn 4 as you have it.
But what a horrible way of doing things...on teh sassumption that these results are pulled from a database, why not pull the average directly out of that in your select statement?
Or at least calculate the average in teh RowDataBound event....
|
|
|
|
|
amina89 wrote: but it returns me the following error: The format of the input string is incorrect.
Did you try to debug your code? Debugging if for this purpose only.
As already suggested, better to do this calcaluation and assiging in rowdatabound event.
|
|
|
|
|
Thanks all ;
I still have the same error.
I forgot to say that the gridview is in edit mode for columns -exam_mark1 ,-exam_mark2 and I do not know if this is the cause.
<asp:GridView ID="GridView1" runat="server" AllowSorting="True" AutoGenerateColumns="False"<br />
BackColor="White" BorderColor="#CCCCCC" BorderWidth="1px" CellPadding="4" CssClass="th"<br />
DataKeyNames="NUM_INSCRIPTION" Width ="60%" Height="9%" PagerStyle-CssClass="note" Style="position: absolute; left: 126px; top: 159px;"<br />
><br />
<FooterStyle BackColor="White" ForeColor="#000066" /><br />
<RowStyle ForeColor="#000066" /><br />
<SelectedRowStyle BackColor="#669999" Font-Bold="True" ForeColor="White" /><br />
<PagerStyle BackColor="White" CssClass="note" ForeColor="#000066" HorizontalAlign="Left" /><br />
<HeaderStyle BackColor="#006699" Font-Bold="True" ForeColor="White" /><br />
<br />
<br />
<br />
<Columns><br />
<asp:TemplateField HeaderText="IDStudent"><br />
<ItemStyle CssClass="td00" /><br />
<ItemTemplate><br />
<asp:Label ID="lblUserID1" runat="server" Text='<%# Eval("NUM_INSCRIPTION") %>'></asp:Label><br />
<itemstyle cssclass="td00" /><br />
</ItemTemplate><br />
</asp:TemplateField><br />
<br />
<br />
<asp:TemplateField HeaderText="StudentName"><br />
<ItemStyle CssClass="td01" /><br />
<ItemTemplate><br />
<asp:Label ID="lblUserID2" runat="server" Text='<%# Eval("NOM_PRENOM_ETUDIANT_ARABE") %>'></asp:Label><br />
</ItemTemplate><br />
</asp:TemplateField><br />
<br />
<br />
<br />
<asp:TemplateField HeaderText="mark1"><br />
<ItemTemplate><br />
<asp:Label ID="lblLastName1" runat="server" Text='<%# Eval("111") %>' Visible='<%# !(bool) IsInEditMode %>'></asp:Label><br />
<asp:TextBox ID="moyt1" runat="server" Text='<%# Eval("111") %>' Visible='<%# IsInEditMode %>'></asp:TextBox><br />
</ItemTemplate><br />
</asp:TemplateField><br />
<br />
<br />
<br />
<asp:TemplateField HeaderText="mark2"><br />
<ItemStyle CssClass="td02" /><br />
<ItemTemplate><br />
<asp:Label ID="lblLastName" runat="server" Text='<%# Eval("112") %>' Visible='<%# !(bool) IsInEditMode %>'></asp:Label><br />
<asp:TextBox ID="validt1" runat="server" Text='<%# Eval("112") %>' Visible='<%# IsInEditMode %>'></asp:TextBox><br />
</ItemTemplate><br />
</asp:TemplateField> <br />
<br />
<br />
<br />
<asp:TemplateField HeaderText="average"><br />
<ItemStyle CssClass="td01" /><br />
<ItemTemplate><br />
<asp:Label ID="lblUserID4" runat="server" Text='<%# Eval("NOTE_MODULE") %>'></asp:Label><br />
</ItemTemplate><br />
</asp:TemplateField><br />
<br />
<br />
</Columns><br />
when the teacher populated the gridview he clicks insert button to insert the marks in the database and then clicks on the button average whose code is the top one.
if I use sql to calculate the average. the sql query becomes long because the pivot.if I use RowDataBound I calculate the average row by row?
thanks
|
|
|
|
|
Hi All,
Please help me regarding a doubt. i have a .xml file which is having around 3000 nodes, now I want to retrieve the name attribute of those nodes for which store attribute>30. Please suggest the esaiest way to do it.
Thanks,
Inder....
|
|
|
|
|
Load the xml with the XmlDocument and use xpath to get the nodes. Iterate those nodes the read the attribute.
Example:
<code>
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.Load("XMLFile.xml");
XmlNodeList selectedNodes = xmlDoc.SelectNodes("//Store[@Stores>30]");
foreach (XmlNode item in selectedNodes)
{
Console.WriteLine(item.Attributes["name"].Value);
}
Console.ReadLine();
</code>
My xml file:
<?xml version="1.0" encoding="utf-8" ?>
<Stores>
<Store name="Name1" store="10"/>
<Store name="Name2" store="20"/>
<Store name="Name3" store="30"/>
<Store name="Name4" store="40"/>
</Stores>
|
|
|
|
|
Don't cross post! You have already asked this question in the C# forum, which is more appropriate than the ASP.NET forum but should have been placed in the XML forum
I know the language. I've read a book. - _Madmatt
|
|
|
|
|
Hi ,
We are developing a portal in asp.net (C#), where user can upload documents , We need to prevent the upload of Renamed files(the extensions changed Ex.xxxx.exe changed to xxxx.docx) , and Encrypted files(Password protected). Please advice .
Regards,
Nancy
|
|
|
|
|
You won't be able to detect whether a file name has been changed prior to upload. As for encryption, there are copious amounts of documentation covering that subject.
I know the language. I've read a book. - _Madmatt
|
|
|
|
|
One assumes you want to restrict the uploaded file types to a certian set - eg doc, docx, pdf.. whatever. So I would think it possible to examine the uploaded file/s (byte by byte) in the code-behind to at least check that its format is that of the supposed file type, according to its extension. Some research would be required to determine a reasonable test for each type, but I wouldn't have thought that that would be beyond the wit of man... or woman.
|
|
|
|
|
how do i debug when i am not getting back the querystring parameters from the browser to the server? thank you.
----------------------------------------------------------
Lorem ipsum dolor sit amet.
|
|
|
|
|
what do you mean? you can't see your parameters in the querystring or it's not even there?
Please don't forget to mark 'Good Answer', if you find it really a good one!
Kashif
|
|
|
|
|
i am not receiving it on the server side. i am actually more asking of a debugging technique/tool.
----------------------------------------------------------
Lorem ipsum dolor sit amet.
|
|
|
|
|
You can always manually type in the url with parameters to a browser. However, where is the request coming from? Is it from your own page? Then you need to determine why the query string is not being supplied.
I know the language. I've read a book. - _Madmatt
|
|
|
|