|
Hi Richard, *always* fantastic to hear from you.
That ValidateDuration sub is actually yours you helped me out with sometime last year.
Just a refresher, here it is again:
Protected Sub ValidateDuration(ByVal sender As Object, ByVal args As ServerValidateEventArgs)
Dim validator As Control = DirectCast(sender, Control)
Dim row As Control = validator.NamingContainer
Dim startHour As Integer = Integer.Parse(DirectCast(row.FindControl("startHour"), DropDownList).SelectedValue)
Dim startMinutes As Integer = Integer.Parse(DirectCast(row.FindControl("startMinutes"), DropDownList).SelectedValue)
Dim startAmPm As String = DirectCast(row.FindControl("startAmPm"), DropDownList).SelectedValue
Select Case startAmPm
Case "AM"
If True Then
If startHour = 12 Then
startHour = 0
End If
Exit Select
End If
Case "PM"
If True Then
If startHour <> 12 Then
startHour += 12
End If
Exit Select
End If
Case Else
If True Then
args.IsValid = True
Return
End If
End Select
Dim endHour As Integer = Integer.Parse(DirectCast(row.FindControl("endHour"), DropDownList).SelectedValue)
Dim endMinutes As Integer = Integer.Parse(DirectCast(row.FindControl("endMinutes"), DropDownList).SelectedValue)
Dim endAmPm As String = DirectCast(row.FindControl("endAmPm"), DropDownList).SelectedValue
Select Case endAmPm
Case "AM"
If True Then
If endHour = 12 Then
endHour = 0
End If
Exit Select
End If
Case "PM"
If True Then
If endHour <> 12 Then
endHour += 12
End If
Exit Select
End If
Case Else
If True Then
args.IsValid = True
Return
End If
End Select
hourDiff = endHour - startHour
If endMinutes < startMinutes Then
hourDiff -= 1
End If
'Response.Write(hourDiff)
'Response.End()
args.IsValid = hourDiff >= 4
End Sub
I moved hourDiff definiation at class level outside the sub so I can append the value of it to hyperlink control id of hpReserve.
Just having a couple of problems doing so.
One, as you can see, the hourDiff is not a database field. So, I can't use eval(...).
So, it is giving an error that hourDiff is unaccessible.
Second, I keep getting ValidateDuration is undefined when using it to ensure that a minimum of 4 hours is selected.
Any thoughts?
|
|
|
|
|
OK, so it's this thread[^] from back in July?
If you make the hourDiff a public or protected field, it should be available to the data-binding code. However, it won't be populated until the custom validator has run, which isn't going to happen until the user has selected the start and end hours and posted them back to the server.
In this case, building the NavigateUrl on the server isn't going to work. You're going to need some javascript to update the URL on the client.
Start with the fixed elements which you know on the server:
<asp:HyperLink ID="hdReserve" class="js_siteid" runat="server" Text="Select"
NavigateUrl='<%# String.Format("ReserveFacility.aspx?id={0}&facilityFees={1}&depoitAmt={2}&cancelAmt={3}&keydeptAmt={4}&extrahour={5}", Eval("siteId"), Eval("RentalFeeAmount"), Eval("DepositAmount"), Eval("CancellationAmount"), Eval("DepositAmount"), Eval("ExtraHourAmount")) %>'
/>
Then add some javascript to modify the URL when the controls change. Something like this should work:
$(function(){
var parseTime = function(container, prefix){
var hour = parseInt(container.find("select[name$=" + prefix + "Hour]").val(), 10);
var minutes = parseInt(container.find("select[name$=" + prefix + "Minutes]").val(), 10);
var amPm = container.find("select[name$=" + prefix + "AmPm]").val();
switch (amPm) {
case "AM": {
if (hour === 12) { hour = 0; }
break;
}
case "PM": {
if (hour !== 12) { hour += 12; }
break;
}
default: {
return null;
}
}
return { hour: hour, minutes: minutes };
};
$("a.js_siteid").each(function(){
var me = $(this);
var row = me.closest("tr");
var baseUrl = me.attr("href");
row.on("change", "select[name$=ddlPartySize], select[name$=Hour], select[name$=Minutes], select[name$=AmPm]", function(){
var url = baseUrl;
var groupSize = row.find("select[name$=ddlPartySize]").val();
if (groupSize) { url += "&groupsize=" + encodeURIComponent(groupSize); }
var startTime = parseTime(row, "start");
var endTime = parseTime(row, "end");
if (startTime && endTime){
var hourDiff = endTime.hour - startTime.hour;
if (endTime.minutes < startTime.minutes) { hourDiff--; }
url += "&hoursdiff=" + hourDiff.toString();
}
me.attr("href", url);
});
});
});
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Thanks so much sir but there is a little problem though and I suspected we would have this problem as soon as I saw your solution but I wanted to try it anyway.
First, the hyperlink doesn't become exposed to the javascript until after the search button is clicked.
Then it becomes available.
Right now, the groupsize and the hoursdiff do not show up on the hyperlink.
Many thanks sir.
|
|
|
|
|
I can't see anything in the code you've posted relating to a search button, or hiding the hyperlink.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
You are correct sir, my bad.
As stated, the code I posted there and the js version of it were created by you and they worked great.
The issue started when users of the app indicated that they would also like to warn users that there is a set fee for 4 hours use of their facility.
If they went over the 4 hour limit, there would additional fees.
As a result, I just managed, with some googling, to modify your script slightly to come up with the code below:
<script type="text/javascript">
$(window).load(function () {
$("#txtFromDate").datepicker();
$('#timeStart').timepicker({ showPeriod: true,
onHourShow: OnHourShowCallback,
onMinuteShow: OnMinuteShowCallback
});
$("#txtToDate").datepicker();
$('#timeEnd').timepicker({ showPeriod: true,
onHourShow: OnHourShowCallback,
onMinuteShow: OnMinuteShowCallback
});
function OnHourShowCallback(hour) {
if ((hour > 20) || (hour < 6)) {
return false;
}
return true;
}
function OnMinuteShowCallback(hour, minute) {
if ((hour == 20) && (minute >= 30)) { return false; }
if ((hour == 6) && (minute < 30)) { return false; }
return true;
}
$('#btnSearch').on('click', function () {
var sDate = $("#txtFromDate").val();
var sTime = $("#timeStart").val();
var eDate = $("#txtToDate").val();
var eTime = $("#timeEnd").val();
var startDate = new Date(sDate + " " + sTime).getHours();
var endDate = new Date(eDate + " " + eTime).getHours();
var hourDiff = endDate - startDate;
if (hourDiff < 4) {
var r = false; $($("<div>A mininum of 4 hours is required!</div>")).dialog({ closeOnEscape: false, resizable: false, modal: true, open: function (event, ui) { $(".ui-dialog-titlebar-close").hide(); }, buttons: { Close: function () { r = false; $(this).dialog("close"); } }, close: function () { return r; } });
return false;
}
if (hourDiff > 4) {
var r = confirm("There may be additional fees for going over the 4 hours!");
if (r == true) {
return true;
} else {
return false;
}
}
});
});
</script>
This code worked a treat.
However, the users said that if a user goes over the allocated 4 hours, then they need to know how many hours are over 4 hours and multiply that by the set overage fee of $89.00.
So when a user clicks the link, to be redirected to ReserveFacility.aspx, the total overage hours and associated fees must be passed to that page as well.
As it stands right now, you can't see the link until you click the btnSearch button.
So, the calculation has to be done after the hyperlink is visible and I struggled with this for so long that I just remembered there is vb version and that's the one I posted above.
If I can resolve the issue of ValidateDuration is undefined error that happens when I use it below:
<asp:CustomValidator ID="CustomValidator1" runat="server"
ControlToValidate="endHour"
ErrorMessage="A minimum of four hours is required."
Text="*"
SetFocusOnError="True"
OnServerValidate="ValidateDuration"
ClientValidationFunction="ValidateDuration" />
then I will be glad to stay with the vb instead of the js. The js seems overly complicated for me.
|
|
|
|
|
samflex wrote: If I can resolve the issue of ValidateDuration is undefined error that happens when I use it below:
That sounds like a script error to me.
Don't forget that Javascript is case-sensitive - if you copied the code from my post in July, the ClientValidationFunction needs to be "validateDuration ", with a lower-case "v".
samflex wrote: So when a user clicks the link, to be redirected to ReserveFacility.aspx, the total overage hours and associated fees must be passed to that page as well.
Won't you also need to pass the start and end dates/times to the ReserveFacility.aspx page?
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
At this point, no requirements for passing the start and end dates.
However, if that changes, it will be pretty easy to pass them to ReserveFacility.aspx page.
I can pass them as form fields as opposed to hourDiff which is a javascript variable.
|
|
|
|
|
But if you can pass the start and end dates/times as form fields, then you could re-calculate the hourDiff on the server side.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Great idea!
Thank you sir.
|
|
|
|
|
i was reading article on web security from this url http:
the person so if any action method return data in json format for get request then malicious user can do CSRF. he suggested if stop delivering json data for get request then bad people can not hijack our json.
my question is if hacker drop a jquery script which make a ajax post request then also json will be delivered to client. so please tell me after reading that article that what the person is trying to say like deliver json for post request that will be invulnerable. because auth cookie goes at the time of get & post method too. help me to understand how to stop JSON Hijacking and also why author is saying post is secure than get?
tbhattacharjee
|
|
|
|
|
|
i search google for my above question but not getting a single web site which will discuss all common and dangerous attach happen for web site and how to secure them. most of site is talking about XSS attach , CSRF & sql injection but i love to know other attack name as a result i can read and understand about those attack and solution to close those hole for a web site.
so if anyone knows any website address then please share the link which discuss about various attack and their solution.
tbhattacharjee
|
|
|
|
|
OWASP[^] is a good place to start.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Sir Richard MacCutchan I wasn't able to post my reply in that thread that is why I am posting here.
That I have done. But the problem is that the user can fetch data in many ways like filling just one text box or two or three or more than three text boxes.
What I have in mind is that i check all options like if text box 1 and text box 2 is not null
select * from emp where id is text box 1 and number is text box 2
or if text box 1 and text box 2 and text box 3 is not empty
perform this query
can you please help me out if there is any alternate way to perform this operation.
|
|
|
|
|
I already explained to you how to do it in my last reply. I don't understand what more you need. Check each box in turn, if it is null continue checking. If it is not null add its search expression to the command string. And use proper parameterized queries, not concatenated strings.
|
|
|
|
|
Okay gotcha Thank you Sir.
|
|
|
|
|
I have a page with calendar and textbox.
when I select a date from calendar the selected date is stored in textbox.text.
I have another page where data is displayed in gridview in pageload.
I want to access data where expiry date is textbox1.text. I am getting error in adap.fill(ds) section with data type miss match exception.
|
|
|
|
|
You'll need to fix the error.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
Yes, I know that I have to fix the error. but How that is my question.
|
|
|
|
|
How can we know? You haven't provided the exact error.
However, data type mismatch means just that, trying to put dec into int or string into int. It should be very easy for you to find if you debug the code.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
I've googled but cannot find a solution that works. I've found and gotten to work uploading, viewing and downloading files to/from folders on my server. These are shown in bound gridviews on 2 pages. Now what i need is to allow the user to delete files when they are out of date. Below is the code. If anyone can point me in the right directions i would greatly appreciate it!
Attachments:<asp:FileUpload ID="fileUpload1" runat="server" /><br />
<asp:Button ID="btnUpload" runat="server" Text="Upload" onclick="btnUpload_Click" usesubmitbehavior="false"/>
<asp:GridView ID="gvDetails" CssClass="Gridview" runat="server"
AutoGenerateColumns="False"
DataSourceID="SqlDataSource2">
<HeaderStyle BackColor="#df5015" />
<Columns>
<asp:BoundField DataField="Id" HeaderText="Id" Visible="False" />
<asp:BoundField DataField="filepath" HeaderText="filepath" Visible="False" />
<asp:BoundField DataField="FileName" HeaderText="File Name" />
<asp:TemplateField>
<ItemTemplate>
<asp:LinkButton ID="lnkDownload" runat="server" Text="Download" OnClick="lnkDownload_Click"></asp:LinkButton>
</ItemTemplate>
</asp:TemplateField>
<asp:BoundField DataField="CVSNumber" HeaderText="Company Auto" Visible="False" />
</Columns>
</asp:GridView>
VB Code-
Protected Sub btnUpload_Click(ByVal sender As Object, ByVal e As EventArgs)
Dim cvsfilename As String = Path.GetFileName(fileUpload1.PostedFile.FileName)
Dim firmcvs As String = CompanyAuto_TB.Text
fileUpload1.SaveAs(Server.MapPath("files/" & cvsfilename))
sql = "Insert INTO tblFiles(Filename, Filepath,CVSNumber) "
sql += "values(@Name,@PAth,@CompanyAuto_tb) "
Dim cmd As SqlCommand = New SqlCommand(sql, New SqlConnection(conString))
cmd.Parameters.AddWithValue("@Name", cvsfilename)
cmd.Parameters.AddWithValue("@Path", "files/" & cvsfilename)
cmd.Parameters.AddWithValue("@CompanyAuto_tb", firmcvs)
Try
cmd.Connection.Open()
cmd.ExecuteNonQuery()
Catch ex As Exception
Response.Write(ex.ToString())
Finally
If cmd IsNot Nothing Then
If cmd.Connection.State <> ConnectionState.Closed Then
cmd.Connection.Close()
End If
cmd.Dispose()
End If
End Try
Protected Sub lnkDownload_Click(ByVal sender As Object, ByVal e As EventArgs)
Dim lnkbtn As LinkButton = TryCast(sender, LinkButton)
Dim gvrow As GridViewRow = TryCast(lnkbtn.NamingContainer, GridViewRow)
Dim filePath As String = gvDetails.DataKeys(gvrow.RowIndex).Value.ToString()
Response.ContentType = "image/jpg"
Response.AddHeader("Content-Disposition", "attachment;filename=""" & filePath & """")
Response.TransmitFile(Server.MapPath(filePath))
Response.[End]()
End Sub
|
|
|
|
|
If the files are located on the File system of your web application, (not in database; like most of the developers do to store the binary data in database, for me this option is just too-foolish) you can execute the command to delete the file; like you do in any other .NET application.
The following MSDN link[^], has the method to delete the files from File system. You can use the VB version of the code; right now it is in C# or depending on your choice of MSDN code samples.
The sh*t I complain about
It's like there ain't a cloud in the sky and it's raining out - Eminem
~! Firewall !~
|
|
|
|
|
Unfortunately, that would give me the entire list of files. The gridview is tied to the specific record on screen and the file(s) are shown in the gridview. I do not want users to have to hunt to find a record to delete. I just want a delete button next to the download button to remove the file.
|
|
|
|
|
Did you try to understand what I told you?
The link I gave, was about "How to delete one single instance of file from your machine". You can use it, to delete one file (at a time). It won't give you the list of files, that is the job of Directory.EnumerateFiles(string location) [^] to provide you with the list of files available in a directory.
The button that you're talking about, that has been tied to the delete event. You can write this code in it.
void Button_Click(object sender, EventArgs e) {
string file = "You can pass the location from a parameter.";
File.Delete(file);
}
Once this code would execute, the file at that location (you need to pass the location of the file to delete, so embed the file path somewhere alongwith the button) would be deleted.
The sh*t I complain about
It's like there ain't a cloud in the sky and it's raining out - Eminem
~! Firewall !~
|
|
|
|
|
That's my problem. I cannot get the path. I have the folder path, I have the file name but putting both together in the delete button is frustrating me.
|
|
|
|
|