Tuesday, May 12, 2009

Using the Repeater as the out-of-box controls

Usually when you want to create some kind of listing of data, with items that can be added, updated and deleted, you can use the out-of-box GridView control altogheter with FormView, ListView and DetailsView controls.
Since you almost don't need to write any code at all, these controls works fine for doing quick solutions with non-complicated data, (like fetching data from one table).
But when it comes to more complicated data structures it becomes more difficult to maintain these controls.
In these situations it is recommended to have more control, by knowing what is going on under the hood. This is where the Repeater control comes in handy.

In the following six upcoming posts I will show you how to use the Repeater control to establish almost the same things as you can do with the out-of-box controls plus a little more.

Here are the following parts that will be described:

1. Simple Repeater

2. Add, edit and delete Repeater

3. Multi-Row update Repeater

4. Sorting Repeater

5. Paging Repeater

6. All-In-One Repeater

In the next post we will go through the Simple Repeater.

Thursday, May 7, 2009

Minimizing script injection with Server.HtmlEncode

In some occasions part of your web application might need to have validateRequest turned off to allow users to input specific tags needed for their business. This composes a security risk that needs to be treated. One way to solve this is to use the Server.HtmlEncode().

In this small example we have an aspx page that has its valiateRequest turned off:



With the following desing:



If we type in a java script block and presses "Unsafe submit" button, the script will execute.



Code behind:



To prevent the injected script from running we can use Server.HtmlEncode() as follows :



Now when pressing button "Safe submit" the script will be encoded to html and will be unharm for the user:



For complete source code click here.

Saturday, May 2, 2009

Selecting top, bottom and in between rows in sql

In this post I am going to show how you in an easy way can select top, bottom and in between rows from a table. The table that I am using is a fictitious Customer table with primary key name CustomerID.

1. Selecting the first 10 rows from Customer table:

SELECT TOP 10 * FROM Customer ORDER BY CustomerID

The code above is quite straight forward using the "TOP" keyword to picking out the first 10 rows.

2. Selecting the bottom 10 rows from Customer table:

SELECT TOP 10 * FROM Customer ORDER BY CustomerID DESC

In this code we also use the "TOP" keyword but now we change the sort order to "DESC" (descenging) letting us picking out the 10 rows from the bottom.

3. Selecting rows between 10-20 from Customer table:

SELECT TOP 10 * FROM Customer WHERE CustomerID IN
(
SELECT TOP 20 CustomerID FROM Customer ORDER BY CustomerID
) ORDER BY CustomerID DESC

In the code above we use nestled query to achieve the extraction of row 10-20. The inner query picks out row 0-20 and the outer query picks out row 10-20 from the inner query.

get a counter