.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Storing and displaying user input (encoding query)

Posted By:      Posted Date: August 30, 2010    Points: 0   Category :ASP.Net
Hello,I've just been reading up a little on security regarding user input and how to handle html and scripts.My question is, what if I build my own CMS?Isn't it inevitable that I'll want to store html code, possibly scripts, and almost certainly apostrophes and special characters, and then display them again.What's the best way to do this, since I wont want to display the encoded html, but the html itself.Would it be to encode everything then when I want to actually display the html, decode it, but everywhere else, keep it encoded?I'm just trying to think of all the scenario's that I could come across when I accept user input where I don't know what they could be typing in.What if I WANT the user to be able to display html?Is it possible to decode only some tags but leave all other tags encoded? 

View Complete Post

More Related Resource Links

form feild hints are not displaying for textboxses inside create user wizard?



I'm using following JS code to display input hint box besides the textbox whenever that asp.net textbox receives focus. 

I'm doing this for a registration form and all of the textboxes are inside the asp.net create user wizard control.

<script type="text/javascript">
function addLoadEvent(func) {
  var oldonload = window.onload;
  if (typeof window.onload != 'function') {
    window.onload = func;
  } else {
    window.onload = function() {

function prepareInputsForHints() {
	var inputs = document.getElementsByTagName("TextBox");
	for (var i=0; i<inputs.length; i++){
		// test to see if the hint span exists first
		if (inputs[i].parentNode.getElementsByTagName("span")[0]) {
			// the span exists!  on focus, show the hint
			inputs[i].onfocus = function () {
				this.parentNode.getElementsByTagName("span")[0].style.display = "inline";
			// when the cursor moves away from the field, hide the hint
			inputs[i].onblur = function () {
				this.parentNode.getElementsByTagName("span")[0].style.display = "none";

Storing User Data



I'm trying to get the current logged in UserId Value, using this code

Protected Sub UserProfileDataSource_Selecting(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.SqlDataSourceSelectingEventArgs) Handles UserProfileDataSource.Selecting      ' Get a reference to the currently logged on user      Dim currentUser As MembershipUser = Membership.GetUser()      ' Determine the currently logged on user's UserId value      Dim currentUserId As Guid = CType(currentUser.ProviderUserKey, Guid)      ' Assign the currently logged on user's UserId to the @UserId parameter      e.Command.Parameters("@UserId").Value = currentUserId End Sub

But, I getting an error (NullReferenceException), I did set a url authorization on the page that i try to get the logged in user information, witch is info.aspx, and I made the login.aspx control to be redirected to the info.aspx after the login process, But the info.aspx  only shows me (access in denied), how can i make this page knows that i am already logged in?

InfoPath: Turn User Input into XML with Custom Forms Using Office InfoPath 2003


Office InfoPath 2003 is a new Microsoft Office product that lets you design your own data collection forms that, when submitted, turn the user-entered data into XML for any XML-supporting process to use. With an InfoPath solution in place, you can convert all those commonly used paper forms into Microsoft Office-based forms and end the cycle of handwriting and reentering data into your systems. Today organizations are beginning to realize the value of the mountains of data they collect every day, how hard it is to access it, and are striving to mine it effectively. InfoPath will aid in the design of effective data collection systems. Here the author shows you how to get started.

Aaron Skonnard

MSDN Magazine September 2003

Web Q&A: Storing SQL Data, URL Query Length, and More


Find out the best way to store large amounts of XML data in SQL Server, along with the performance implications. What's the maximum length of an XML query to SQL Server in a URL?

Edited by Nancy Michell

MSDN Magazine May 2003

Programmatically creating a SharePoint Site based on user input


I am working on developing a “Create Website Wizard” for SharePoint 2007 that would do the following (I am simplifying a little for the sake of this post):


1.      Take user input as follows:



Product Code:

Category (I, II, III):

The category will be a choice field (radio buttons or a dropdown)

Generating and storing html pages in User Directories on the server



I come from corporate asp.net development, and I am now working on a public website which will get a lot of traffic, perhaps a million users a day.  So I am faced with a ton of performance and scalability questions.

I would like to share some thoughts and see if my approaches resonate with any good practices, or perhaps I am heading down the wrong path...  Either way, I want to hear opinions.

(My number one concern is the fact that I am using asp.net for a public website.  I don't know of a lot of websites using asp.net)

I am using asp.net 2.0 (I know, its not the latest technology but I don't need any advanced features of asp.net 3.5 or 4, unless there are significant improvements geared towards what I am doing) 

On launch date, this will be running on a dedicated Windows Server 2008 running on Intel ATOM 330 1MB L2 Cache 1.6Ghz Dual-Core with 2GB DDR RAM.  Its fully managed by a full service hosting company which gives me an option to upgrade to a bigger server within a few hours.  I can even move the site to a webfarm if the traffic demands it.

So I have a User Dashboard, where users can create albums and upload pictures.  So what I am doing

how to include a user defined table type as input for stored procedure

Hi ,  I have a user defined table type which i need to pass as input parameter to the stored procedure .How can i do that?

How to tell if TextChanged fired in response to user input

I have a TextBox that triggers a calculation when the user types text.  I am recalculating any time that the user enters a new value by responding to the TextChanged event.  This calculation can be manually overridden. I am finding that the TextChanged event is firing during databinding, as it should, but this is blowing away the manually overridden calculation.  I used to be able to tell if the user had initiated this change by checking the Modified property in a System.Windows.Forms.TextBox. Is there a way to tell if the TextChanged event is in response to user input?  I only want my calculation to take place in response to user input and not in response to databinding or other in code changes to the Text property.

Getting user input from a ComboBox

What is the most reliable way to get the current user input from a ComboBox? I've noticed that SelectedItem.Text, SelectedValue, and Text all contain the wrong result when the user deletes everything in the box and then immediately does something to cause a postback without clicking outside the box first (e.g. the user presses Backspace to delete the current contents and then presses a Submit button without clicking on anything else in the form first).

How do I gather user input at the start of a workflow?

I'm a complete sharepoint newbie, so please forgive me :) I have developed a Sharepoint 2007 Sequential workflow in Visual Studio 2010. I have 'bound' it to a particular contact list, and set it such that it will be activated when a contact is edited. (I did this so that I had an easy way of starting the workflow (I just go in and edit a contact)). The workflow itself, on the designer just shows: onWorkflowActivated1 -> codeActivity1 -> logHistoryListActivity1 The workflow works and does the work in the codeActivity1 part. My problem now is how to ask the user for input. At present the code has some hard-coded values in it, for example: Dim emailTemplatePath = "http://en-ecm-jplender/Shared%20Documents/FATF%20Documents/EmailTemplate01.htm" Dim emailTemplate = (New System.Net.WebClient() With {.UseDefaultCredentials = True, .Encoding = System.Text.Encoding.UTF8}).DownloadString(emailTemplatePath) Dim attachmentFilePath = "http://en-ecm-jplender/Shared%20Documents/FATF%20Documents/People.pdf" Dim attachmentData = (New System.Net.WebClient() With {.UseDefaultCredentials = True, .Encoding = System.Text.Encoding.UTF8}).DownloadData(attachmentFilePath) However, I'd like for the user to be able to choose the PDF attachment, and the EmailTemplate document from Sharepoint. I tried fiddling with InfoPath, but it didn't seem to bind to t

Popup Confirm that forces user input for ok button

Hi Everyone, Does anyone know how to do a popup confirm that has a textbox where the user types in a comment.  Currently I am using just a confirm pop up.  What I really want to do is make is so the user cannot click on the ok button until there is something typed into the textbox but they can hit the cancel button at any time without providing a comment.  Any suggestions? Thanks! -Nici 

Generic Query Designer displaying non standard syntax

I've just discovered a problem with the Generic Query Designer on my machine. When I do a simple join of two tabels it does not display in the SQL pane as standard syntax, so instead of SELECT a.1 from ainner join b on a.1=b.1It does SELECT a.1from a, bwhere a.1 = b.1I am doing this against an oracle 10g database, it will run the query, but I want the query designer to out put at standard SQLI am presuming that it is a setting in SSBIDS, but I don't know why it is doing this. Any suggestions?

DataAnnotation on multiple user controls displaying on wrong control


I have a table that displays a user control on each row. The user controls are strongly typed to a viewmodel which contains DataAnnotation style validation. If one of the rows has invalid data entered (lets say the 3rd row) the data annotation validates display agains the first row/user control.

How do I get the data annotation to show against the relevant user control?

I'd post a pic to show what I mean except it will not display it!.:/

Using a sharepoint list to populate a form then capture user input


Hi.  New to this forum but looks like a great resource.  I am using MOSS2007, Infopath 2007 and Nintex workflow 2007.

I have a form that will act as a report for each of the operational sites in my company.  Each site receives freight movements on a daily basis and these are on a schedule; I am trying to record the variances to that schedule.  What I have attempted to do is the following:

  • Create a sharepoint list that contains each of the scheduled arrivals per site.
  • Connect to this list in Infopath as a secodary data source.
  • Drop this in to the form as a repeating table.
  • Filter the list of arrivals by using the conditional formatting control on the section, bound to a drop-list where the user specifies the facility/site.

What I am trying to do is present these arrivals and have the user enter an "actual" arrival time next to each, then store the results on submit.  I therefore need to know two things, 1) how to capture an "actual" value for each row in the repeating table (at the moment this is pulled in as an empty field from the list) and 2) how to store the data on submit so it is there when the form is re-opened.

I hope this makes sense, happy to give you any further information that may be required.

Thanks, Matt

SPView query to find if the current user belongs to a Group


HI All,

I´m trying to write a query for a list view that should return all items if the current user belong to a group. If the user doesn´t belongs to this group, no items should be returned.

So far, I could find many equal examples about using the CAML Membership element in a comparison with an AssignetTo field. But not making a comparison between the current user and a specific Sharepoint Group.

Any suggestions, please?


SQL Query for Date Check User Dates



I am using two columns in one table such as StartDate,Enddate.

In asp.net Form two text boxes there. One is StartDate other one EndDate..

When user Click Submit button the Two dates is compare above DataFiled's...


-------- Data Base Values ----------------

StartDate            EndDate


10/09/2010         14/09/2010

16/09/2010         28/09/2010



user send Start Date ' 27/09/2010' and EndDate '30/09/2010'


Now the Query Check Dates Between Userdates avialable in Database....


What I ll do?????


(Note : Opertion only allow the Dates Not Exists in Database Dates)



Sequential workflow with user input in SPD 2007


I'm just getting in to workflows, so I assume this will result in a simple "do this" or "use VS" answer... anyways..

I am looking to create a sequential workflow in SPD 2007 for MOSS 2007 that will basically be a 5+ step approval workflow.  It will start either on-demand or when a new item is created in a list.  The first part will prompt a user to enter one or more reviewers, then the workflow will route the document through the specific reviewers and several static reviewers.  Each person will accept or deny the document, and write comments as necessary.  The only part I am having trouble with is prompting the user for reviewers, and then properly routing the document to those reviewers.  I have tried to collect the data via an initiation parameter, and I have tried to collect it as an action without much luck.  If possible, what’s the best way to do this without resorting to using VS?




ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend