Click here to Skip to main content
12,251,234 members (46,208 online)
   

ASP.NET

 
GeneralRe: Problem with popup confirmation page using ModalExtender Pin
Nafiseh Salmani4-Feb-13 4:30
memberNafiseh Salmani4-Feb-13 4:30 
GeneralRe: Problem with popup confirmation page using ModalExtender Pin
Nafiseh Salmani4-Feb-13 4:53
memberNafiseh Salmani4-Feb-13 4:53 
Questionrelated to itext sharp Pin
Member 97985411-Feb-13 19:31
memberMember 97985411-Feb-13 19:31 
AnswerRe: related to itext sharp Pin
Abhishek Pant1-Feb-13 23:31
memberAbhishek Pant1-Feb-13 23:31 
GeneralRe: related to itext sharp Pin
Member 97985414-Feb-13 19:30
memberMember 97985414-Feb-13 19:30 
GeneralRe: related to itext sharp Pin
Abhishek Pant4-Feb-13 21:36
memberAbhishek Pant4-Feb-13 21:36 
GeneralRe: related to itext sharp Pin
Member 97985416-Feb-13 17:41
memberMember 97985416-Feb-13 17:41 
GeneralRe: related to itext sharp Pin
Abhishek Pant6-Feb-13 18:09
memberAbhishek Pant6-Feb-13 18:09 
GeneralRe: related to itext sharp Pin
Member 97985416-Feb-13 19:21
memberMember 97985416-Feb-13 19:21 
GeneralRe: related to itext sharp Pin
Member 97985416-Feb-13 18:08
memberMember 97985416-Feb-13 18:08 
Answerrelated to itext sharp-iText use for commercial purpose Pin
Abhishek Pant6-Feb-13 19:07
memberAbhishek Pant6-Feb-13 19:07 
AnswerRe: related to itext sharp Pin
Sandeep Mewara2-Feb-13 0:24
mvpSandeep Mewara2-Feb-13 0:24 
QuestionDisplay image using handler.ashx what wrong my code Pin
Michael511931-Jan-13 20:43
memberMichael511931-Jan-13 20:43 
AnswerRe: Display image using handler.ashx what wrong my code Pin
Richard Deeming1-Feb-13 2:17
memberRichard Deeming1-Feb-13 2:17 
Apart from the fact that you're not setting the ContentType[^] of the response, you have a SQL injection vulnerability[^] in your code:
string imageid = context.Request.QueryString["UserID"];
...
new SqlCommand("select UserID,Image FROM Users where UserID=" + imageid, connection);
Anyone with access to your site could call Handler.ashx?UserID=1;DELETE FROM Users;, and your code would happily execute two queries: one to select the image for UserID 1, and one to delete all records from the Users table.

Change your code to use a parameterized query:
public sealed class Handler : IHttpHandler
{
    public void ProcessRequest(HttpContext context)
    {
        string imageid = context.Request.QueryString["UserID"];
        string connectionString = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
 
        // Use "using" blocks to clean up automatically:
        using (SqlConnection connection = new SqlConnection(connectionString))
        using (SqlCommand command = new SqlCommand("SELECT UserID, Image FROM Users WHERE UserID = @UserID", connection))
        {
            // Use a parameterized query to avoid SQL injection:
            command.Parameters.AddWithValue("@UserID", imageid);
 
            connection.Open();
            using (SqlDataReader dr = command.ExecuteReader(CommandBehavior.CloseConnection))
            {
                // The image might not exist!
                if (!dr.Read()) throw new HttpException(404, "Image not found.");
 
                // Add the correct type here:
                context.Response.ContentType = "image/jpeg";
                context.Response.BinaryWrite((byte[])dr[dr.GetOrdinal("Image")]);
            }
        }
    }
 
    public bool IsReusable
    {
        get { return true; }
    }
}



"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer


GeneralRe: Display image using handler.ashx what wrong my code Pin
Michael51191-Feb-13 4:16
memberMichael51191-Feb-13 4:16 
GeneralRe: Display image using handler.ashx what wrong my code Pin
Richard Deeming1-Feb-13 5:36
memberRichard Deeming1-Feb-13 5:36 
GeneralRe: Display image using handler.ashx what wrong my code Pin
Michael51191-Feb-13 5:58
memberMichael51191-Feb-13 5:58 
GeneralRe: Display image using handler.ashx what wrong my code Pin
Michael51191-Feb-13 7:03
memberMichael51191-Feb-13 7:03 
GeneralRe: Display image using handler.ashx what wrong my code Pin
Richard Deeming1-Feb-13 8:12
memberRichard Deeming1-Feb-13 8:12 
GeneralRe: Display image using handler.ashx what wrong my code Pin
Michael51198-Feb-13 20:10
memberMichael51198-Feb-13 20:10 
GeneralRe: Display image using handler.ashx what wrong my code Pin
Richard Deeming11-Feb-13 1:29
memberRichard Deeming11-Feb-13 1:29 
QuestionImagesIn Gridview Pin
Member 941611331-Jan-13 20:13
memberMember 941611331-Jan-13 20:13 
QuestionImporting Excel into Gridview, doesn't import all rows Pin
Craist31-Jan-13 8:29
memberCraist31-Jan-13 8:29 
AnswerRe: Importing Excel into Gridview, doesn't import all rows Pin
Craist31-Jan-13 9:22
memberCraist31-Jan-13 9:22 
QuestionWeb Pages Authentication Pin
Jassim Rahma30-Jan-13 21:22
memberJassim Rahma30-Jan-13 21:22 
AnswerRe: Web Pages Authentication Pin
Rahul Rajat Singh30-Jan-13 22:14
mvpRahul Rajat Singh30-Jan-13 22:14 
QuestionAuthentication with database MVC4 Pin
AghaKhan30-Jan-13 20:44
memberAghaKhan30-Jan-13 20:44 
QuestionAutocomplete List hides behind Grid's horizontal scrollbar Pin
Ponka_developer30-Jan-13 12:01
memberPonka_developer30-Jan-13 12:01 
AnswerRe: Autocomplete List hides behind Grid's horizontal scrollbar Pin
jkirkerx30-Jan-13 12:50
memberjkirkerx30-Jan-13 12:50 
QuestionMVC 4 & jquery Pin
Collin Jasnoch29-Jan-13 4:39
memberCollin Jasnoch29-Jan-13 4:39 
QuestionHow to create and get the user input in alert message in asp.net webservice Pin
Rocky2327-Jan-13 22:22
memberRocky2327-Jan-13 22:22 
AnswerRe: How to create and get the user input in alert message in asp.net webservice Pin
Sandeep Mewara27-Jan-13 23:28
mvpSandeep Mewara27-Jan-13 23:28 
AnswerRe: How to create and get the user input in alert message in asp.net webservice Pin
Ali Al Omairi(Abu AlHassan)28-Jan-13 3:41
memberAli Al Omairi(Abu AlHassan)28-Jan-13 3:41 
GeneralRe: How to create and get the user input in alert message in asp.net webservice Pin
Rocky2328-Jan-13 22:13
memberRocky2328-Jan-13 22:13 
GeneralRe: How to create and get the user input in alert message in asp.net webservice Pin
Ali Al Omairi(Abu AlHassan)28-Jan-13 22:54
memberAli Al Omairi(Abu AlHassan)28-Jan-13 22:54 
AnswerRe: How to create and get the user input in alert message in asp.net webservice Pin
jkirkerx30-Jan-13 12:52
memberjkirkerx30-Jan-13 12:52 
QuestionChange CSS dynamically using javaScript Pin
sonusharma6527-Jan-13 21:36
membersonusharma6527-Jan-13 21:36 
AnswerRe: Change CSS dynamically using javaScript Pin
Sandeep Mewara27-Jan-13 23:24
mvpSandeep Mewara27-Jan-13 23:24 
Questioncapture the signature from signature pad in Web App. Pin
premaa_36@yahoo.co.in27-Jan-13 20:40
memberpremaa_36@yahoo.co.in27-Jan-13 20:40 
AnswerRe: capture the signature from signature pad in Web App. Pin
Sandeep Mewara27-Jan-13 21:08
mvpSandeep Mewara27-Jan-13 21:08 
GeneralRe: capture the signature from signature pad in Web App. Pin
Abhishek Pant27-Jan-13 21:53
memberAbhishek Pant27-Jan-13 21:53 
Questionlogin object in asp.net Pin
Luqman Inam25-Jan-13 0:52
memberLuqman Inam25-Jan-13 0:52 
AnswerRe: login object in asp.net Pin
Sandeep Mewara25-Jan-13 5:03
mvpSandeep Mewara25-Jan-13 5:03 
AnswerRe: login object in asp.net Pin
Rahul Rajat Singh25-Jan-13 19:17
mvpRahul Rajat Singh25-Jan-13 19:17 
QuestionExperience with BootMetro? Pin
Marco Alessandro Bertschi24-Jan-13 23:06
memberMarco Alessandro Bertschi24-Jan-13 23:06 
AnswerRe: Experience with BootMetro? Pin
Abhishek Pant25-Jan-13 10:28
memberAbhishek Pant25-Jan-13 10:28 
Questionsignature capture from signature pad Pin
premaa_36@yahoo.co.in24-Jan-13 17:36
memberpremaa_36@yahoo.co.in24-Jan-13 17:36 
AnswerRe: signature capture from signature pad Pin
Sandeep Mewara25-Jan-13 5:03
mvpSandeep Mewara25-Jan-13 5:03 
AnswerRe: signature capture from signature pad Pin
Abhishek Pant25-Jan-13 9:51
memberAbhishek Pant25-Jan-13 9:51 
QuestionObtaining the SelectedValue of a dropdownlist Pin
Collin Jasnoch24-Jan-13 2:50
memberCollin Jasnoch24-Jan-13 2:50 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.


Advertise | Privacy | Mobile
Web02 | 2.8.160426.1 | Last Updated 4 May 2016
Copyright © CodeProject, 1999-2016
All Rights Reserved. Terms of Service
Layout: fixed | fluid