I have a problem when accommodating a response.write to a .cshtml view in ASP.NET mvc5

Question

1.00/5 (1 vote)

See more:

This is my model

C#

public class Registro1
{

    public int id { get; set; }
    public string nombre { get; set; }
    public string appaterno { get; set; }
    public string apmaterno { get; set; }
    public string correo { get; set; }
    public string usuario { get; set; }
    public string clave { get; set; }
  public string Imagen { get; set; }
  //public byte[] Imagen { get; set; }
    public string idrol { get; set; }


    public string lineainvestigacion { get; set; }
    public string correoi { get; set; }
    public int telefonoof { get; set; }
    public double telefonop { get; set; }
    public int extension { get; set; }
    public string ciudadr { get; set; }


}

This is my controller

C#

public ActionResult VistaPerfil(Registro1 rg)
{


    connectionString();

    con.Open();
    com.Connection = con;
    com.CommandText = "select Nombre from registro where usuario='" + rg.usuario + "'";

    SqlDataReader dr;
    try
    {

        dr = com.ExecuteReader();


        while (dr.Read() == true)
        {


            rg.nombre = dr["Nombre"].ToString();



            Response.Write(rg.nombre);
        }

        con.Close();

        return View("../Home/Perfil");
    }
    catch (Exception es)
    {

        con.Close();
        Response.Write("<script>alert('Perfil no visto =(')</script>");
        return View("../Home/Perfil");

        throw es;


    }
}

this is the code of my profile view.cshtml

Razor

e<form action="VistaPerfil" method="post">
        <div class="row">



            <div class="col-md-4">
                <div class="profile-img">
                    <img src="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcS52y5aInsxSm31CvHOFHWujqUx_wWTS9iM6s7BAm21oEN_RiGoog" alt="" />
                    <div class="file btn btn-lg btn-primary">
                        Cambiar foto
                        <input type="file" name="file" />
                    </div>
                </div>
            </div>
            <!--nombre del usuario-->
            <div class="form-group">
                <div class="col-sm-9">
                    <input type="hidden" id="Usuario" name="usuario" placeholder="" class="form-control" value="@(User.Identity.IsAuthenticated ? HttpContext.Current.User.Identity.Name : "Guest")">
                </div>
            </div>



            <div class="col-md-6">

                <div class="profile-head">

                    <h5>


                        Nombre: @(User.Identity.IsAuthenticated ? HttpContext.Current.User.Identity.Name : "Guest")



                    </h5><p>

                        <input type="text" class="sinborde" name="nombre" id="nombre" value="">







                        <!-- <h6>Web Developer and Designer</h6>-->
                        <br>
                        <button type="submit" class="btn btn-primary btn-block">Ver datos</button>


                    <p class="proile-rating">RANKINGS : <span>8/10</span></p>
                    <ul class="nav nav-tabs" id="myTab" role="tablist">
                        <li class="nav-item">
                            <a class="nav-link active" id="home-tab" data-toggle="tab" href="#home" role="tab" aria-controls="home" aria-selected="true">About</a>
                        </li>
                        <li class="nav-item">
                            <a class="nav-link" id="profile-tab" data-toggle="tab" href="#profile" role="tab" aria-controls="profile" aria-selected="false">Timeline</a>
                        </li>
                    </ul>

                </div>

            </div>



            <div class="col-md-2">
                <input type="submit" class="profile-edit-btn" name="btnAddMore" value="Edit Profile" />
            </div>
        </div>
        <div class="row">
            <div class="col-md-4">
                <div class="profile-work">
                    <p>WORK LINK</p>
                    <a href="">Website Link</a><br />
                    <a href="">Bootsnipp Profile</a><br />
                    <a href="">Bootply Profile</a>
                    <p>SKILLS</p>
                    <a href="">Web Designer</a><br />
                    <a href="">Web Developer</a><br />
                    <a href="">WordPress</a><br />
                    <a href="">WooCommerce</a><br />
                    <a href="">PHP, .Net</a><br />
                </div>
            </div>
            <div class="col-md-8">
                <div class="tab-content profile-tab" id="myTabContent">
                    <div class="tab-pane fade show active" id="home" role="tabpanel" aria-labelledby="home-tab">
                        <div class="row">
                            <div class="col-md-6">
                                <label>User Id</label>
                            </div>
                            <div class="col-md-6">
                                <p>Kshiti123</p>
                            </div>
                        </div>
                        <div class="row">
                            <div class="col-md-6">
                                <label>Name</label>
                            </div>
                            <div class="col-md-6">
                                <p>Kshiti Ghelani</p>
                            </div>
                        </div>
                        <div class="row">
                            <div class="col-md-6">
                                <label>Email</label>
                            </div>
                            <div class="col-md-6">
                                <p>kshitighelani@gmail.com</p>
                            </div>
                        </div>
                        <div class="row">
                            <div class="col-md-6">
                                <label>Phone</label>
                            </div>
                            <div class="col-md-6">
                                <p>123 456 7890</p>
                            </div>
                        </div>
                        <div class="row">
                            <div class="col-md-6">
                                <label>Profession</label>
                            </div>
                            <div class="col-md-6">
                                <p>Web Developer and Designer</p>
                            </div>
                        </div>
                    </div>
                    <div class="tab-pane fade" id="profile" role="tabpanel" aria-labelledby="profile-tab">
                        <div class="row">
                            <div class="col-md-6">
                                <label>Experience</label>
                            </div>
                            <div class="col-md-6">
                                <p>Expert</p>
                            </div>
                        </div>
                        <div class="row">
                            <div class="col-md-6">
                                <label>Hourly Rate</label>
                            </div>
                            <div class="col-md-6">
                                <p>10$/hr</p>
                            </div>
                        </div>
                        <div class="row">
                            <div class="col-md-6">
                                <label>Total Projects</label>
                            </div>
                            <div class="col-md-6">
                                <p>230</p>
                            </div>
                        </div>
                        <div class="row">
                            <div class="col-md-6">
                                <label>English Level</label>
                            </div>
                            <div class="col-md-6">
                                <p>Expert</p>
                            </div>
                        </div>
                        <div class="row">
                            <div class="col-md-6">
                                <label>Availability</label>
                            </div>
                            <div class="col-md-6">
                                <p>6 months</p>
                            </div>
                        </div>
                        <div class="row">
                            <div class="col-md-12">
                                <label>Your Bio</label><br />
                                <p>Your detail description</p>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </div>
        </form>

What I have tried:

at the moment of sending to call the response.write from my controller in my Profile view.cshtml it shows it to me but up to the top,

here the error is shown in my view

I would like to know if there is any way to accommodate the reponse.write in a specific place in my page view or some variant to be able to do it for example show my data in a textbox

Posted 28-Apr-21 5:04am

Lalo Miguel

Updated 28-Apr-21 21:44pm

Richard Deeming

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard Deeming · Answer 1 · 2021-04-28T21:44:00

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

Beyond that, don't use Response.Write to send data to the response. As you have discovered, the text you write will be send before the HTML generated by the view. And if you think about it, that's entirely expected - your code has no way of knowing that you want the text to be inserted at some point within your view, nor where you would want to insert it. Instead, pass the details to your view as part of the model, or within the ViewBag dictionary, and output the required values within the view.