|
I am looking for some help, I want to add paging in datalist on my client's website, the code is as follows: If you required any other information or need files to review the html and code file please mention
aspx page
<asp:DataList ID="DataList1" runat="server" RepeatColumns="4" RepeatDirection="Horizontal">
<ItemTemplate>
<asp:ImageButton ID="img_product" runat="server" ImageUrl='<%# Eval("it_pic1_s") %>' Height="214px" Width="196px" BorderColor="#E0E0E0" BorderStyle="Solid" BorderWidth="1px" /><br />
<asp:Label ID="lbl_code" runat="server" Text='<%# Eval("it_code") %>' Font-Bold="True"></asp:Label><br />
<asp:Label ID="lbl_name" runat="server" Text='<%# Eval("it_name") %>'></asp:Label><br />
Old Price USD
<asp:Label ID="lbl_old_price" runat="server" Text='<%# Eval("old_price") %>'></asp:Label>/pc
<br />
<strong>New Price USD</strong>
<asp:Label ID="lbl_new_price" runat="server" Text='<%# Eval("new_price") %>' ForeColor="Maroon"></asp:Label>/pc
<br />
<asp:ImageButton ID="img_button" runat="server" ImageUrl="~/images/leather-shop_52.jpg" />
</ItemTemplate>
<SeparatorStyle BackColor="White" BorderColor="White" />
</asp:DataList> </div>
Code file:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
If Not Page.IsPostBack Then
Dim cn1 As New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;data source=" & Server.MapPath("~\App_Data\order_database.mdb"))
Dim varProduct As String
varProduct = "leather jacket"
Dim varQty = 0
Dim query1 = "select it_code, it_name, it_qty, it_pic1_s, old_price, new_price from item_stock where it_keywords LIKE '%" & varProduct & "%' AND it_qty = '" & 1 & "'"
Dim da1 As New OleDbDataAdapter(query1, cn1)
Dim ds1 As New DataSet
da1.Fill(ds1, "item_Stock")
If ds1.Tables(0).Rows().Count() >= 1 Then
Me.DataList1.DataSource = ds1
Me.DataList1.DataBind()
Dim lbl_old_price As Label = CType(FindControl("lbl_old_price"), Label)
Dim lbl_new_price As Label = CType(FindControl("lbl_new_price"), Label)
Dim lbl_code As Label = CType(FindControl("lbl_code"), Label)
Dim lbl_name As Label = CType(FindControl("lbl_name"), Label)
Dim img_product As ImageButton = CType(FindControl("img_product"), ImageButton)
End If
Dim cbrowser = (Request.ServerVariables("http_user_agent"))
Dim clientip = (Request.ServerVariables("remote_addr"))
Dim cdnsip = (Request.ServerVariables("remote_host"))
Dim varCartStatus = "1"
Dim cmda5 As OleDbCommand = New OleDbCommand("Select Count(id) from shopping_cart where client_browser = '" & cbrowser & "' AND client_ip = '" & clientip & "' AND cart_status = '" & varCartStatus & "'", New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("~\App_Data\order_database.mdb")))
cmda5.Connection.Open()
Dim count As Integer
count = cmda5.ExecuteScalar()
If count > 1 Then
Me.lbl_count.Text = "Items[" & count & "]"
Else
Me.lbl_count.Text = "Item[" & count & "]"
End If
cmda5.Connection.Close()
End If
End Sub
|
|
|
|
|
Your code is vulnerable to SQL Injection[^].
NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Public Sub ia()
end sub
i just want to call this function in side javascript code ?
|
|
|
|
|
You would have to put your VB code into a webservice or into something (like a page) that JavaScript can call.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
I have several fieldnames from the database, one form field from markup called ddlPartySize.SelectedValue and one variable from codebehind.
I am trying to form a hyperlink on code behind but getting End of Statement Expected error message.
Any ideas how to resolve this?
Thanks in advance:
Private Sub gvCustomers_RowDataBound(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.GridViewRowEventArgs) Handles gvCustomers.RowDataBound
If e.Row.RowType = DataControlRowType.DataRow Then
Dim hl As HyperLink = CType(e.Row.FindControl("hdReserve"), HyperLink)
If hl IsNot Nothing Then
hl.NavigateUrl = "<%# String.Format("ReserveFacility.aspx?id={0}&groupsize={1}&facilityFees={2}&depoitAmt={3}&cancelAmt={4}&keydeptAmt={5}&extrahour={6}&hoursdiff={7}", CType(Container.DataItem, System.Data.DataRowView)("siteId") , ddlPartySize.SelectedValue,CType(Container.DataItem, System.Data.DataRowView)("RentalFeeAmount"),CType(Container.DataItem, System.Data.DataRowView)("DepositAmount"),CType(Container.DataItem, System.Data.DataRowView)("CancellationAmount"),CType(Container.DataItem, System.Data.DataRowView)("DepositAmount"),CType(Container.DataItem, System.Data.DataRowView)("ExtraHourAmount"),hourDiff %>"
End If
End If
End Sub
I use the code on markup below, it works except hourDiff from ValidateDuration sub on codebehind.
<asp:TemplateField HeaderText="Select" SortExpression="siteid">
<ItemTemplate>
<asp:HyperLink ID="hdReserve" class="js_siteid" AutoPostBack="false" runat="server" Text="Select"
Navigateurl='<%# String.Format("ReserveFacility.aspx?id={0}&groupsize={1}&facilityFees={2}&depoitAmt={3}&cancelAmt={4}&keydeptAmt={5}&extrahour={6}", CType(Container.DataItem, System.Data.DataRowView)("siteId") , ddlPartySize.SelectedValue,CType(Container.DataItem, System.Data.DataRowView)("RentalFeeAmount"),CType(Container.DataItem, System.Data.DataRowView)("DepositAmount"),CType(Container.DataItem, System.Data.DataRowView)("CancellationAmount"),CType(Container.DataItem, System.Data.DataRowView)("DepositAmount"),CType(Container.DataItem, System.Data.DataRowView)("ExtraHourAmount")) %>' />
</ItemTemplate>
</asp:TemplateField>
|
|
|
|
|
I expect you need to escape some quotes, but that's just a guess.
|
|
|
|
|
You have a combination of incorrect quotes and a missing closing parenthesis.
Try something like this:
<asp:TemplateField HeaderText="Select" SortExpression="siteid">
<ItemTemplate>
<asp:HyperLink ID="hdReserve" class="js_siteid" AutoPostBack="false" runat="server" Text="Select"
NavigateUrl='<%# String.Format("ReserveFacility.aspx?id={0}&groupsize={1}&facilityFees={2}&depoitAmt={3}&cancelAmt={4}&keydeptAmt={5}&extrahour={6}&hoursdiff={7}", CType(Container.DataItem, System.Data.DataRowView)("siteId") , ddlPartySize.SelectedValue, CType(Container.DataItem, System.Data.DataRowView)("RentalFeeAmount"), CType(Container.DataItem, System.Data.DataRowView)("DepositAmount"), CType(Container.DataItem, System.Data.DataRowView)("CancellationAmount"), CType(Container.DataItem, System.Data.DataRowView)("DepositAmount"), CType(Container.DataItem, System.Data.DataRowView)("ExtraHourAmount"), hourDiff) %>'
/>
</ItemTemplate>
</asp:TemplateField>
If you're using .NET 4.5, you can simplify that code by using a strongly-typed data control[^]. Just add ItemType="System.Data.DataRowView" to your data-bound control, and then replace each instance of:
CType(Container.DataItem, System.Data.DataRowView)("...")
with:
Item("...")
If you're using an earlier version, you could still make the code easier to read by using Eval :
Eval("...")
However, that will perform very slightly slower - you'd need to run some performance tests on your code to see if the difference was a problem.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Hi Richard, *always* fantastic to hear from you.
That ValidateDuration sub is actually yours you helped me out with sometime last year.
Just a refresher, here it is again:
Protected Sub ValidateDuration(ByVal sender As Object, ByVal args As ServerValidateEventArgs)
Dim validator As Control = DirectCast(sender, Control)
Dim row As Control = validator.NamingContainer
Dim startHour As Integer = Integer.Parse(DirectCast(row.FindControl("startHour"), DropDownList).SelectedValue)
Dim startMinutes As Integer = Integer.Parse(DirectCast(row.FindControl("startMinutes"), DropDownList).SelectedValue)
Dim startAmPm As String = DirectCast(row.FindControl("startAmPm"), DropDownList).SelectedValue
Select Case startAmPm
Case "AM"
If True Then
If startHour = 12 Then
startHour = 0
End If
Exit Select
End If
Case "PM"
If True Then
If startHour <> 12 Then
startHour += 12
End If
Exit Select
End If
Case Else
If True Then
args.IsValid = True
Return
End If
End Select
Dim endHour As Integer = Integer.Parse(DirectCast(row.FindControl("endHour"), DropDownList).SelectedValue)
Dim endMinutes As Integer = Integer.Parse(DirectCast(row.FindControl("endMinutes"), DropDownList).SelectedValue)
Dim endAmPm As String = DirectCast(row.FindControl("endAmPm"), DropDownList).SelectedValue
Select Case endAmPm
Case "AM"
If True Then
If endHour = 12 Then
endHour = 0
End If
Exit Select
End If
Case "PM"
If True Then
If endHour <> 12 Then
endHour += 12
End If
Exit Select
End If
Case Else
If True Then
args.IsValid = True
Return
End If
End Select
hourDiff = endHour - startHour
If endMinutes < startMinutes Then
hourDiff -= 1
End If
'Response.Write(hourDiff)
'Response.End()
args.IsValid = hourDiff >= 4
End Sub
I moved hourDiff definiation at class level outside the sub so I can append the value of it to hyperlink control id of hpReserve.
Just having a couple of problems doing so.
One, as you can see, the hourDiff is not a database field. So, I can't use eval(...).
So, it is giving an error that hourDiff is unaccessible.
Second, I keep getting ValidateDuration is undefined when using it to ensure that a minimum of 4 hours is selected.
Any thoughts?
|
|
|
|
|
OK, so it's this thread[^] from back in July?
If you make the hourDiff a public or protected field, it should be available to the data-binding code. However, it won't be populated until the custom validator has run, which isn't going to happen until the user has selected the start and end hours and posted them back to the server.
In this case, building the NavigateUrl on the server isn't going to work. You're going to need some javascript to update the URL on the client.
Start with the fixed elements which you know on the server:
<asp:HyperLink ID="hdReserve" class="js_siteid" runat="server" Text="Select"
NavigateUrl='<%# String.Format("ReserveFacility.aspx?id={0}&facilityFees={1}&depoitAmt={2}&cancelAmt={3}&keydeptAmt={4}&extrahour={5}", Eval("siteId"), Eval("RentalFeeAmount"), Eval("DepositAmount"), Eval("CancellationAmount"), Eval("DepositAmount"), Eval("ExtraHourAmount")) %>'
/>
Then add some javascript to modify the URL when the controls change. Something like this should work:
$(function(){
var parseTime = function(container, prefix){
var hour = parseInt(container.find("select[name$=" + prefix + "Hour]").val(), 10);
var minutes = parseInt(container.find("select[name$=" + prefix + "Minutes]").val(), 10);
var amPm = container.find("select[name$=" + prefix + "AmPm]").val();
switch (amPm) {
case "AM": {
if (hour === 12) { hour = 0; }
break;
}
case "PM": {
if (hour !== 12) { hour += 12; }
break;
}
default: {
return null;
}
}
return { hour: hour, minutes: minutes };
};
$("a.js_siteid").each(function(){
var me = $(this);
var row = me.closest("tr");
var baseUrl = me.attr("href");
row.on("change", "select[name$=ddlPartySize], select[name$=Hour], select[name$=Minutes], select[name$=AmPm]", function(){
var url = baseUrl;
var groupSize = row.find("select[name$=ddlPartySize]").val();
if (groupSize) { url += "&groupsize=" + encodeURIComponent(groupSize); }
var startTime = parseTime(row, "start");
var endTime = parseTime(row, "end");
if (startTime && endTime){
var hourDiff = endTime.hour - startTime.hour;
if (endTime.minutes < startTime.minutes) { hourDiff--; }
url += "&hoursdiff=" + hourDiff.toString();
}
me.attr("href", url);
});
});
});
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Thanks so much sir but there is a little problem though and I suspected we would have this problem as soon as I saw your solution but I wanted to try it anyway.
First, the hyperlink doesn't become exposed to the javascript until after the search button is clicked.
Then it becomes available.
Right now, the groupsize and the hoursdiff do not show up on the hyperlink.
Many thanks sir.
|
|
|
|
|
I can't see anything in the code you've posted relating to a search button, or hiding the hyperlink.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
You are correct sir, my bad.
As stated, the code I posted there and the js version of it were created by you and they worked great.
The issue started when users of the app indicated that they would also like to warn users that there is a set fee for 4 hours use of their facility.
If they went over the 4 hour limit, there would additional fees.
As a result, I just managed, with some googling, to modify your script slightly to come up with the code below:
<script type="text/javascript">
$(window).load(function () {
$("#txtFromDate").datepicker();
$('#timeStart').timepicker({ showPeriod: true,
onHourShow: OnHourShowCallback,
onMinuteShow: OnMinuteShowCallback
});
$("#txtToDate").datepicker();
$('#timeEnd').timepicker({ showPeriod: true,
onHourShow: OnHourShowCallback,
onMinuteShow: OnMinuteShowCallback
});
function OnHourShowCallback(hour) {
if ((hour > 20) || (hour < 6)) {
return false;
}
return true;
}
function OnMinuteShowCallback(hour, minute) {
if ((hour == 20) && (minute >= 30)) { return false; }
if ((hour == 6) && (minute < 30)) { return false; }
return true;
}
$('#btnSearch').on('click', function () {
var sDate = $("#txtFromDate").val();
var sTime = $("#timeStart").val();
var eDate = $("#txtToDate").val();
var eTime = $("#timeEnd").val();
var startDate = new Date(sDate + " " + sTime).getHours();
var endDate = new Date(eDate + " " + eTime).getHours();
var hourDiff = endDate - startDate;
if (hourDiff < 4) {
var r = false; $($("<div>A mininum of 4 hours is required!</div>")).dialog({ closeOnEscape: false, resizable: false, modal: true, open: function (event, ui) { $(".ui-dialog-titlebar-close").hide(); }, buttons: { Close: function () { r = false; $(this).dialog("close"); } }, close: function () { return r; } });
return false;
}
if (hourDiff > 4) {
var r = confirm("There may be additional fees for going over the 4 hours!");
if (r == true) {
return true;
} else {
return false;
}
}
});
});
</script>
This code worked a treat.
However, the users said that if a user goes over the allocated 4 hours, then they need to know how many hours are over 4 hours and multiply that by the set overage fee of $89.00.
So when a user clicks the link, to be redirected to ReserveFacility.aspx, the total overage hours and associated fees must be passed to that page as well.
As it stands right now, you can't see the link until you click the btnSearch button.
So, the calculation has to be done after the hyperlink is visible and I struggled with this for so long that I just remembered there is vb version and that's the one I posted above.
If I can resolve the issue of ValidateDuration is undefined error that happens when I use it below:
<asp:CustomValidator ID="CustomValidator1" runat="server"
ControlToValidate="endHour"
ErrorMessage="A minimum of four hours is required."
Text="*"
SetFocusOnError="True"
OnServerValidate="ValidateDuration"
ClientValidationFunction="ValidateDuration" />
then I will be glad to stay with the vb instead of the js. The js seems overly complicated for me.
|
|
|
|
|
samflex wrote: If I can resolve the issue of ValidateDuration is undefined error that happens when I use it below:
That sounds like a script error to me.
Don't forget that Javascript is case-sensitive - if you copied the code from my post in July, the ClientValidationFunction needs to be "validateDuration ", with a lower-case "v".
samflex wrote: So when a user clicks the link, to be redirected to ReserveFacility.aspx, the total overage hours and associated fees must be passed to that page as well.
Won't you also need to pass the start and end dates/times to the ReserveFacility.aspx page?
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
At this point, no requirements for passing the start and end dates.
However, if that changes, it will be pretty easy to pass them to ReserveFacility.aspx page.
I can pass them as form fields as opposed to hourDiff which is a javascript variable.
|
|
|
|
|
But if you can pass the start and end dates/times as form fields, then you could re-calculate the hourDiff on the server side.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Great idea!
Thank you sir.
|
|
|
|
|
i was reading article on web security from this url http:
the person so if any action method return data in json format for get request then malicious user can do CSRF. he suggested if stop delivering json data for get request then bad people can not hijack our json.
my question is if hacker drop a jquery script which make a ajax post request then also json will be delivered to client. so please tell me after reading that article that what the person is trying to say like deliver json for post request that will be invulnerable. because auth cookie goes at the time of get & post method too. help me to understand how to stop JSON Hijacking and also why author is saying post is secure than get?
tbhattacharjee
|
|
|
|
|
|
i search google for my above question but not getting a single web site which will discuss all common and dangerous attach happen for web site and how to secure them. most of site is talking about XSS attach , CSRF & sql injection but i love to know other attack name as a result i can read and understand about those attack and solution to close those hole for a web site.
so if anyone knows any website address then please share the link which discuss about various attack and their solution.
tbhattacharjee
|
|
|
|
|
OWASP[^] is a good place to start.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Sir Richard MacCutchan I wasn't able to post my reply in that thread that is why I am posting here.
That I have done. But the problem is that the user can fetch data in many ways like filling just one text box or two or three or more than three text boxes.
What I have in mind is that i check all options like if text box 1 and text box 2 is not null
select * from emp where id is text box 1 and number is text box 2
or if text box 1 and text box 2 and text box 3 is not empty
perform this query
can you please help me out if there is any alternate way to perform this operation.
|
|
|
|
|
I already explained to you how to do it in my last reply. I don't understand what more you need. Check each box in turn, if it is null continue checking. If it is not null add its search expression to the command string. And use proper parameterized queries, not concatenated strings.
|
|
|
|
|
Okay gotcha Thank you Sir.
|
|
|
|
|
I have a page with calendar and textbox.
when I select a date from calendar the selected date is stored in textbox.text.
I have another page where data is displayed in gridview in pageload.
I want to access data where expiry date is textbox1.text. I am getting error in adap.fill(ds) section with data type miss match exception.
|
|
|
|
|
You'll need to fix the error.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|