Search Results

Search found 36719 results on 1469 pages for 'value chain'.

Page 767/1469 | < Previous Page | 763 764 765 766 767 768 769 770 771 772 773 774  | Next Page >

• [Scala] Using overloaded, typed methods on a collection

  - by stephanos

  I'm quite new to Scala and struggling with the following: I have database objects (type of BaseDoc) and value objects (type of BaseVO). Now there are multiple convert methods (all called 'convert') that take an instance of an object and convert it to the other type accordingly. For example: def convert(doc: ClickDoc): ClickVO = doc match { case null => null case _ => val result = new ClickVO result.x = doc.x result.y = doc.y result } Now I sometimes need to convert a list of objects. How would I do this - I tried: def convert[D <: MyBaseDoc, V <: BaseVO](docs: List[D]):List[V] = docs match { case List() => List() case xs => xs.map(doc => convert(doc)) } Which results in 'overloaded method value convert with alternatives ...'. I tried to add manifest information to it, but couldn't make it work. I couldn't even create one method for each because it'd say that they have the same parameter type after type erasure (List). Ideas welcome!

  Read the article

• CSS Style Firefox/Safari/Chrome

  - by patrick

  hi, i have a problem with css differences between browsers. i have a simple input textfield an a submit button. the should be arranged. with webkit (safari/webkit) everything looks fine but firefox doesnt do it. does anyone have an idea whats wrong? i have written a little test html page: <html> <head> <style type="text/css"> #input { background: none repeat scroll 0 0 white; border-color: #DCDCDC; border-style: solid; border-width: 1px 0 1px 1px; font: 13px "Lucida Grande",Arial,Sans-serif; margin: 0; padding: 5px 5px 5px 15px; width: 220px; outline-width: 0; height: 30px; } #submit { background: none repeat scroll 0 0 white; border: 1px solid #DCDCDC; font: 13px "Lucida Grande",Arial,Sans-serif; margin: 0; outline-width: 0; height: 30px; padding: 5px 10px; } </style> </head> <body> <input id="input" type="text" value="" /><input id="submit" type="button" value="Add" /> </body> </html>

  Read the article

• load different images for each item on the listbox

  - by user161179

  Javascript: function changeMap() { imagesource = "http://maps.google.com/maps/api/staticmap?size=500x500&maptype=hybrid&zoom=16&sensor=false&markers=color:blue|label:K|28.541250,77.204100" ; mapimage.src = imagesource ; } Html code : <select name="choose_colony" id="choose_colony" size="8" onchange="changeMap()" style="float: left;"> <option value="1" >Big apartments</option> . . <option value="999">plaza</option> </select> <img name="mapimage" src="" alt="Select your Colony" style="float: right;"> In this whenever a selection on the listbox is made changeMap is called and an image is loaded. What I want is for a different image to be loaded everytime depending upon the option selected . there will be over 2000 entries in the listbox. Considering this what is the best way of going about this ? I can figure out the if/then part , but my main question is whether its ok to put all the 2000 long image addresses in the html file itself ? I hope I was clear ..

  Read the article

• Assigning a 2D array (of pointers) to a variable in an object for access in C++?

  - by MrMormon

  I'm sorry if I didn't pick a descriptive or concise name. A lot of questions sound similar, but I haven't been able to find what I'm looking for. What I want to do is store a 2D array of pointers somewhere and assign a variable in some object to that array to be able to access it. Here's some example code that has the same compile error I'm getting with a bigger project. #include <iostream> using namespace std; struct X{ float * b[8][8]; X(){ *(b[1][5]) = 1; cout << *(b[1][5]) << endl; } void Set(float * c[8][8]){ b = c; cout << *(b[1][5]) << endl; } }; main(){ float * a[8][8]; *(a[1][5]) = 2; X obj; obj.Set(a); } What I want to happen in this code is that an X object starts with its own 2D array, whose value pointed to by b[1][5] should be printed as "1". Then the main method's 2D array, a, is passed to the object's Set() method and assigned to its array variable. The value pointed to by b[1][5] should then be printed as "2". However, I can't figure out what type the Set() parameter, c, should be. I get error: incompatible types in assignment of ‘float* (*)[8]’ to ‘float* [8][8]’ when I try to compile. As for why I want to do this, I'm trying to use an array of pointers to objects, not floats, but it's the same error.

  Read the article

• C# return and display syntax issue

  - by thatdude

  I am having trouble passing the return value from TheMethod() to Main and displaying the word if the if statement is passed as true. I have thought of two ways of doing this, neither has worked but I think I am missing synatx. Using a return ?; non void method and then displaying the returned value. Using a void method and actually writing out(example below) So yes I am new at this, however I have made so many iterations everything is blending together and I have forgot what I have tried. Any help on the syntax be great for either of these ways. Basically I need it to iterate numbers 1,2,3,4 and depending on if the current iteration matches an expression in the if statements it will display a word. Example: if (3 = i) { Console.WriteLine("Word"); } Code: using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; namespace Proj5 { class Program { int i = 0; static void Main(int i) { for (i = 0; i < 101; i++) { Console.WriteLine("test"); } } string TheMethod(int i) { string f = "Word1"; string b = "Word2"; if (i == 3) { return f; } if (i == 5) { return b; } if (0 == (i % 3)) { return f; } if (0 == i % 5) { return b; } else { return b; } } } }

  Read the article

• why won't background change in firefox but it will in ie

  - by rod

  <%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title></title> <link id="csslink" href="Handler.ashx" rel="stylesheet" type="text/css" /> </head> <body> <form id="form1" runat="server"> <div> <input id="Button1" type="button" value="Blue" /> <input id="Button2" type="button" value="Red" /> </div> </form> <script type="text/javascript"> var pageDefault = { btn1: document.getElementById('Button1'), btn2: document.getElementById('Button2'), csslink: document.getElementById('csslink'), init: function() { this.btn1.onclick = function() { pageDefault.csslink.href = "Handler.ashx?id=1"; } this.btn2.onclick = function() { pageDefault.csslink.href = "Handler.ashx?id=2"; } } } pageDefault.init(); </script> </body> </html> Here's the ashx ProcessRequest public void ProcessRequest(HttpContext context) { context.Response.ContentType = "text/plain"; var id = context.Request.QueryString["id"]; if (id == "1") { context.Response.Write(@" body { background: Blue; } "); } else if (id == "2") { context.Response.Write(@" body { background: Red; } "); } else { } }

  Read the article

• How to find "y" values of the already estimated monotone function of the non-monotone regression curve corresponding to the original "x" points?

  - by parenthesis

  The title sounds complicated but that is what I am looking for. Focus on the picture. ## data x <- c(1.009648,1.017896,1.021773,1.043659,1.060277,1.074578,1.075495,1.097086,1.106268,1.110550,1.117795,1.143573,1.166305,1.177850,1.188795,1.198032,1.200526,1.223329,1.235814,1.239068,1.243189,1.260003,1.262732,1.266907,1.269932,1.284472,1.307483,1.323714,1.326705,1.328625,1.372419,1.398703,1.404474,1.414360,1.415909,1.418254,1.430865,1.431476,1.437642,1.438682,1.447056,1.456152,1.457934,1.457993,1.465968,1.478041,1.478076,1.485995,1.486357,1.490379,1.490719) y <- c(0.5102649,0.0000000,0.6360097,0.0000000,0.8692671,0.0000000,1.0000000,0.0000000,0.4183691,0.8953987,0.3442624,0.0000000,0.7513169,0.0000000,0.0000000,0.0000000,0.0000000,0.1291901,0.4936121,0.7565551,1.0085108,0.0000000,0.0000000,0.1655482,0.0000000,0.1473168,0.0000000,0.0000000,0.0000000,0.1875293,0.4918018,0.0000000,0.0000000,0.8101771,0.6853480,0.0000000,0.0000000,0.0000000,0.0000000,0.4068802,1.1061434,0.0000000,0.0000000,0.0000000,0.0000000,0.0000000,0.0000000,0.0000000,0.0000000,0.0000000,0.6391678) fit1 <- c(0.5102649100,0.5153380934,0.5177234836,0.5255544980,0.5307668662,0.5068087080,0.5071001179,0.4825657520,0.4832969250,0.4836378194,0.4842147729,0.5004039310,0.4987301366,0.4978800742,0.4978042478,0.4969807064,0.5086987191,0.4989497612,0.4936121200,0.4922210302,0.4904593166,0.4775197108,0.4757040857,0.4729265271,0.4709141776,0.4612406896,0.4459316517,0.4351338346,0.4331439717,0.4318664278,0.3235179189,0.2907908968,0.1665721429,0.1474035158,0.1443999345,0.1398517097,0.1153991839,0.1142140393,0.1022584672,0.1002410843,0.0840033244,0.0663669309,0.0629119398,0.0627979240,0.0473336492,0.0239237481,0.0238556876,0.0084990298,0.0077970954,0.0000000000,-0.0006598571) fit2 <- c(-0.0006598571,0.0153328298,0.0228511733,0.0652889427,0.0975108758,0.1252414661,0.1270195143,0.1922510501,0.2965234797,0.3018551305,0.3108761043,0.3621749370,0.4184150225,0.4359301495,0.4432114081,0.4493565757,0.4510158144,0.4661865431,0.4744926045,0.4766574718,0.4796937554,0.4834718810,0.4836125426,0.4839450098,0.4841092849,0.4877317306,0.4930561638,0.4964939389,0.4970089201,0.4971376528,0.4990394601,0.5005881678,0.5023814257,0.5052125977,0.5056691690,0.5064254338,0.5115481820,0.5117259449,0.5146054557,0.5149729419,0.5184178197,0.5211542908,0.5216215426,0.5216426533,0.5239797875,0.5273573222,0.5273683002,0.5293994824,0.5295130266,0.5306236672,0.5307303109) ## picture plot(x, y) ## red regression curve points(x, fit1, col=2); lines(x, fit1, col=2) ## blue monotonic curve to the regression points(min(x) + cumsum(c(0, rev(diff(x)))), rev(fit2), col="blue"); lines(min(x) + cumsum(c(0, rev(diff(x)))), rev(fit2), col="blue") ## "x" original point matches with the regression estimated point ## but not with the estimated (fit2=estimate) monotonic curve abline(v=1.223329, lty=2, col="grey") Focus on the dashed grey line. The idea is to get y value of the monotonic blue curve corresponding to x original value. The grey line should cross three points (the original one "black", the regression estimate "red", the adjusted regression estimate "blue"). Can we do this? Methodology: The object "fit2" is the output of the function rearrangement(). It is always monotonically increasing. library(Rearrangement) fit2 <- rearrangement(x=as.data.frame(x), y=fit1)

  Read the article

• How to detect if a RGB is fully transparent?

  - by omega

  In java, I want to make a fully transparent RGBA, and I do that by using public static int getTransparentRGB() { int r = 0; int g = 0; int b = 0; int a = 0; int new_pixel = (a << 24) | (r << 16) | (g << 8) | b; return new_pixel; } Color color = new Color(getTransparentRGB()); System.out.println(color.getAlpha()); // -> 255 ?! I purposely keep all rgba values 0. However after I create the Color object with the rgba value as the constructor, if I call .getAlpha(), I get 255 even though I made the rgb value with a 0 alpha. If it returns 255, how could I tell the difference between a Color object that wasn't transparent, because that would also have a 255 alpha. I expect the color object to return a 0 alpha based on the function above. Does anyone know whats going on? Thanks

  Read the article

• form.has_errors tag not working

  - by John

  Hello, Im using Django 1.2.3. I have login functionality in my site using django.contrib.auth.views.login. The user is able to login after entering correct username and password. But, form.has_errors is not working i.e. if the login credentials entered are incorrect i dont see the error message. My login.html in templates/registration is as follows : <html> <head> <title>Login</title> </head> <body> <h1>User Login</h1> {% if form.has_errors %} <p>Your username and password didn't match. Please try again.</p> {% endif %} <form method="post" action="."> {% csrf_token %} <p><label for="id_username">Username:</label> {{ form.username }}</p> <p><label for="id_password">Password:</label> {{ form.password }}</p> <input type="hidden" name="next" value="/" /> <input type="submit" value="login" /> </form> </body> </html> Any way to fix this problem? Please Help Thank You.

  Read the article

• Checking if a function has C-linkage at compile-time [unsolvable]

  - by scjohnno

  Is there any way to check if a given function is declared with C-linkage (that is, with extern "C") at compile-time? I am developing a plugin system. Each plugin can supply factory functions to the plugin-loading code. However, this has to be done via name (and subsequent use of GetProcAddress or dlsym). This requires that the functions be declared with C-linkage so as to prevent name-mangling. It would be nice to be able to throw a compiler error if the referred-to function is declared with C++-linkage (as opposed to finding out at runtime when a function with that name does not exist). Here's a simplified example of what I mean: extern "C" void my_func() { } void my_other_func() { } // Replace this struct with one that actually works template<typename T> struct is_c_linkage { static const bool value = true; }; template<typename T> void assertCLinkage(T *func) { static_assert(is_c_linkage<T>::value, "Supplied function does not have C-linkage"); } int main() { assertCLinkage(my_func); // Should compile assertCLinkage(my_other_func); // Should NOT compile } Is there a possible implementation of is_c_linkage that would throw a compiler error for the second function, but not the first? I'm not sure that it's possible (though it may exist as a compiler extension, which I'd still like to know of). Thanks.

  Read the article

• Save Cookies, Then Open Link in New Tab

  - by speedplane

  I have some javascript code that saves a cookie. However, if after saving the cookie, the user opens a new tab, it appears that the cookie is not saved. The new tab is on the same domain. Here is my cookie setting/getting code: function setCookie(c_name,value,exdays) { var exdate=new Date(); exdate.setDate(exdate.getDate() + exdays); var c_value=escape(value) + ((exdays==null) ? "" : "; expires="+exdate.toUTCString()); document.cookie=c_name + "=" + c_value; } function getCookie(c_name) { var i,x,y,ARRcookies=document.cookie.split(";"); for (i=0;i<ARRcookies.length;i++) { x=ARRcookies[i].substr(0,ARRcookies[i].indexOf("=")); y=ARRcookies[i].substr(ARRcookies[i].indexOf("=")+1); x=x.replace(/^\s+|\s+$/g,""); if (x==c_name) { return unescape(y); } } } If some javascript calls setCookie('mycookie', 1) and then the user clicks on a link where the _target is set to _blank, the cookie does not load in the new tab. So getCookie('mycookie') will not return 1. What is the problem here?

  Read the article

• Drupal 7 - I can't pass post data in module function

  - by user2603290

  I can't pass post data in my custom module. filenames: mymodule.info mymodule.mod .info name = My Module description = My custom module. package = DEV version = 1.0 core = 7.x .module <?php function mymodule_menu() { $items = array(); $items['getcountries'] = array( 'title' => 'Get Countries', 'page callback' => 'getcountries', 'access arguments' => array('access content'), 'type' => MENU_CALLBACK, ); $items['getstates'] = array( 'title' => 'Get States', 'page callback' => 'getstates', 'access arguments' => array('access content'), 'type' => MENU_CALLBACK, ); return $items; } function getcountries() { $result = db_query("select distinct(country) from region"); $jsonarray = Array(); foreach ($result as $record) { $jsonarray[] = array( 'item' => $record->country, 'value' => $record->country ); } $json = json_encode($jsonarray); echo $json; } function getstates() { echo $_POST["test"]; } Ajax call $(document).ready(function(){ $.ajax({ url: '/getstates', type: 'POST', data: '{"test":"1"}', success : function () { alert('ok'); }, error : function (jqXHR, textStatus, errorThrown) { alert('error'); } }); }); The first item "getcountries" is working fine however the second one is not. I can browse to http://mysite.com/getstates ok but when I call this function using ajax it is not passing the value of "test" which is "1" to $_POST["test"]. I am new to Drupal so I am positive that I miss something here. I thought I need a new set of eyes.

  Read the article

• List of values as keys for a Map

  - by thr

  I have lists of variable length where each item can be one of four unique, that I need to use as keys for another object in a map. Assume that each value can be either 0, 1, 2 or 3 (it's not integer in my real code, but a lot easier to explain this way) so a few examples of key lists could be: [1, 0, 2, 3] [3, 2, 1] [1, 0, 0, 1, 1, 3] [2, 3, 1, 1, 2] [1, 2] So, to re-iterate: each item in the list can be either 0, 1, 2 or 3 and there can be any number of items in a list. My first approach was to try to hash the contents of the array, using the built in GetHashCode() in .NET to combine the hash of each element. But since this would return an int I would have to deal with collisions manually (two equal int values are identical to a Dictionary). So my second approach was to use a quad tree, breaking down each item in the list into a Node that has four pointers (one for each possible value) to the next four possible values (with the root node representing [], an empty list), inserting [1, 0, 2] => Foo, [1, 3] => Bar and [1, 0] => Baz into this tree would look like this: Grey nodes nodes being unused pointers/nodes. Though I worry about the performance of this setup, but there will be no need to deal with hash collisions and the tree won't become to deep (there will mostly be lists with 2-6 items stored, rarely over 6). Is there some other magic way to store items with lists of values as keys that I have missed?

  Read the article

• Putting cursor into dynamically added input fields with jQuery

  - by Sandoichi

  I wrote a script that allows users to click onto a table cell and edit the value with jQuery. Basically, when they click the cell, the HTML in the cell gets replaced with an input box and any text that was previously in the cell gets added to the input. My issue is that whenever they click on the cell, the input doesn't get focused and they have to click a second time to put the cursor in. I have tried a bunch of selectors with .focus() to try and put the cursor in but I'm not having any luck. Here is the function that gets called when the user clicks on a cell: function edit_cell() { if($(this).hasClass('edit_box')) if(!$(this).hasClass('editable')){ $(this).addClass('editable'); string = $(this).text(); $(this).html("<input type='text' value='" + string + "'/>"); } } Also, is there a way to make the size of the input box relative to the width of the cell it gets added too? I don't know how to relate the size attribute to the width for the cell...and it is driving me crazy!

  Read the article

• Windows File I/O Reading

  - by eyeanand

  Currently working on open/read images in VC++. Some examples i came across on the internet use Windows.h I/O routines like ReadFile...but there seems to be inconsistency in there declaration. Here's what i have got. //So i have this function to load file BYTE* LoadFile ( int* width, int* height, long* size, LPCWSTR bmpfile ) { BITMAPFILEHEADER bmpheader; BITMAPINFOHEADER bmpinfo; DWORD bytesread = 0; HANDLE file = CreateFile ( bmpfile , GENERIC_READ, FILE_SHARE_READ,NULL, OPEN_EXISTING, FILE_FLAG_SEQUENTIAL_SCAN, NULL ); if ( NULL == file ) return NULL; if ( ReadFile ( file, &bmpheader, sizeof ( BITMAPFILEHEADER ),&bytesread, NULL ) == false ) { CloseHandle ( file ); return NULL; } . . . return appropriate value; } Now the ReadFile API function is declared as follows in WinBase.h WINBASEAPI BOOL WINAPI ReadFile( In HANDLE hFile, Out LPVOID lpBuffer, In DWORD nNumberOfBytesToRead, _Out_opt_ LPDWORD lpNumberOfBytesRead, _Inout_opt_ LPOVERLAPPED lpOverlapped ); And in MSDN examples... They call this function like this. ReadFile(hFile, chBuffer, BUFSIZE, &dwBytesRead, NULL) Which expects that "bytesRead" is sort of out parameter. so it gives me number of bytes read. But in my code ..it is giving error message. 'ReadFile' : cannot convert parameter 4 from 'LPDWORD *' to 'LPDWORD' so i just initialized bytesRead to 0 and passed by value.( which is wrong..but just to check if it works ). then it gives this exception Unhandled exception at 0x774406ae in ImProc.exe: 0xC0000005: Access violation writing location 0x00000000. Kindly suggest . Kindly tell if any code i missed out....including while forming the question itself. Thanks.

  Read the article

• jquery find element next to another

  - by Thiganofx

  Hi I have the following html: <p> <input type="text" name="field2" /> <input type="hidden" name="fieldh2"/> <button type="button" class="sendInfo">Send</button> </p> What I want is that when user clicks the button, I need to send using ajax the contents of the field field. This is what i'm trying to do with no success. $(function() { $('button.sendInfo').live('click', function() { var id = $(this).parent().next('[type=text]').val(); alert(id); }); }); I plan to set what the user types in textbox to the hidden field, and the value received from the ajax call to normal textbox. But the problem is that i can´t even get the value of the textbox that is in the same line as the button the user clicks. Can anyone help me? Thanks a lot.

  Read the article

• [PHP] Associating a Function to Fire on session_start()?

  - by user317808

  Hi, I've searched the web but haven't been able to find a solution to the following challenge: I'd like to somehow associate a function that executes when session_start is called independent of the page session_start is called in. The function is intended to restore constants I've stored in $_SESSION using get_defined_constants() so that they're available again to any PHP page. This seems so straightforward to me but I'm pretty sure the PHP Session extension doesn't support the registration of user-defined events. I was wondering if anyone might have insight into this issue so I can either figure out the solution or stop trying. Ideally, I'd like to just register the function at run-time like so: $constants = get_defined_constants(); $_SESSION["constants"] = $constants["user"]; function event_handler () { foreach ($_SESSION["constants"] as $key => $value) { define($key, $value); } } register_handler("session_start", "event_handler"); So in any webpage, I could just go: session_start(); and all my constants would be available again. Any help would be greatly appreciated.

  Read the article

• How to open a chat window in sender and receiver side [on hold]

  - by DEEPS

  When i am trying to send a message from sender the chat window is always opening in senders side instead of receiver side.so please give a correct code to display chat box in both side. (HTML 5, JAVASCRIPT,JQUERY). This is client side code: //Send private message function sendPvtMsg(data) { var pvtmsg = data; socket.emit('message',JSON.stringify({msg: 'pvtMsg', data: { from: userName, to: toChat, pvtmsg: data }}),roomId); } socket.on('message',function(data) { var command = JSON.parse(data); var itemName = command.msg; var rec_data = command.data.message; var sender = command.data.name; //Receive message from server if (itemName == "message") { document.getElementById("chat").value += sender + " : " + rec_data + "\n"; } //Receive private message else if (itemName == "pvtMsg") { var to = command.data.to; var from = command.data.from; //To display message to sender and receiver if (userName == to || userName == from) { var pvtmsg = command.data.pvtmsg; document.getElementById("chat").value += from + "( to " + to + ")" + " : " + pvtmsg + "\n"; } } function createChatBox(chatboxtitle,minimizeChatBox) { if ($("#chatbox_"+chatboxtitle).length > 0) { if ($("#chatbox_"+chatboxtitle).css('display') == 'none') { $("#chatbox_"+chatboxtitle).css('display','block'); restructureChatBoxes(); } $("#chatbox_"+chatboxtitle+" .chatboxtextarea").focus(); return; }

  Read the article

• javascript form reset function not working

  - by daniel

  <form name="mysqlDetails"> <label class="text">url:</label><input id="url" type="text" name="url"/><br/> <label class="text">country:</label><input id="country" type="text" name="country"/><br/> ... <input type="button" id="button" value="save" onclick="ajax.insert('mysqlDetails')"/> <input type="reset" id="clear" value="clear"/> <input type="checkbox" id="autoclear"/><label>autoclear</label> </form> function autoclear(frm){ if(document.forms[frm].getElementById('autoclear').checked==true){ document.forms[frm].reset(); document.forms[frm].getElementById('autoclear').checked=true; } } this.connect=function(frm){ if (isFirefox() && firefoxVersion() >= 3) { httpReq.onload = check; } else { httpReq.onreadystatechange = check; } httpReq.open('GET',url(frm),false); httpReq.send(null); autoclear(frm); } js is located in external file. executing form reset with an non-external file function works fine. why?

  Read the article

• Disable a control inside a gridview

  - by saeed talaee

  Hi i want to disable link-bottoms control in a grid view with the condition of a special value . for example if the count for a row become 0 ,the link bottom for that row should be invisible . what should i do? where should i write the code? here is cod that i write in row command grid view but it works only of i push the link bottom!! but i want to apply this cod to my page before loading. please guide me int idx = Convert.ToInt32(e.CommandArgument); idx = idx - (GridView1.PageSize * GridView1.PageIndex); int ID = (int)GridView1.DataKeys[idx].Value; string connStr = ConfigurationManager.ConnectionStrings["dbconn"].ConnectionString; SqlConnection sqlconn = new SqlConnection(connStr); SqlCommand sqlcmd = new SqlCommand(); sqlcmd = new SqlCommand("SELECT count(ID) FROM ReviwerArticle where ArticleID=@ArticleID", sqlconn); sqlcmd.Parameters.AddWithValue("@ArticleID", ID); sqlconn.Open(); int count = ((int)sqlcmd.ExecuteScalar()); sqlconn.Close(); if (count == 0) { ((LinkButton)GridView1.Rows[idx].Cells[0].FindControl("LinkButton4") as LinkButton).Visible = false; }

  Read the article

• [JavaScript] Function making a slight miscalculation.

  - by Stanni

  Hi, To begin with, I have a database that holds map data for a game I am creating. A script on my page uses JSON to retrieve a certain amount of that data from the database and store it in an array. When the data is retrieved it goes through a function that finds out how many individual tiles are used in that particular area. Here is the code: var xmlhttp = new XMLHttpRequest; xmlhttp.onreadystatechange = function(){ if(xmlhttp.readyState == 4){ var map = JSON.parse(xmlhttp.responseText); var mapTiles = new Array; for(var count = 0; count < map.length; count ++){ if(map[count]){ if(map[count]['tile'] in mapTiles == false){ mapTiles.push(map[count]['tile']); } } } alert(mapTiles); } } For each time the script finds a tile number that isn't already in the mapTiles array it adds it to it. Currently, the script is fetching 1024 records that all but one contain the tile value of '1' the other of which contains the tile value of '2'. This means that when I alert the mapTiles array it should display "1, 2" but instead it displays "1, 1, 2". So there is a slight error in the script but I cannot find it.

  Read the article

• Receive Ajax and display output in a Photo?

  - by user1709469

  how to Receive Ajax and display output in a Photo? Images should be displayed inside the div tag After each of Bayer text, change the text to change the photo content The photos displayed are written in the form Thanks this code <script> function AjaxRequest() { var xmlhttp = null; if (window.XMLHttpRequest) { // code for IE7+, Firefox, Chrome, Opera, Safari xmlhttp = new XMLHttpRequest(); } // else // code for IE6, IE5 return xmlhttp; } function ajaxAction() { var font_category = document.getElementById("ajaxField").value; var xmlHttp = AjaxRequest(); xmlHttp.open("POST" , "ajax.php?message=" + message , true); xmlHttp.onreadystatechange = function() { if(xmlHttp.readyState == 1) response.innerHTML = "Loading..."; if (xmlHttp.readyState == 4 && xmlHttp.status == 200) response.innerHTML = xmlHttp.responseText; } xmlHttp.send(null); } </script> <textarea id="ajaxField12" name="message" rows="2" cols="20" value="Send" onchange="javascript:ajaxAction();"> </textarea> <div id="ajaxResponse" height="42" width="42"> </div>

  Read the article

• .NET WebRequest.PreAuthenticate not quite what it sounds like

  - by Rick Strahl

  I’ve run into the  problem a few times now: How to pre-authenticate .NET WebRequest calls doing an HTTP call to the server – essentially send authentication credentials on the very first request instead of waiting for a server challenge first? At first glance this sound like it should be easy: The .NET WebRequest object has a PreAuthenticate property which sounds like it should force authentication credentials to be sent on the first request. Looking at the MSDN example certainly looks like it does: http://msdn.microsoft.com/en-us/library/system.net.webrequest.preauthenticate.aspx Unfortunately the MSDN sample is wrong. As is the text of the Help topic which incorrectly leads you to believe that PreAuthenticate… wait for it - pre-authenticates. But it doesn’t allow you to set credentials that are sent on the first request. What this property actually does is quite different. It doesn’t send credentials on the first request but rather caches the credentials ONCE you have already authenticated once. Http Authentication is based on a challenge response mechanism typically where the client sends a request and the server responds with a 401 header requesting authentication. So the client sends a request like this: GET /wconnect/admin/wc.wc?_maintain~ShowStatus HTTP/1.1 Host: rasnote User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 4.0.20506) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en,de;q=0.7,en-us;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive and the server responds with: HTTP/1.1 401 Unauthorized Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 WWW-Authenticate: basic realm=rasnote" X-AspNet-Version: 2.0.50727 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM WWW-Authenticate: Basic realm="rasnote" X-Powered-By: ASP.NET Date: Tue, 27 Oct 2009 00:58:20 GMT Content-Length: 5163 plus the actual error message body. The client then is responsible for re-sending the current request with the authentication token information provided (in this case Basic Auth): GET /wconnect/admin/wc.wc?_maintain~ShowStatus HTTP/1.1 Host: rasnote User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 4.0.20506) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en,de;q=0.7,en-us;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: TimeTrakker=2HJ1998WH06696; WebLogCommentUser=Rick Strahl|http://www.west-wind.com/|[email protected]; WebStoreUser=b8bd0ed9 Authorization: Basic cgsf12aDpkc2ZhZG1zMA== Once the authorization info is sent the server responds with the actual page result. Now if you use WebRequest (or WebClient) the default behavior is to re-authenticate on every request that requires authorization. This means if you look in  Fiddler or some other HTTP client Proxy that captures requests you’ll see that each request re-authenticates: Here are two requests fired back to back: and you can see the 401 challenge, the 200 response for both requests. If you watch this same conversation between a browser and a server you’ll notice that the first 401 is also there but the subsequent 401 requests are not present. WebRequest.PreAuthenticate And this is precisely what the WebRequest.PreAuthenticate property does: It’s a caching mechanism that caches the connection credentials for a given domain in the active process and resends it on subsequent requests. It does not send credentials on the first request but it will cache credentials on subsequent requests after authentication has succeeded: string url = "http://rasnote/wconnect/admin/wc.wc?_maintain~ShowStatus"; HttpWebRequest req = HttpWebRequest.Create(url) as HttpWebRequest; req.PreAuthenticate = true; req.Credentials = new NetworkCredential("rick", "secret", "rasnote"); req.AuthenticationLevel = System.Net.Security.AuthenticationLevel.MutualAuthRequested; req.UserAgent = ": Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 4.0.20506)"; WebResponse resp = req.GetResponse(); resp.Close(); req = HttpWebRequest.Create(url) as HttpWebRequest; req.PreAuthenticate = true; req.Credentials = new NetworkCredential("rstrahl", "secret", "rasnote"); req.AuthenticationLevel = System.Net.Security.AuthenticationLevel.MutualAuthRequested; req.UserAgent = ": Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 4.0.20506)"; resp = req.GetResponse(); which results in the desired sequence: where only the first request doesn’t send credentials. This is quite useful as it saves quite a few round trips to the server – bascially it saves one auth request request for every authenticated request you make. In most scenarios I think you’d want to send these credentials this way but one downside to this is that there’s no way to log out the client. Since the client always sends the credentials once authenticated only an explicit operation ON THE SERVER can undo the credentials by forcing another login explicitly (ie. re-challenging with a forced 401 request). Forcing Basic Authentication Credentials on the first Request On a few occasions I’ve needed to send credentials on a first request – mainly to some oddball third party Web Services (why you’d want to use Basic Auth on a Web Service is beyond me – don’t ask but it’s not uncommon in my experience). This is true of certain services that are using Basic Authentication (especially some Apache based Web Services) and REQUIRE that the authentication is sent right from the first request. No challenge first. Ugly but there it is. Now the following works only with Basic Authentication because it’s pretty straight forward to create the Basic Authorization ‘token’ in code since it’s just an unencrypted encoding of the user name and password into base64. As you might guess this is totally unsecure and should only be used when using HTTPS/SSL connections (i’m not in this example so I can capture the Fiddler trace and my local machine doesn’t have a cert installed, but for production apps ALWAYS use SSL with basic auth). The idea is that you simply add the required Authorization header to the request on your own along with the authorization string that encodes the username and password: string url = "http://rasnote/wconnect/admin/wc.wc?_maintain~ShowStatus"; HttpWebRequest req = HttpWebRequest.Create(url) as HttpWebRequest; string user = "rick"; string pwd = "secret"; string domain = "www.west-wind.com"; string auth = "Basic " + Convert.ToBase64String(System.Text.Encoding.Default.GetBytes(user + ":" + pwd)); req.PreAuthenticate = true; req.AuthenticationLevel = System.Net.Security.AuthenticationLevel.MutualAuthRequested;req.Headers.Add("Authorization", auth); req.UserAgent = ": Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 4.0.20506)"; WebResponse resp = req.GetResponse(); resp.Close(); This works and causes the request to immediately send auth information to the server. However, this only works with Basic Auth because you can actually create the authentication credentials easily on the client because it’s essentially clear text. The same doesn’t work for Windows or Digest authentication since you can’t easily create the authentication token on the client and send it to the server. Another issue with this approach is that PreAuthenticate has no effect when you manually force the authentication. As far as Web Request is concerned it never sent the authentication information so it’s not actually caching the value any longer. If you run 3 requests in a row like this: string url = "http://rasnote/wconnect/admin/wc.wc?_maintain~ShowStatus"; HttpWebRequest req = HttpWebRequest.Create(url) as HttpWebRequest; string user = "ricks"; string pwd = "secret"; string domain = "www.west-wind.com"; string auth = "Basic " + Convert.ToBase64String(System.Text.Encoding.Default.GetBytes(user + ":" + pwd)); req.PreAuthenticate = true; req.Headers.Add("Authorization", auth); req.UserAgent = ": Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 4.0.20506)"; WebResponse resp = req.GetResponse(); resp.Close(); req = HttpWebRequest.Create(url) as HttpWebRequest; req.PreAuthenticate = true; req.Credentials = new NetworkCredential(user, pwd, domain); req.UserAgent = ": Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 4.0.20506)"; resp = req.GetResponse(); resp.Close(); req = HttpWebRequest.Create(url) as HttpWebRequest; req.PreAuthenticate = true; req.Credentials = new NetworkCredential(user, pwd, domain); req.UserAgent = ": Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 4.0.20506)"; resp = req.GetResponse(); you’ll find the trace looking like this: where the first request (the one we explicitly add the header to) authenticates, the second challenges, and any subsequent ones then use the PreAuthenticate credential caching. In effect you’ll end up with one extra 401 request in this scenario, which is still better than 401 challenges on each request. Getting Access to WebRequest in Classic .NET Web Service Clients If you’re running a classic .NET Web Service client (non-WCF) one issue with the above is how do you get access to the WebRequest to actually add the custom headers to do the custom Authentication described above? One easy way is to implement a partial class that allows you add headers with something like this: public partial class TaxService { protected NameValueCollection Headers = new NameValueCollection(); public void AddHttpHeader(string key, string value) { this.Headers.Add(key,value); } public void ClearHttpHeaders() { this.Headers.Clear(); } protected override WebRequest GetWebRequest(Uri uri) { HttpWebRequest request = (HttpWebRequest) base.GetWebRequest(uri); request.Headers.Add(this.Headers); return request; } } where TaxService is the name of the .NET generated proxy class. In code you can then call AddHttpHeader() anywhere to add additional headers which are sent as part of the GetWebRequest override. Nice and simple once you know where to hook it. For WCF there’s a bit more work involved by creating a message extension as described here: http://weblogs.asp.net/avnerk/archive/2006/04/26/Adding-custom-headers-to-every-WCF-call-_2D00_-a-solution.aspx. FWIW, I think that HTTP header manipulation should be readily available on any HTTP based Web Service client DIRECTLY without having to subclass or implement a special interface hook. But alas a little extra work is required in .NET to make this happen Not a Common Problem, but when it happens… This has been one of those issues that is really rare, but it’s bitten me on several occasions when dealing with oddball Web services – a couple of times in my own work interacting with various Web Services and a few times on customer projects that required interaction with credentials-first services. Since the servers determine the protocol, we don’t have a choice but to follow the protocol. Lovely following standards that implementers decide to ignore, isn’t it? :-}© Rick Strahl, West Wind Technologies, 2005-2010Posted in .NET  CSharp  Web Services  

  Read the article

• .NET HTML Sanitation for rich HTML Input

  - by Rick Strahl

  Recently I was working on updating a legacy application to MVC 4 that included free form text input. When I set up the new site my initial approach was to not allow any rich HTML input, only simple text formatting that would respect a few simple HTML commands for bold, lists etc. and automatically handles line break processing for new lines and paragraphs. This is typical for what I do with most multi-line text input in my apps and it works very well with very little development effort involved. Then the client sprung another note: Oh by the way we have a bunch of customers (real estate agents) who need to post complete HTML documents. Oh uh! There goes the simple theory. After some discussion and pleading on my part (<snicker>) to try and avoid this type of raw HTML input because of potential XSS issues, the client decided to go ahead and allow raw HTML input anyway. There has been lots of discussions on this subject on StackOverFlow (and here and here) but to after reading through some of the solutions I didn't really find anything that would work even closely for what I needed. Specifically we need to be able to allow just about any HTML markup, with the exception of script code. Remote CSS and Images need to be loaded, links need to work and so. While the 'legit' HTML posted by these agents is basic in nature it does span most of the full gamut of HTML (4). Most of the solutions XSS prevention/sanitizer solutions I found were way to aggressive and rendered the posted output unusable mostly because they tend to strip any externally loaded content. In short I needed a custom solution. I thought the best solution to this would be to use an HTML parser - in this case the Html Agility Pack - and then to run through all the HTML markup provided and remove any of the blacklisted tags and a number of attributes that are prone to JavaScript injection. There's much discussion on whether to use blacklists vs. whitelists in the discussions mentioned above, but I found that whitelists can make sense in simple scenarios where you might allow manual HTML input, but when you need to allow a larger array of HTML functionality a blacklist is probably easier to manage as the vast majority of elements and attributes could be allowed. Also white listing gets a bit more complex with HTML5 and the new proliferation of new HTML tags and most new tags generally don't affect XSS issues directly. Pure whitelisting based on elements and attributes also doesn't capture many edge cases (see some of the XSS cheat sheets listed below) so even with a white list, custom logic is still required to handle many of those edge cases. The Microsoft Web Protection Library (AntiXSS) My first thought was to check out the Microsoft AntiXSS library. Microsoft has an HTML Encoding and Sanitation library in the Microsoft Web Protection Library (formerly AntiXSS Library) on CodePlex, which provides stricter functions for whitelist encoding and sanitation. Initially I thought the Sanitation class and its static members would do the trick for me,but I found that this library is way too restrictive for my needs. Specifically the Sanitation class strips out images and links which rendered the full HTML from our real estate clients completely useless. I didn't spend much time with it, but apparently I'm not alone if feeling this library is not really useful without some way to configure operation. To give you an example of what didn't work for me with the library here's a small and simple HTML fragment that includes script, img and anchor tags. I would expect the script to be stripped and everything else to be left intact. Here's the original HTML:var value = "<b>Here</b> <script>alert('hello')</script> we go. Visit the " + "<a href='http://west-wind.com'>West Wind</a> site. " + "<img src='http://west-wind.com/images/new.gif' /> " ; and the code to sanitize it with the AntiXSS Sanitize class:@Html.Raw(Microsoft.Security.Application.Sanitizer.GetSafeHtmlFragment(value)) This produced a not so useful sanitized string: Here we go. Visit the <a>West Wind</a> site. While it removed the <script> tag (good) it also removed the href from the link and the image tag altogether (bad). In some situations this might be useful, but for most tasks I doubt this is the desired behavior. While links can contain javascript: references and images can 'broadcast' information to a server, without configuration to tell the library what to restrict this becomes useless to me. I couldn't find any way to customize the white list, nor is there code available in this 'open source' library on CodePlex. Using Html Agility Pack for HTML Parsing The WPL library wasn't going to cut it. After doing a bit of research I decided the best approach for a custom solution would be to use an HTML parser and inspect the HTML fragment/document I'm trying to import. I've used the HTML Agility Pack before for a number of apps where I needed an HTML parser without requiring an instance of a full browser like the Internet Explorer Application object which is inadequate in Web apps. In case you haven't checked out the Html Agility Pack before, it's a powerful HTML parser library that you can use from your .NET code. It provides a simple, parsable HTML DOM model to full HTML documents or HTML fragments that let you walk through each of the elements in your document. If you've used the HTML or XML DOM in a browser before you'll feel right at home with the Agility Pack. Blacklist based HTML Parsing to strip XSS Code For my purposes of HTML sanitation, the process involved is to walk the HTML document one element at a time and then check each element and attribute against a blacklist. There's quite a bit of argument of what's better: A whitelist of allowed items or a blacklist of denied items. While whitelists tend to be more secure, they also require a lot more configuration. In the case of HTML5 a whitelist could be very extensive. For what I need, I only want to ensure that no JavaScript is executed, so a blacklist includes the obvious <script> tag plus any tag that allows loading of external content including <iframe>, <object>, <embed> and <link> etc. <form>  is also excluded to avoid posting content to a different location. I also disallow <head> and <meta> tags in particular for my case, since I'm only allowing posting of HTML fragments. There is also some internal logic to exclude some attributes or attributes that include references to JavaScript or CSS expressions. The default tag blacklist reflects my use case, but is customizable and can be added to. Here's my HtmlSanitizer implementation:using System.Collections.Generic; using System.IO; using System.Xml; using HtmlAgilityPack; namespace Westwind.Web.Utilities { public class HtmlSanitizer { public HashSet<string> BlackList = new HashSet<string>() { { "script" }, { "iframe" }, { "form" }, { "object" }, { "embed" }, { "link" }, { "head" }, { "meta" } }; /// <summary> /// Cleans up an HTML string and removes HTML tags in blacklist /// </summary> /// <param name="html"></param> /// <returns></returns> public static string SanitizeHtml(string html, params string[] blackList) { var sanitizer = new HtmlSanitizer(); if (blackList != null && blackList.Length > 0) { sanitizer.BlackList.Clear(); foreach (string item in blackList) sanitizer.BlackList.Add(item); } return sanitizer.Sanitize(html); } /// <summary> /// Cleans up an HTML string by removing elements /// on the blacklist and all elements that start /// with onXXX . /// </summary> /// <param name="html"></param> /// <returns></returns> public string Sanitize(string html) { var doc = new HtmlDocument(); doc.LoadHtml(html); SanitizeHtmlNode(doc.DocumentNode); //return doc.DocumentNode.WriteTo(); string output = null; // Use an XmlTextWriter to create self-closing tags using (StringWriter sw = new StringWriter()) { XmlWriter writer = new XmlTextWriter(sw); doc.DocumentNode.WriteTo(writer); output = sw.ToString(); // strip off XML doc header if (!string.IsNullOrEmpty(output)) { int at = output.IndexOf("?>"); output = output.Substring(at + 2); } writer.Close(); } doc = null; return output; } private void SanitizeHtmlNode(HtmlNode node) { if (node.NodeType == HtmlNodeType.Element) { // check for blacklist items and remove if (BlackList.Contains(node.Name)) { node.Remove(); return; } // remove CSS Expressions and embedded script links if (node.Name == "style") { if (string.IsNullOrEmpty(node.InnerText)) { if (node.InnerHtml.Contains("expression") || node.InnerHtml.Contains("javascript:")) node.ParentNode.RemoveChild(node); } } // remove script attributes if (node.HasAttributes) { for (int i = node.Attributes.Count - 1; i >= 0; i--) { HtmlAttribute currentAttribute = node.Attributes[i]; var attr = currentAttribute.Name.ToLower(); var val = currentAttribute.Value.ToLower(); span style="background: white; color: green">// remove event handlers if (attr.StartsWith("on")) node.Attributes.Remove(currentAttribute); // remove script links else if ( //(attr == "href" || attr== "src" || attr == "dynsrc" || attr == "lowsrc") && val != null && val.Contains("javascript:")) node.Attributes.Remove(currentAttribute); // Remove CSS Expressions else if (attr == "style" && val != null && val.Contains("expression") || val.Contains("javascript:") || val.Contains("vbscript:")) node.Attributes.Remove(currentAttribute); } } } // Look through child nodes recursively if (node.HasChildNodes) { for (int i = node.ChildNodes.Count - 1; i >= 0; i--) { SanitizeHtmlNode(node.ChildNodes[i]); } } } } } Please note: Use this as a starting point only for your own parsing and review the code for your specific use case! If your needs are less lenient than mine were you can you can make this much stricter by not allowing src and href attributes or CSS links if your HTML doesn't allow it. You can also check links for external URLs and disallow those - lots of options.  The code is simple enough to make it easy to extend to fit your use cases more specifically. It's also quite easy to make this code work using a WhiteList approach if you want to go that route. The code above is semi-generic for allowing full featured HTML fragments that only disallow script related content. The Sanitize method walks through each node of the document and then recursively drills into all of its children until the entire document has been traversed. Note that the code here uses an XmlTextWriter to write output - this is done to preserve XHTML style self-closing tags which are otherwise left as non-self-closing tags. The sanitizer code scans for blacklist elements and removes those elements not allowed. Note that the blacklist is configurable either in the instance class as a property or in the static method via the string parameter list. Additionally the code goes through each element's attributes and looks for a host of rules gleaned from some of the XSS cheat sheets listed at the end of the post. Clearly there are a lot more XSS vulnerabilities, but a lot of them apply to ancient browsers (IE6 and versions of Netscape) - many of these glaring holes (like CSS expressions - WTF IE?) have been removed in modern browsers. What a Pain To be honest this is NOT a piece of code that I wanted to write. I think building anything related to XSS is better left to people who have far more knowledge of the topic than I do. Unfortunately, I was unable to find a tool that worked even closely for me, or even provided a working base. For the project I was working on I had no choice and I'm sharing the code here merely as a base line to start with and potentially expand on for specific needs. It's sad that Microsoft Web Protection Library is currently such a train wreck - this is really something that should come from Microsoft as the systems vendor or possibly a third party that provides security tools. Luckily for my application we are dealing with a authenticated and validated users so the user base is fairly well known, and relatively small - this is not a wide open Internet application that's directly public facing. As I mentioned earlier in the post, if I had my way I would simply not allow this type of raw HTML input in the first place, and instead rely on a more controlled HTML input mechanism like MarkDown or even a good HTML Edit control that can provide some limits on what types of input are allowed. Alas in this case I was overridden and we had to go forward and allow *any* raw HTML posted. Sometimes I really feel sad that it's come this far - how many good applications and tools have been thwarted by fear of XSS (or worse) attacks? So many things that could be done *if* we had a more secure browser experience and didn't have to deal with every little script twerp trying to hack into Web pages and obscure browser bugs. So much time wasted building secure apps, so much time wasted by others trying to hack apps… We're a funny species - no other species manages to waste as much time, effort and resources as we humans do :-) Resources Code on GitHub Html Agility Pack XSS Cheat Sheet XSS Prevention Cheat Sheet Microsoft Web Protection Library (AntiXss) StackOverflow Links: http://stackoverflow.com/questions/341872/html-sanitizer-for-net http://blog.stackoverflow.com/2008/06/safe-html-and-xss/ http://code.google.com/p/subsonicforums/source/browse/trunk/SubSonic.Forums.Data/HtmlScrubber.cs?r=61© Rick Strahl, West Wind Technologies, 2005-2012Posted in Security  HTML  ASP.NET  JavaScript   Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

  Read the article

• Using jQuery to Insert a New Database Record

  - by Stephen Walther

  The goal of this blog entry is to explore the easiest way of inserting a new record into a database using jQuery and .NET. I’m going to explore two approaches: using Generic Handlers and using a WCF service (In a future blog entry I’ll take a look at OData and WCF Data Services). Create the ASP.NET Project I’ll start by creating a new empty ASP.NET application with Visual Studio 2010. Select the menu option File, New Project and select the ASP.NET Empty Web Application project template. Setup the Database and Data Model I’ll use my standard MoviesDB.mdf movies database. This database contains one table named Movies that looks like this: I’ll use the ADO.NET Entity Framework to represent my database data: Select the menu option Project, Add New Item and select the ADO.NET Entity Data Model project item. Name the data model MoviesDB.edmx and click the Add button. In the Choose Model Contents step, select Generate from database and click the Next button. In the Choose Your Data Connection step, leave all of the defaults and click the Next button. In the Choose Your Data Objects step, select the Movies table and click the Finish button. Unfortunately, Visual Studio 2010 cannot spell movie correctly :) You need to click on Movy and change the name of the class to Movie. In the Properties window, change the Entity Set Name to Movies. Using a Generic Handler In this section, we’ll use jQuery with an ASP.NET generic handler to insert a new record into the database. A generic handler is similar to an ASP.NET page, but it does not have any of the overhead. It consists of one method named ProcessRequest(). Select the menu option Project, Add New Item and select the Generic Handler project item. Name your new generic handler InsertMovie.ashx and click the Add button. Modify your handler so it looks like Listing 1: Listing 1 – InsertMovie.ashx using System.Web; namespace WebApplication1 { /// <summary> /// Inserts a new movie into the database /// </summary> public class InsertMovie : IHttpHandler { private MoviesDBEntities _dataContext = new MoviesDBEntities(); public void ProcessRequest(HttpContext context) { context.Response.ContentType = "text/plain"; // Extract form fields var title = context.Request["title"]; var director = context.Request["director"]; // Create movie to insert var movieToInsert = new Movie { Title = title, Director = director }; // Save new movie to DB _dataContext.AddToMovies(movieToInsert); _dataContext.SaveChanges(); // Return success context.Response.Write("success"); } public bool IsReusable { get { return true; } } } } In Listing 1, the ProcessRequest() method is used to retrieve a title and director from form parameters. Next, a new Movie is created with the form values. Finally, the new movie is saved to the database and the string “success” is returned. Using jQuery with the Generic Handler We can call the InsertMovie.ashx generic handler from jQuery by using the standard jQuery post() method. The following HTML page illustrates how you can retrieve form field values and post the values to the generic handler: Listing 2 – Default.htm <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Add Movie</title> <script src="http://ajax.microsoft.com/ajax/jquery/jquery-1.4.2.js" type="text/javascript"></script> </head> <body> <form> <label>Title:</label> <input name="title" /> <br /> <label>Director:</label> <input name="director" /> </form> <button id="btnAdd">Add Movie</button> <script type="text/javascript"> $("#btnAdd").click(function () { $.post("InsertMovie.ashx", $("form").serialize(), insertCallback); }); function insertCallback(result) { if (result == "success") { alert("Movie added!"); } else { alert("Could not add movie!"); } } </script> </body> </html>     When you open the page in Listing 2 in a web browser, you get a simple HTML form: Notice that the page in Listing 2 includes the jQuery library. The jQuery library is included with the following SCRIPT tag: <script src="http://ajax.microsoft.com/ajax/jquery/jquery-1.4.2.js" type="text/javascript"></script> The jQuery library is included on the Microsoft Ajax CDN so you can always easily include the jQuery library in your applications. You can learn more about the CDN at this website: http://www.asp.net/ajaxLibrary/cdn.ashx When you click the Add Movie button, the jQuery post() method is called to post the form data to the InsertMovie.ashx generic handler. Notice that the form values are serialized into a URL encoded string by calling the jQuery serialize() method. The serialize() method uses the name attribute of form fields and not the id attribute. Notes on this Approach This is a very low-level approach to interacting with .NET through jQuery – but it is simple and it works! And, you don’t need to use any JavaScript libraries in addition to the jQuery library to use this approach. The signature for the jQuery post() callback method looks like this: callback(data, textStatus, XmlHttpRequest) The second parameter, textStatus, returns the HTTP status code from the server. I tried returning different status codes from the generic handler with an eye towards implementing server validation by returning a status code such as 400 Bad Request when validation fails (see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html ). I finally figured out that the callback is not invoked when the textStatus has any value other than “success”. Using a WCF Service As an alternative to posting to a generic handler, you can create a WCF service. You create a new WCF service by selecting the menu option Project, Add New Item and selecting the Ajax-enabled WCF Service project item. Name your WCF service InsertMovie.svc and click the Add button. Modify the WCF service so that it looks like Listing 3: Listing 3 – InsertMovie.svc using System.ServiceModel; using System.ServiceModel.Activation; namespace WebApplication1 { [ServiceBehavior(IncludeExceptionDetailInFaults=true)] [ServiceContract(Namespace = "")] [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)] public class MovieService { private MoviesDBEntities _dataContext = new MoviesDBEntities(); [OperationContract] public bool Insert(string title, string director) { // Create movie to insert var movieToInsert = new Movie { Title = title, Director = director }; // Save new movie to DB _dataContext.AddToMovies(movieToInsert); _dataContext.SaveChanges(); // Return movie (with primary key) return true; } } }   The WCF service in Listing 3 uses the Entity Framework to insert a record into the Movies database table. The service always returns the value true. Notice that the service in Listing 3 includes the following attribute: [ServiceBehavior(IncludeExceptionDetailInFaults=true)] You need to include this attribute if you want to get detailed error information back to the client. When you are building an application, you should always include this attribute. When you are ready to release your application, you should remove this attribute for security reasons. Using jQuery with the WCF Service Calling a WCF service from jQuery requires a little more work than calling a generic handler from jQuery. Here are some good blog posts on some of the issues with using jQuery with WCF: http://encosia.com/2008/06/05/3-mistakes-to-avoid-when-using-jquery-with-aspnet-ajax/ http://encosia.com/2008/03/27/using-jquery-to-consume-aspnet-json-web-services/ http://weblogs.asp.net/scottgu/archive/2007/04/04/json-hijacking-and-how-asp-net-ajax-1-0-mitigates-these-attacks.aspx http://www.west-wind.com/Weblog/posts/896411.aspx http://www.west-wind.com/weblog/posts/324917.aspx http://professionalaspnet.com/archive/tags/WCF/default.aspx The primary requirement when calling WCF from jQuery is that the request use JSON: The request must include a content-type:application/json header. Any parameters included with the request must be JSON encoded. Unfortunately, jQuery does not include a method for serializing JSON (Although, oddly, jQuery does include a parseJSON() method for deserializing JSON). Therefore, we need to use an additional library to handle the JSON serialization. The page in Listing 4 illustrates how you can call a WCF service from jQuery. Listing 4 – Default2.aspx <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Add Movie</title> <script src="http://ajax.microsoft.com/ajax/jquery/jquery-1.4.2.js" type="text/javascript"></script> <script src="Scripts/json2.js" type="text/javascript"></script> </head> <body> <form> <label>Title:</label> <input id="title" /> <br /> <label>Director:</label> <input id="director" /> </form> <button id="btnAdd">Add Movie</button> <script type="text/javascript"> $("#btnAdd").click(function () { // Convert the form into an object var data = { title: $("#title").val(), director: $("#director").val() }; // JSONify the data data = JSON.stringify(data); // Post it $.ajax({ type: "POST", contentType: "application/json; charset=utf-8", url: "MovieService.svc/Insert", data: data, dataType: "json", success: insertCallback }); }); function insertCallback(result) { // unwrap result result = result["d"]; if (result === true) { alert("Movie added!"); } else { alert("Could not add movie!"); } } </script> </body> </html> There are several things to notice about Listing 4. First, notice that the page includes both the jQuery library and Douglas Crockford’s JSON2 library: <script src="Scripts/json2.js" type="text/javascript"></script> You need to include the JSON2 library to serialize the form values into JSON. You can download the JSON2 library from the following location: http://www.json.org/js.html When you click the button to submit the form, the form data is converted into a JavaScript object: // Convert the form into an object var data = { title: $("#title").val(), director: $("#director").val() }; Next, the data is serialized into JSON using the JSON2 library: // JSONify the data var data = JSON.stringify(data); Finally, the form data is posted to the WCF service by calling the jQuery ajax() method: // Post it $.ajax({   type: "POST",   contentType: "application/json; charset=utf-8",   url: "MovieService.svc/Insert",   data: data,   dataType: "json",   success: insertCallback }); You can’t use the standard jQuery post() method because you must set the content-type of the request to be application/json. Otherwise, the WCF service will reject the request for security reasons. For details, see the Scott Guthrie blog post: http://weblogs.asp.net/scottgu/archive/2007/04/04/json-hijacking-and-how-asp-net-ajax-1-0-mitigates-these-attacks.aspx The insertCallback() method is called when the WCF service returns a response. This method looks like this: function insertCallback(result) {   // unwrap result   result = result["d"];   if (result === true) {       alert("Movie added!");   } else {     alert("Could not add movie!");   } } When we called the jQuery ajax() method, we set the dataType to JSON. That causes the jQuery ajax() method to deserialize the response from the WCF service from JSON into a JavaScript object automatically. The following value is passed to the insertCallback method: {"d":true} For security reasons, a WCF service always returns a response with a “d” wrapper. The following line of code removes the “d” wrapper: // unwrap result result = result["d"]; To learn more about the “d” wrapper, I recommend that you read the following blog posts: http://encosia.com/2009/02/10/a-breaking-change-between-versions-of-aspnet-ajax/ http://encosia.com/2009/06/29/never-worry-about-asp-net-ajaxs-d-again/ Summary In this blog entry, I explored two methods of inserting a database record using jQuery and .NET. First, we created a generic handler and called the handler from jQuery. This is a very low-level approach. However, it is a simple approach that works. Next, we looked at how you can call a WCF service using jQuery. This approach required a little more work because you need to serialize objects into JSON. We used the JSON2 library to perform the serialization. In the next blog post, I want to explore how you can use jQuery with OData and WCF Data Services.

  Read the article

< Previous Page | 763 764 765 766 767 768 769 770 771 772 773 774  | Next Page >