Delete Operation in MVC

This week I just started some MVC tutorials which I’m really liking. And after some tutorials I found this “Performing a delete operation in response to a GET request (or  for that matter, performing an edit operation, create operation, or any other  operation that changes data) opens up a security hole”.

The problem is that if you create a link with the following href: www.mydomain.com/Movies/Delete/23, it will delete the movie with the passed id 23. If a hacker finds this, he can create a loop and delete all of your movies in the database.

The best solution would be to delete an item in an HTTP POST operation instead of the get, so the user must submit a form to delete an item. This is done using either buttons, or else images using the following markup:

                <% using (Html.BeginForm("Delete", "Home", new { id = item.Id }))
                   { %>
                    <input type="image" src="Content/Delete.png" />
                <% } %>

This will create an image link in a form which would POST the delete operation. This will reduce the security hole in your system. I suggest you read this article by Stephen Walter. Hope this will help you in your new MVC adventures.

 

 

For Loop with Negative Step | Quickie

Cannot believe that I’m writing some helpful examples using VB.Net, but that is the language that we’re using at work, so have to adapt now. Next find how to make a loop with a negative step (decreasing step):

Imports System

Public Class MainClass
 Shared Sub Main()
 For intCount As Integer = 10 To 1 Step -1
 'Add the item to the list
 System.Console.WriteLine(intCount)
 Next
 End Sub
End Class

Get data from an SQLDataSource to a DataTable and Bind Grid

This week, I needed to bind a gridview to and SQLDataSource. The only problem is that I need to include extra rows. How to do this? First I removed the binding code to bind the grid directly from HTML (in gridview remove the DataSourceID attribute).

Then I wanted to get the data from the SQL Data source and convert to a data table to insert and update the table as needed. Next is the code to get the data… Continue reading

ASP.Net 4.0 Validate Request

When creating a CMS sometimes you need to allow certain tags pass through the ASP.Net Validation. To allow tags be posted, in v2.0, you had to include the following tag in the page directive:

ValidateRequest="false"

But in .Net 4.0, this is not enough. You also need to include the next tag (httpRuntime) in the web.config file under <system.web>:

<system.web>
<compilation debug="true" targetFramework="4.0" />
<httpRuntime requestValidationMode="2.0" />
</system.web>

There is also other information on Error validation in .Net 4.0 here

Resources: here

ASP.Net | Read Values from Javascript

Today I started checking out some videos about Windows CardSpace and ASP.Net for logging in and I saw how he used javascript to get client side input and use it in ASP.Net in the C# code.

First you need to create a HiddenField on your webForm and name it TokenField (any name would actually do)

<asp:HiddenField ID=”TokenField” runat=”server” />

To set the Hidden Field value in JavaScript use the following code: Continue reading

Project NINE | Launching 29th November

Project NINE Web Design

Finally the day has come, for Malta to experience a new concept in web development on www.nine.com.mt. Today we just made our first advert on the timesofmalta.com as till now is going very good.

Clients will have many features for a small price. Stay tuned as we’re going to reveal more before Monday!

Why the word Project?

We chose the word project instead of concept or design for the simple fact that this website will be always evolving. There are so many things that we have ready for it. And we are the type of persons that listen.

Why Nine?

We chose the number Nine as it is a magic number. It’s amazing what  Try this…

– Multiply any number by nine (be it 10, or 15, or thousands or millions).

– Then repeatedly add the digits of the resulting number until it is just one digit

– You’ll end up with NINE

Next are some examples:

2 × 9 = 18 (1 + 8 = 9)

9 × 9 = 81 (8 + 1 = 9)

234 × 9 = 2106 (2 + 1 + 0 + 6 = 9)

578329 × 9 = 5204961 (5 + 2 + 0 + 4 + 9 + 6 + 1 = 27 (2 + 7 = 9)) Continue reading