Delete Operation in MVC

This week I just started some MVC tutorials which I’m really liking. And after some tutorials I found this “Performing a delete operation in response to a GET request (or  for that matter, performing an edit operation, create operation, or any other  operation that changes data) opens up a security hole”.

The problem is that if you create a link with the following href: www.mydomain.com/Movies/Delete/23, it will delete the movie with the passed id 23. If a hacker finds this, he can create a loop and delete all of your movies in the database.

The best solution would be to delete an item in an HTTP POST operation instead of the get, so the user must submit a form to delete an item. This is done using either buttons, or else images using the following markup:

                <% using (Html.BeginForm("Delete", "Home", new { id = item.Id }))
                   { %>
                    <input type="image" src="Content/Delete.png" />
                <% } %>

This will create an image link in a form which would POST the delete operation. This will reduce the security hole in your system. I suggest you read this article by Stephen Walter. Hope this will help you in your new MVC adventures.

 

 

For Loop with Negative Step | Quickie

Cannot believe that I’m writing some helpful examples using VB.Net, but that is the language that we’re using at work, so have to adapt now. Next find how to make a loop with a negative step (decreasing step):

Imports System

Public Class MainClass
 Shared Sub Main()
 For intCount As Integer = 10 To 1 Step -1
 'Add the item to the list
 System.Console.WriteLine(intCount)
 Next
 End Sub
End Class

Get data from an SQLDataSource to a DataTable and Bind Grid

This week, I needed to bind a gridview to and SQLDataSource. The only problem is that I need to include extra rows. How to do this? First I removed the binding code to bind the grid directly from HTML (in gridview remove the DataSourceID attribute).

Then I wanted to get the data from the SQL Data source and convert to a data table to insert and update the table as needed. Next is the code to get the data… Continue reading

ASP.Net 4.0 Validate Request

When creating a CMS sometimes you need to allow certain tags pass through the ASP.Net Validation. To allow tags be posted, in v2.0, you had to include the following tag in the page directive:

ValidateRequest="false"

But in .Net 4.0, this is not enough. You also need to include the next tag (httpRuntime) in the web.config file under <system.web>:

<system.web>
<compilation debug="true" targetFramework="4.0" />
<httpRuntime requestValidationMode="2.0" />
</system.web>

There is also other information on Error validation in .Net 4.0 here

Resources: here

ASP.Net | Read Values from Javascript

Today I started checking out some videos about Windows CardSpace and ASP.Net for logging in and I saw how he used javascript to get client side input and use it in ASP.Net in the C# code.

First you need to create a HiddenField on your webForm and name it TokenField (any name would actually do)

<asp:HiddenField ID=”TokenField” runat=”server” />

To set the Hidden Field value in JavaScript use the following code: Continue reading

Create your favicon.ico easily

Project NINE | Logo | FavIcon.ico

To easily create a favicon.ico to be used on a website, you can use the following website. Here you can either enter the URL of the image or upload the png logo you want to use; then a download link is created where you can download the ico:

http://www.convertico.com/

Some tips for you favicon image. Continue reading

URLRewriter Submit Button Error | Intelligencia

Today I was using Intelligencia URLRewriter to use Search Engine Friendly URL’s to improve my site’s SEO.

The Problem?

All was working fine until I inserted a button in the page. When I clicked the button, the URL address showed the original URL and stopped working… the button didn’t even do the postback.

The Solution… Continue reading

Project NINE | Launching 29th November

Project NINE Web Design

Finally the day has come, for Malta to experience a new concept in web development on www.nine.com.mt. Today we just made our first advert on the timesofmalta.com as till now is going very good.

Clients will have many features for a small price. Stay tuned as we’re going to reveal more before Monday!

Why the word Project?

We chose the word project instead of concept or design for the simple fact that this website will be always evolving. There are so many things that we have ready for it. And we are the type of persons that listen.

Why Nine?

We chose the number Nine as it is a magic number. It’s amazing what  Try this…

– Multiply any number by nine (be it 10, or 15, or thousands or millions).

– Then repeatedly add the digits of the resulting number until it is just one digit

– You’ll end up with NINE

Next are some examples:

2 × 9 = 18 (1 + 8 = 9)

9 × 9 = 81 (8 + 1 = 9)

234 × 9 = 2106 (2 + 1 + 0 + 6 = 9)

578329 × 9 = 5204961 (5 + 2 + 0 + 4 + 9 + 6 + 1 = 27 (2 + 7 = 9)) Continue reading

CMS | Sitefinity Not Working on Windows 7 64-Bit

To solve this problem, you need to access IIS 7 Manager and make sure that the:

  • Application Pool is switched from Default to Classic
  • Logon User in Classic Application Pool is LocalSystem
  • Enable for 32-bit applications Continue reading

Return Array from Web Service using ScriptManager & Javascript

 This is used to call the Web Service using ASP.Net and Script Manager. Must be inserted in .aspx page. 

<asp:ScriptManager runat=”server” ID=”scriptManager”>
<Services>
<asp:ServiceReference path=”WebService/TestService.asmx” />
</Services>
</asp:ScriptManager>

This is the script to call the web service method and print the result on the form: Continue reading