Wednesday, August 12, 2009

GridView (non-object/sql DataSource) Paging and Sorting

This is just a quick reminder post about how to do things and in what order to get Paging and Sorting working together on a GridView Control when you’re datasource is NOT a SqlDataSource or ObjectDataSource reference by DataSourceId in the ASPX file but rather a (collection of) POCO objects or other datasource!

 

.ASPX file

    <asp:GridView CssClass="tableStyle1" HeaderStyle-CssClass="bgA" RowStyle-CssClass="bgB"

        DataKeyNames="Id" AlternatingRowStyle-CssClass="bgB" AllowPaging="true"

        AllowSorting="true" PageSize="50" OnPageIndexChanging="ResultsGrid_PageIndexChanging"

        AutoGenerateColumns="false" runat="server" ID="ResultsGrid" OnRowDataBound="ResultsGrid_RowDataBound"

        OnSorting="ResultsGrid_Sorting" PagerStyle-ForeColor="White">

        <Columns>

            <asp:BoundField DataFi

 

 

.CS file

protected void Page_Load(object sender, EventArgs e)

    {

        if (!this.IsPostBack)

        {

            ViewState["SortExpression"] = "Title";

            ViewState["SortDirection"] = "ASC";

        }

    }

 

    public void ResultsGrid_PageIndexChanging(object sender, GridViewPageEventArgs e)

    {

        ResultsGrid.PageIndex = e.NewPageIndex;

        BindResultGrid();

    }

 

    private void BindResultGrid()

    {

        SqlDataAdapter da = new SqlDataAdapter("ReportingSelect", new SqlConnection(connectionString));

        GetSqlParametersForFilter(PrepareFilterTerms(), da.SelectCommand);

        DataSet results = new DataSet();

        da.Fill(results);

        ResultsGrid.DataSource = ApplySorting(results.Tables[0].DefaultView);

        ResultsGrid.DataBind();

    }

 

    private DataView ApplySorting(DataView dataViewForSorting)

    {

        dataViewForSorting.Sort = ViewState["SortExpression"].ToString() + " " + ViewState["SortDirection"].ToString();

        return dataViewForSorting;

    }

 

    public void ResultsGrid_Sorting(object sender, GridViewSortEventArgs e)

    {

        if (e.SortExpression.ToString() == ViewState["SortExpression"].ToString())

        {

            if (ViewState["SortDirection"].ToString().StartsWith("ASC"))

            {

                ViewState["SortDirection"] = "DESC";

            }

            else

            {

                ViewState["SortDirection"] = "ASC";

            }

        }

        else

        {

            ViewState["SortExpression"] = e.SortExpression.ToString();

            if (e.SortDirection == SortDirection.Ascending)

            {

                ViewState["SortDirection"] = "ASC";

            }

            else

            {

                ViewState["SortDirection"] = "DESC";

            }

        }

 

        BindResultGrid();

    }

Read More

Monday, August 03, 2009

ASCII Encoded/Binary String Automated SQL Injection Attack

Useful code for preventing SQL injections in .NET Querystrings, lifted from the following page:
http://www.bloombit.com/Articles/2008/05/ASCII-Encoded-Binary-String-Automated-SQL-Injection.aspx

/// /// global.asax/// public class Global : System.Web.HttpApplication{
...
private static string[] SQLKeywords = new string[]
{
"EXEC", "SELECT", "INSERT", "UPDATE", "DELETE",
"CAST", "DECLARE", "NVARCHAR", "VARCHAR"
};
...
protected void Application_BeginRequest(object sender, EventArgs e)
{
HttpContext context = HttpContext.Current;
if (context != null)
{
string queryString =
context.Request.ServerVariables["QUERY_STRING"];
if (string.IsNullOrEmpty(queryString) == false)
{
if (queryString.Length > 500)
throw new SQLInjectionException(string.Format("Unexpected 'QUERY_STRING' length ({0}).", queryString));
queryString = Server.UrlDecode(queryString);
queryString =
queryString.Replace(" ", string.Empty).ToUpper();
foreach (string keyword in SQLKeywords)
{
if (queryString.IndexOf(keyword) != (-1))
throw new SQLInjectionException(string.Format("Unexpected T-SQL keyword ('{0}') has been detected ({1})", keyword, queryString));
}
}
}
}
...}
Read More

My 30th birthday is looming....

...so I've written a list of things I'd like!

Stuff I’d Like for my Birthday:

Framework Design Guidelines: Conventions, Idioms, and Patterns for re-useable .NET Libraries 2nd Edition, Book/DVD Package
http://www.compman.co.uk/scripts/browse.asp?ref=895703
£22.34

Hitman DVD – Unrated
http://www.movietyme.com/catalog/product_info.php?products_id=39063&osCsid=dd991dc5d4a98e3f30952bf39550ad0c
£15.99

HMV Vouchers!

Iomega 1TB desktop hard drive - Catalogue number: 204-6510
http://direct.tesco.com/q/R.204-6510.aspx
£69.94

Philips SPC1330NC Webcam pro
http://shop.philips.co.uk/servlet/ControllerServlet?Action=DisplayProductDetailsPage&Locale=en_GB&SiteID=rpeeub2c&productID=124455100&s_kwcid=TC9368philips%20spc1330ncS3385570448
£69.99

Subscription to WebUser Magazine
http://www.magazinesubscriptionsipc.com/ipc/subs/subsorder.asp?title=XWU&promcode=i272&ctryID=NONE
About £25 I think

CLR via C#, 3rd Edition by Jeffrey Richter (I’ve already got the 2nd Edition)
Not out yet!
£TBC

Hanns-G 22in HG221AP Wide LCD TFT Black/Silver MonitorMonitor
http://www.svp.co.uk/displays/monitor-22-hanns-g-22-hannsg001_monitor.html
£109.62
Read More