Hi
I completed my project work . , but only one problem is Sql injection. For this project I used asp.net platform with c#.
I need to compare each letters in the textbox value., if thre has any letters like <,>,.,!,<!,create ,etc..then the the error message should display.
For that i wrote If(String.Compare(text_compname.text,"<"))
{
lablel1.visible=true; // lbale1=" Invalid Charrecter"
}
else
{
// regular statements
}
When Run the program with this code there is an error like "cannot implicitly convert type'int' to 'bool'
can u find any mistake in this code?????
weather there has any other coding for string comparison in asp.net with c#??
please help me............ |
| sibin.msdn |
The following statement will return and integer value String.Compare(text_compname.text,"<") while the "if" statement is expecting a boolean expression. Since the integer value is not able to convert to a bool, the compiler complains. You can correct the code by using the following code. if(text_compname.Text == "<") { // do the stuff }
Thanks,
A.m.a.L
.Net Goodies
|
|
|
Remember to click "mark as answered" when you get a correct reply to your question
|
|
| A.m.a.L - aditi.com - Think Product |
Thankyou A.m.a.L
But I need to check the value in the textbox charrecter by charrecter. If "<" symbol any where in the word should detect..if it is the first letter or last letter,or in the middles.So I need to check the Textbox value by each charrecter.. Plese help me........... |
| sibin.msdn |
if(text_compname.Text.Contains("<"))
// handle the invalid character
Each string is an instance of the String class which has MANY methods attached to it that you can use for all kinds of string search and manipulation. Familiarize yourself with them.
Les Potter, Xalnix Corporation, Yet Another C# Blog |
| xalnix |
Somearticles you might find interesting: String.Compare != String.EqualString.Compare vs String.EqualNew Recommendations for using Strings in .NET 2.0
John Grove - TFD Group, Senior Software Engineer, EI Division, http://www.tfdg.com - Edited byJohnGrove Thursday, August 27, 2009 2:56 PM
-
|
| JohnGrove |
By the way, use the parameter classes to avoid SQL injections.
John Grove - TFD Group, Senior Software Engineer, EI Division, http://www.tfdg.com |
| JohnGrove |
You can use String.Contains method for doing the same. Please replace the if statement as shown below if(text_compname.Text.Contains("<")) { // Do the stuff } Please refer to xalnix 's and john's reply
Thanks,
A.m.a.L
.Net Goodies
|
|
|
Remember to click "mark as answered" when you get a correct reply to your question
|
|
| A.m.a.L - aditi.com - Think Product |
Hello I guess this problem can be solved more easily by using 'Regular expression'.
using System.Text.RegularExpressions;
public class Test
{
MatchCollection matchtag;
MatchCollection wordsmatchcoll;
private void method()
{
wordsmatchcoll = Regex.Matches(RichTextBox1.Text, "<", RegexOptions.IgnoreCase);
if (wordsmatchcoll.Count > 0)
{
Interaction.MsgBox("Text is having some special characters");
}
}
}
Here method is the event in which you are trying to compare the strings.
Mark the reply as answer if it helps you to solve your problem
Cheers:)
|
| Rohini Chavakula |
The question was:
" I need to compare each letters in the textbox value., if there has any letters like <,>,.,!,<!,create ,etc..then the the error message should display.
String pattern = @"\<\!?|\>|\.|\!|create";
if (Regex.IsMatch(inputString, pattern, RegexOptions.IgnoreCase))
{
........Give error message
}
John Grove - TFD Group, Senior Software Engineer, EI Division, http://www.tfdg.com- Edited byJohnGrove Friday, August 28, 2009 1:27 PM
- Edited byJohnGrove Friday, August 28, 2009 1:29 PM
-
|
| JohnGrove |
Based on the original post, I agree that Regex is a good approach. The original post said that there were multiple characters that should trigger failure. The Regex pattern is designed to do that...
if ( Regex.IsMatch(textbox1.Text, @"(\bcreate\b|\<\!|[<>.!])") ==true )
{
// fail gracefully
MessageBox.Show("The text containsinvalid symbols or words");
}
Les Potter, Xalnix Corporation, Yet Another C# Blog |
| xalnix |
Ignore my previous update.
To compare the string with special characters can be achived by using match collection function which will provide the count of the special characters present in the string.
matchcolletion wordsmatchcoll = default(matchcolletion);
wordsmatchcoll = Regex.Matches(TextBox1.Text, "(\\bcreate\\b|\\<\\!|[<>.!])", RegexOptions.IgnoreCase);
if (wordsmatchcoll.Count > 0) {
Interaction.MsgBox("Text is having " + wordsmatchcoll.Count + " special characters");
}
<br/><br/><br/>
|
| Rohini Chavakula |
Ignore my previous update.
To compare the string with special characters can be achived by using match collection function which will provide the count of the special characters present in the string.
matchcolletion wordsmatchcoll = default
(matchcolletion);
wordsmatchcoll = Regex.Matches(TextBox1.Text, "(\\bcreate\\b|\\<\\!|[<>.!])"
, RegexOptions.IgnoreCase);
if
(wordsmatchcoll.Count > 0) {
Interaction.MsgBox("Text is having "
+ wordsmatchcoll.Count + " special characters"
);
}
<br/><br/><br/>
Just out of curiosity how would the text create manifest itself as an sql injection?
William Wegerson ( www.OmegaCoder.Com) |
| OmegaMan |
Thanks Rohini,
But This Vs2003 software,there is some problems.. In My VS2003 software the validation controlls does not work..such as regular expression validator, required field validator etc....if the regular expression validator is required for this coding???
please reply meeee
Thanks in Advance |
| sibin.msdn |
Regular expression is not a validator control.
To make use of those function, you have to import regular expression namespace.
using System.Text.RegularExpressions;
Try touse this namespace, which helps you to solve your problem.
cheers:) |
| Rohini Chavakula |
Required field validator is a control which we use from toolbox.
But regular exprerssions are not present in toolbox controls.
We have to make use of them by importing a namespace as below.
using System.Text.RegularExpressions;
Mark as answer if it solved your problem. |
| Rohini Chavakula |
index > Regular Expressions > String Comparison