Thomas Sampson

Category Archives: ASP.NET


by 2 Comments

Odbc Memory allocation error

Today I tried upgrading the odbc drivers on my server from 3.5 to 5.1. I immediately ran in to troubles and got a “Memory allocation error” when executing a non query to mySql. After reverting back to driver version 3.5 i found that the error was caused simply by a “data too long for field” error which i quickly fixed in no time at all.

I am not sure if the memory allocation error i received with the new drivers was related to this but if anyone could explain this I would love to know whats going off. If anyone gets a memory allocation error in 5.1 it might be worth checking to ensure the data your inserting fits into the row.


by 11 Comments

Flash to ASP.NET

After a lot of research and some help from my friend Mark, I finally put together a small demo of posting data from a client side flash file to a server. In this example the flash file simply sends the text “Hello” to the server, and the sever reads this and saves it to a text file. Simple stuff but unusually hard to figure out, with a serious shortage of helpful information online.

Uses

  • Your user plays a flash game you made, and you want to submit their high score back to the server to store in a databse
  • Your flash file uses a form to collect data from the user which needs storing in a database

ACTIONSCRIPT

var store:LoadVars = new LoadVars(); //Make a new variable storage collectionstore[“testField”]=”Hello”; //Create an entry in the variable collection named “testField”

store.sendAndLoad(“http://localhost:51527/testForm/Default.aspx”,store,”POST”); //Send variables to ASP.NET

NB: – The sendAndLoad method posts the data silently without opening a browser window,hence the aspx page is never rendered to the user.

NB:- The second argument of sendAndLoad can be any LoadVars object used to retrieve a response from server if one is present (not rnecessary for one way data posting so here I used the original LoadVars object) .

ASP.NET (Server Side)

string field = Request.Params.Get(“testField”).ToString(); // get the parameter StreamWriter me = new StreamWriter(“C:/dump.txt”,false);
me.Write(field); //Write the parameter to a file

me.Close();


by Leave a comment

Pushing files out to the client

I’ve wanted to look into this for a while. It shows how any server side page (in this instance an aspx c# page) can be seen as a different file type, for example hitting test.aspx returns an mp3 file or perhaps an executable for file download.

This article explains it thoroughly and is achieved by dynamically changing the content type in the header.

http://www.codeproject.com/useritems/textfile.asp

List of content types

".asf" = "video/x-ms-asf"
 ".avi" = "video/avi"
 ".doc" = "application/msword"
 ".zip" = "application/zip"
 ".xls" = "application/vnd.ms-excel"
 ".gif" = "image/gif"
 ".jpg"= "image/jpeg"
 ".wav" = "audio/wav"
 ".mp3" = "audio/mpeg3"
 ".mpg" "mpeg" = "video/mpeg"
 ".rtf" = "application/rtf"
 ".htm", "html" = "text/html"
 ".asp" = "text/asp"

'Handle All Other Files
 = "application/octet-stream"


by 1 Comment

Getting HTML into a database

Today I found a great function in ASP.net to convert user inputted string into a format suitable to be held in a database.

The first thing you must do is turn off ValidationRequests. Validation requests are a system .NET has in place to immediately stop the user inputting html into any form . But sometimes you need to allow this. Changing the ValidateRequest attribute of the text entry and submission button didnt work for me , im not sure why, but if the following is included in the webconfig then the user is allowed to submit html through a form (this will compromise security and should be odne with caution).

<system.web>
<pages validaterequest”false”>

</pages>

At this stage your webapp can now handle html being submitted, but before it can be inserted into a database it must be converted into escape characters.

Here is an example of how to do so, where userinput is plain html entered by the user

string encodedinput=HttpUtility.HtmlEncode(userinput);

this html data can now be inserted into any database using an SQL command. There is no harm using this method on all form submisions, even if they are not likely to contain html. The reason for this is the encode function will also encode illegal charcaters such as double quotes (\”) & % and @ symbols which will be rejected by the database.

When retrieving this encoded html from the database it can easily be dedoded back into regulr html using

string decodedhtml=HttpUtility.HtmlDecode(htmlfromdatabase);

If used carefully, along with SQL injection prevention techniques, this makes for a safe way to store scripts and html in a database.


by 3 Comments

Advanced Forms Authentication

Tonight I realised that with default forms authentication turned on, a linked css file (from a link tag in head) will not load on the login page before a user logs in, so the site has no css before the user logs in!!

Solution

right before the </configuration> in the web.config file add…

<location path=”myskin.css”>
<system.web>
<authorization>
<allow users=”*”>
</allow>
</authorization>
</system.web>
</location>

replace myskin.css with any file you wish to grant unauthorised access to! 🙂