My code is like this
<asp:Repeater ID="rptEvaluationInfo" runat="server">
<ItemTemplate>
<asp:Label runat="server" Id="lblCampCode" Text="<%#Eval("CampCode") %>"></asp:Label>
</ItemTemplate>
Everything looks okay to me, But it generates an error in the runtime. When I remove this part
Text="<%#Eval("CampCode") %>"
error goes.
SO I assume the issue is with databind. So I tried an alternative like this
<asp:Repeater ID="Repeater1" runat="server">
<ItemTemplate>
<label><%#Eval("CampCode") %> </label>
</ItemTemplate>
And it also works good. Can any one tell me what is the issue with my first code?
Note: I don't have access to the error message due to the special
reasons on my project , that's why I have not posted it here.
And I want to use ASP controls itself on the case that's why i haven't
gone with my second solution
The problem is with quotes. Currently you have double quotes everywhere, so ASP.NET is not able to parse this. Change outer ones to single quotes like this:
Text='<%#Eval("CampCode") %>'
Related
I am working on a simple ASP.NET application to prove the use of AntiXss library. The library is very powerful and it is working fine with me except with Eval() in aspx pages. For example, if I have a label control like the following:
<asp:Label runat="server" ID="CommentsLabel" Text='<%# Eval("Name") %>' />
How will I be able to use AntiXss with it?
I followed this example mentioned HERE, and I added the library to the label control by doing the following:
<asp:Label runat="server" ID="CommentsLabel" Text='<%#Microsoft.Security.Application.AntiXss.HtmlEncode(((System.Data.DataRowView)Container.DataItem)["Comments"].ToString()) %>'/>
And my instructor is still telling me it is vulnerable and I don't know why. Then, instead of using AntiXss.HtmlEconde() , I used Encoder.HtmlEncode() in the previous line
<asp:Label runat="server" ID="CommentsLabel" Text='<%#Microsoft.Security.Application.Encoder.HtmlEncode(((System.Data.DataRowView)Container.DataItem)["Comments"].ToString()) %>'/>
EDIT:
And based on the scanning tool which my instructor is using it, he is still telling me that it is vulnerable. So how to use this library with Eval or Data Binding in general?
So I've been looking around for a good answer to this question, but haven't really found anything useful. Hopefully someone can shed some light on this for me.
Basically, I have a repeater that is backed by a database table. Inside the ItemTemplate for this repeater, I have some HTML elements that are populated with properties from each item in the list. Pretty standard stuff. However, there is a possibility that one of the items could be null. In that case, it would make sense for me to put some sort of if (blah != null) logic around the offending code. The only problem is, when I've tried to do so, ASP throws up on me, telling me that I can't use an if statement inside of <%# %>.
My question to the masses is this: if you can't use an if statement inside of <%# %>, then how are you supposed to do conditional logic based on the values of each item?
I know that you can call your own methods inside the repeater, but that won't work for what I'm trying to do.
Below is what I'm trying to accomplish, to better illustrate my point.
<asp:Repeater runat="server" ID="repeater">
<ItemTemplate>
<div class="item-wrap">
<% if(Eval("imageUrl") != null) { %>
<div class="plan-img">
<asp:Image runat="server" ImageUrl='<%# Eval("imageUrl") %>'/>
</div>
<% } %>
</div>
</ItemTemplate>
</asp:Repeater>
inside your ItemTemplate write the markup like this:
<asp:Panel runat="server" Visible='<%# Eval("imageUrl") != null %>'>
<asp:Image runat="server" ImageUrl='<%# Eval("imageUrl") %>'/>
</asp:Panel>
Basically you can't mix code <% with databinding constructs <%#.
My advice would be to add the following property in your CodeBehind:
protected YourClass DataItem
{
get
{
return (YourClass)this.Page.GetDataItem();
}
}
and then write the markup without Eval():
<asp:Image runat="server" ImageUrl='<%# DataItem.imageUrl %>'/>
You're supposed to generate the same content for every item in the template. If you don't need to use it for a particular item just set it's visibility to false in the binding events.
I'd like to change the text attribute of a button according to the session landuage. So I write:
<asp:Button id="btOptIn" runat="server"
Text="<% = UI.Instance.TxtSubmit %>"
onclick="btOptIn_Click" />
This does not work. I tried several other versions (like Text='<%# Eval(UI.Instance.TxtSubmit) %>') but could not succeed.
The same code (<% = UI.Instance.TxtSubmit %>) works outside the quotes of the attribute. What is the syntax to make it work within an attribute of a control?
Thank you for your time.
<asp:textbox id="tbName" runat="server" Text='<%# Eval("test") %>' />
<%= %> is a shortened response.Write() and is never valid as an attribute, for any server tag.
<%# %> can be used, only if the conatainer is databound (the page in your case).
<%$ > can be used to access data in resources files.
In the Page_Load of you will have to make a call to Page.DataBind() for this to work.
I'm trying to do a nested repeater as described here but it's erroring out.
My repeater is as follows:
<asp:Repeater ID="HouseholdRepeater" runat="server">
<ItemTemplate>
<div><b><%# DataBinder.Eval(Container.DataItem,"Name") %></b></div>
<div>
<asp:Repeater ID="ApplicationRepeater" runat="server" DataSource="<%#((DataRowView)Container.DataItem).Row.GetChildrows("Applications") %>"> <!-- error here -->
<ItemTemplate>
<div>
<%# DataBinder.Eval(Container.DataItem,"Description") %>
</div>
</ItemTemplate>
</asp:Repeater>
</div>
</ItemTemplate>
</asp:Repeater>
The error message I get is "The server tag is not well formed."
It looks exactly like the example to me. I'm not seeing what is wrong with it. Any ideas how to make this work?
Also, I databind it in the code using an anonymous object from a Linq query.
You are using double quotes to specify your DataSource property, but your DataSource contains double quotes itself. Try enclosing the DataSource in single quotes:
DataSource='<%#((DataRowView)Container.DataItem).Row.GetChildrows("Applications") %>'
Change
Row.GetChildrows("Applications")
to
Row.GetChildrows(""Applications"")
Also change
<a href="<%# DataBinder.Eval(Container.DataItem,"Link")
to
<a href="<%# DataBinder.Eval(Container.DataItem,""Link"")
The DataSource section looks incorrect... the DataSource should be something like this
'<%#DataBinder.Eval(Container, "DataItem.ChildTable") %>'
Change
DataSource="<%#((DataRowView)Container.DataItem).Row.GetChildrows("Applications") %>"
to
DataSource='<%#((DataRowView)Container.DataItem).Row.GetChildrows("Applications") %>'
I am using databinding to iterate through a recordset returned from the database, and one of those recordsets is a comma separated list of items - I'm trying to use a second repeater to display each of those items as a hyperlink. So far this is the code that I have:
<asp:Repeater ID="myRepeater" runat="server" DataSource='<%# DataBinder.Eval(Container.DataItem, "SomeList").ToString().Trim(',') %>'>
<ItemTemplate>
<a href='http://somesite/downloadattachment.aspx?itemid=<%# Container.ItemIndex %>'><%# Container.DataItem %></a>
</ItemTemplate>
</asp:Repeater>
The trouble is that so far there are 3 reasons why this doesnt work:
I get a server tag is not well formed error unless I remove the runat="server" - why is this? (And why does it work without the runat="server"?)
Container.DataItem Evaluates to an instance of System.Data.DataRowView - how do I get the current piece of the string that I split?
More importantly, this only seems to print out 1 Container.DataItem, even when I know there is a comma in the string I've given it - any ideas?
Instead of Eval(), for non-trivial scenarios I generally cast Container.DataItem to the type I want, and then act on it from there in a type-safe way.
The "not well formed" error is caused by the single-quotes around the parameter to Trim(). If you use single quotes on the outside of your attribute definition, you can't use them inside it. In cases like yours where a databinding definition has a lot of code in it, I often create a helper method (either inside a script runat=server for for MVC views and other inline-code-friendly cases, or in code-behind for traditional web forms apps) which handles the code I want to run. By refactoring into a method, it clarifies the HTML and sidesteps the lame single/double-quote restrictions.
Regardless of where you put the code, In your case, you want to:
cast Container.DataItem to DataRowView
extract the SomeList column value using the [] operator
call String.Split() on that string to turn your CSV string it into an array of strings
use that as a data source of your inner repeater
The code should look something like this:
<asp:Repeater ID="myRepeater" runat="server"
DataSource='<%# ((System.Data.DataRowView)Container.DataItem)["SomeList"].ToString().Split(new string[] {","}, StringSplitOptions.RemoveEmptyEntries)%>'>
<ItemTemplate>
<a href='http://somesite/downloadattachment.aspx?itemid=<%# Container.ItemIndex %>'>
<%# Container.DataItem %>
</a>
</ItemTemplate>
</asp:Repeater>
Did you specify the updatecommand, deletecommand to the sqldatasource?
Even if the proper parameters haven't been supplied, the affected rows will always be 0. If it has two parameters for the update command, two parameters have to be supplied through updatecommand.
For more information on this please check this URL: http://www.itpian.com/Coding/4774-Data-binding.aspx