2

I am saving the inner Html in the form table , in the HTML field and getting the inner Html in Code Behind like following, and I want to achieve the Name Attribute(inner html has input types elements and each input type has a name attribute, i want to get those name attribute ) here in the code behind from the innerHTML . is this possible to do So

e.g < <input name="LastName" type="text" id="LastName">

C# method 

protected void GetFormHTML()
{
    if (con.State == ConnectionState.Closed)
    {
        con.Open();
    }
    cmd = new SqlCommand("select * from Forms where FormId='" + 
                         Request.QueryString["ID"].ToString() + "'", con);
    dr = cmd.ExecuteReader();
    if (dr.HasRows)
    {
        dr.Read();

        lblFormName.Text = dr["Name"].ToString();
        DivHTML.InnerHtml = dr["HTML"].ToString().Trim();
    }

    dr.Close();
    cmd.Dispose();
    con.Close();
}
Uwe Keim
  • 39,551
  • 56
  • 175
  • 291
Caffeine addicted
  • 324
  • 3
  • 19
  • What do you mean by "I want to achieve the Name attribute here?" I'm having trouble understanding what that means. – Greg Burghardt Oct 07 '14 at 20:05
  • Sir, i mean to say , inner html has input types elements and each input type has a name attribute, i want to get those name attribute – Caffeine addicted Oct 07 '14 at 20:08
  • WC , can you help me a little sir @GregBurghardt – Caffeine addicted Oct 07 '14 at 20:11
  • Have you tried looking into the `Controls` property? Every UserControl has this property. You might try recursively searching this for HtmlGenericControls with a name in their Attributes property. – Greg Burghardt Oct 07 '14 at 20:21
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/62631/discussion-between-cold-coffee-and-greg-burghardt). – Caffeine addicted Oct 07 '14 at 20:25
  • BTW: [Little Bobby Tables](http://imgs.xkcd.com/comics/exploits_of_a_mom.png) detected. – Uwe Keim Oct 07 '14 at 21:38
  • You should NEVER create a SQL statement that way (by concatenating user input.) SQL statements should ALWAYS be parameterized. Your example code exposes the application to one of programming's most elementary security vulnerabilities. – Peter J Oct 07 '14 at 22:05

4 Answers4

3

It sounds like you are attempting to parse HTML strings stored in the database. You need a library for that, e.g. HTML Agility Pack.

At least Convert.ToInt32(Request.QueryString["ID"].ToString()) or better yet, use ADO.NET parameters.

wp78de
  • 18,207
  • 7
  • 43
  • 71
MatthewMartin
  • 32,326
  • 33
  • 105
  • 164
0

Looks like this might have been answered before. Html 5 is not xml. So might need to confirm this library can work with that.

What is the best way to parse html in C#?

Community
  • 1
  • 1
bhiku
  • 81
  • 2
0

I don't know what type of SQL are you using, but must be attentive about this action:

if (dr.HasRows)
    {
        dr.Read();
        ...
    }

For example: SQLite's using a queue, and if has not made ​​full inquiry then in some future throw exception when you will want execute other query, but not made full inquiry before. Better way:

if(dr.HasRows)
{
   while(dr.Read())
   {
      ...
   }
}

or if you want only first item use LIMIT in sql query or by this way:

if(dr.HasRows)
{
    bool IsFirst = true;
    while(dr.Read())
    {
       if(IsFirst)
       {
           ...
          IsFirst = false;
       }
    }
}

but everytime use while(dr.Read()), not other way.

Marek Woźniak
  • 1,766
  • 16
  • 34
0

Instead of using standard HTML form input elements why not use ASP.NET controls. All you have to do is put the "runat=server" attribute into your existing form input elements and then you can reference everything you want from CodeBehind.

As a side note, there are MUCH, MUCH better ways to achieve what it looks like you are trying to do. I could rattle off a bunch right now. These are in no particular order and all deal with various aspects of what you need to accomplish. Meaning, these suggestions aren't so that you can pick 1 of them. These are a collection of programming and/or .NET framework solutions that each accomplish different things. You can use a combination of them or just one. Some you can use to just enhance what you've already done. Using LINQ instead of the inline SQL (or anything other than inline SQL for that matter) would be a good start.

  1. Databinding
  2. LINQ
  3. ORM - Entity Framework
  4. Replace you existing open/close connection with a "using" statement.

There are many other ways to do what you are trying to do. These are just a few concepts/ideas that you should definitely research before doing any more work on what you already have.

Ami Schreiber
  • 287
  • 2
  • 6
  • 20