Hello All-
I've got a Custom Web Control that with a public class that that sets a
private variable inside the class. I plop the custom control onto my
page and off I go. From my main page, I call the
customPage.loadPage(10) and pass in a value of 10. The loadPage method
sets var1 = 10 as expected; however, when the customPage's button is
clicked and the page is posted back, var1 is set back to it's initial
state of -1.
I'm halfway certain this is because of the net's stateless behavior;
however, I also half expected .NET to keep track of that value
somewhere server side or elsewhere. Is there anyway I can actually keep
the state (state being my private vars, etc. that were setup on the
initial creation of my object) of my custom forms when an event is
triggered? If no, is there anyway to do this besides passing in values
as a URL parameter?
Below is a very simplified version of my custom control's source.
------
public partial class QuestInfoBox : System.Web.UI.UserControl
{
private int var1 = -1;
protected void Page_Load(object sender, EventArgs e) {
}
public void loadPage(int var1) {
// this is called from the parent page's page_load event
this.var1 = var1;
}
protected void acceptButton_Click(object sender, EventArgs e) {
// at this point, var1 is -1
//do other stuff
}
3  1212 
As a follow up, I changed my form to use a hidden input field to store
the value of "var1." This preserves it on the click event of the
button.
My net question is, if a would-be hacker came along and changed the
value of the hidden field, would the .NET parser catch it in the
validation routines or would I be vulnerable?
You need to store it yourself. You can do so in the viewstate:
private int var1
{
get
{
if (ViewState["var"] == null) { return -1; }
return (int)ViewState["var"];
}
set
{
ViewState["var"] = value;
}
}
or somewhere else like the session.
Karl
-- http://www.openmymind.net/ http://www.fuelindustries.com/
"Chu" <ry********@thescottclan.net> wrote in message
news:11*********************@g10g2000cwb.googlegro ups.com... Hello All-
I've got a Custom Web Control that with a public class that that sets a
private variable inside the class. I plop the custom control onto my
page and off I go. From my main page, I call the
customPage.loadPage(10) and pass in a value of 10. The loadPage method
sets var1 = 10 as expected; however, when the customPage's button is
clicked and the page is posted back, var1 is set back to it's initial
state of -1.
I'm halfway certain this is because of the net's stateless behavior;
however, I also half expected .NET to keep track of that value
somewhere server side or elsewhere. Is there anyway I can actually keep
the state (state being my private vars, etc. that were setup on the
initial creation of my object) of my custom forms when an event is
triggered? If no, is there anyway to do this besides passing in values
as a URL parameter?
Below is a very simplified version of my custom control's source.
------
public partial class QuestInfoBox : System.Web.UI.UserControl
{
private int var1 = -1;
protected void Page_Load(object sender, EventArgs e) {
}
public void loadPage(int var1) {
// this is called from the parent page's page_load event
this.var1 = var1;
}
protected void acceptButton_Click(object sender, EventArgs e) {
// at this point, var1 is -1
//do other stuff
}
You'd be vulnerable.
My viewstate solution I posted is effectively the same thing..since viewsate
itself is stored in a hidden form field. Viewstate isn't any more secure
though (well it is, but only ever so slightly).
Karl
-- http://www.openmymind.net/ http://www.fuelindustries.com/
"Chu" <ry********@thescottclan.net> wrote in message
news:11**********************@i40g2000cwc.googlegr oups.com... As a follow up, I changed my form to use a hidden input field to store
the value of "var1." This preserves it on the click event of the
button.
My net question is, if a would-be hacker came along and changed the
value of the hidden field, would the .NET parser catch it in the
validation routines or would I be vulnerable? This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: netclectic |
last post by:
Hi folks, i've searched and searched and can't find any example of
what i'm trying to do. Essentially (i think) i need to add a new
operator to Number.
I'm using eval to evaluate expressions...
|
by: Steve Amey |
last post by:
Hi all
I am creating a basic control to perform some tasks, and I want to declare
some events to be raised so they can be handled from the form that the
control is on. I can create my own Event...
|
by: Sundown |
last post by:
I am trying to create a custom button control for the web that, when clicked,
disables and changes the text of itself and a bunch of other controls (in the
collection). My goal is to end up with a...
|
by: SammyBar |
last post by:
Hi,
I'm trying to bind a custom collection class to a data grid, following the
guidelines from the article
http://msdn.microsoft.com/msdnmag/issues/05/08/CollectionsandDataBinding/default.aspx....
|
by: Brett |
last post by:
I am working with vb.net in a asp.net application.
I have created a config file in xml format. The goal is to
be able to change the config file without having to recompile the
entire...
|
by: AMDRIT |
last post by:
Hello everyone,
I have created a custom component and one of its properties is a class
object with it's own properties. During runtime, I can assign values to the
class object properties just...
|
by: Jamey Shuemaker |
last post by:
I'm in the process of expanding my knowledge and use of Class Modules.
I've perused MSDN and this and other sites, and I'm pretty comfortable
with my understanding of Class Modules with the...
|
by: Pete Kane |
last post by:
Hi All, does anyone know how to add TabPages of ones own classes at design time ? ideally when adding a new TabControl it would
contain tab pages of my own classes, I know you can achieve this with...
|
by: ChopStickr |
last post by:
I have a custom control that is embedded (using the object tag) in an html document.
The control takes a path to a local client ini file.
Reads the file.
Executes the program specified in...
|
by: Lowell Alleman |
last post by:
Here is the situation: I wrote my own log handler class (derived from
logging.Handler) and I want to be able to use it from a logging config
file, that is, a config file loaded with the...
|
by: Kemmylinns12 |
last post by:
Blockchain technology has emerged as a transformative force in the business world, offering unprecedented opportunities for innovation and efficiency. While initially associated with cryptocurrencies...
|
by: Naresh1 |
last post by:
What is WebLogic Admin Training?
WebLogic Admin Training is a specialized program designed to equip individuals with the skills and knowledge required to effectively administer and manage Oracle...
|
by: AndyPSV |
last post by:
HOW CAN I CREATE AN AI with an .executable file that would suck all files in the folder and on my computerHOW CAN I CREATE AN AI with an .executable file that would suck all files in the folder and...
|
by: Arjunsri |
last post by:
I have a Redshift database that I need to use as an import data source. I have configured the DSN connection using the server, port, database, and credentials and received a successful connection...
|
by: Oralloy |
last post by:
Hello Folks,
I am trying to hook up a CPU which I designed using SystemC to I/O pins on an FPGA.
My problem (spelled failure) is with the synthesis of my design into a bitstream, not the C++...
|
by: Carina712 |
last post by:
Setting background colors for Excel documents can help to improve the visual appeal of the document and make it easier to read and understand. Background colors can be used to highlight important...
|
by: Rahul1995seven |
last post by:
Introduction:
In the realm of programming languages, Python has emerged as a powerhouse. With its simplicity, versatility, and robustness, Python has gained popularity among beginners and experts...
|
by: Johno34 |
last post by:
I have this click event on my form. It speaks to a Datasheet Subform
Private Sub Command260_Click()
Dim r As DAO.Recordset
Set r = Form_frmABCD.Form.RecordsetClone
r.MoveFirst
Do
If...
|
by: ezappsrUS |
last post by:
Hi,
I wonder if someone knows where I am going wrong below. I have a continuous form and two labels where only one would be visible depending on the checkbox being checked or not. Below is the...
| |
