Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > Cookie to textbox?

Reply
Thread Tools

Cookie to textbox?

 
 
vbMark
Guest
Posts: n/a
 
      10-11-2004
What am I doing wrong here?

<%
UserID = Request.Cookies("emu")("UserID")
%>

<TABLE>
<TR>
<TD>UserID: <INPUT id=UserID value="<%=UserID%>"></TD>
</TR>
</TABLE>

The textbox shows <%=UserID%> and not the value.

Any ideas?

Thanks!
 
Reply With Quote
 
 
 
 
Manohar Kamath
Guest
Posts: n/a
 
      10-11-2004
Code looks good to me, what is the value in the cookie?

--
Manohar Kamath
Editor, .netWire
www.dotnetwire.com


"vbMark" <(E-Mail Removed)> wrote in message
news:Xns957F6EBAA2433noemailcom@130.133.1.4...
> What am I doing wrong here?
>
> <%
> UserID = Request.Cookies("emu")("UserID")
> %>
>
> <TABLE>
> <TR>
> <TD>UserID: <INPUT id=UserID value="<%=UserID%>"></TD>
> </TR>
> </TABLE>
>
> The textbox shows <%=UserID%> and not the value.
>
> Any ideas?
>
> Thanks!



 
Reply With Quote
 
 
 
 
vbMark
Guest
Posts: n/a
 
      10-11-2004
"Manohar Kamath" <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> Code looks good to me, what is the value in the cookie?
>


Sorry, it was just showing wrong in InterDev's Quick View. It works fine
when viewed in the web browser.

Thanks.
 
Reply With Quote
 
Manohar Kamath
Guest
Posts: n/a
 
      10-11-2004
That's what I thought... Quick view is an HTML view of the page, and the
page is not "executed"

--
Manohar Kamath
Editor, .netWire
www.dotnetwire.com


"vbMark" <(E-Mail Removed)> wrote in message
news:Xns957F7910F22ECnoemailcom@130.133.1.4...
> "Manohar Kamath" <(E-Mail Removed)> wrote in
> news:(E-Mail Removed):
>
> > Code looks good to me, what is the value in the cookie?
> >

>
> Sorry, it was just showing wrong in InterDev's Quick View. It works fine
> when viewed in the web browser.
>
> Thanks.



 
Reply With Quote
 
Evertjan.
Guest
Posts: n/a
 
      10-11-2004
Curt_C [MVP] wrote on 11 okt 2004 in
microsoft.public.inetserver.asp.general:

> <TD>UserID: <INPUT id=UserID value="<%=UserID%>"></TD>
>
> should be
>
> <TD>UserID: <INPUT id=UserID value=<%=UserID%>></TD>
>
>


This is a bad advice as it will go wrong if UserID contains an inside space

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress,
but let us keep the discussions in the newsgroup)

 
Reply With Quote
 
Dave Anderson
Guest
Posts: n/a
 
      10-11-2004
vbMark wrote:
> What am I doing wrong here?
>
> UserID = Request.Cookies("emu")("UserID")
> ...
> <INPUT id=UserID value="<%=UserID%>">


Never mind QuickView, two other potential problems leap to mind:

1. Storing UserID as a cookie suggests a poor security model
unless this is just a device of convenience similar to the
way the Windows login prompt stores that Login ID of the
last person to log in

2. Unless you are in complete control of the range of possible
values for UserID, it might not hurt to display it like
this:

<INPUT id=UserID value="<%=Server.HTMLEncode(UserID)%>">


--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.


 
Reply With Quote
 
vbMark
Guest
Posts: n/a
 
      10-12-2004
"Dave Anderson" <(E-Mail Removed)> wrote in news:O$b06G#rEHA.2128
@TK2MSFTNGP10.phx.gbl:

> vbMark wrote:
>> What am I doing wrong here?
>>
>> UserID = Request.Cookies("emu")("UserID")
>> ...
>> <INPUT id=UserID value="<%=UserID%>">

>
> Never mind QuickView, two other potential problems leap to mind:
>
> 1. Storing UserID as a cookie suggests a poor security model
> unless this is just a device of convenience similar to the
> way the Windows login prompt stores that Login ID of the
> last person to log in


This is just for our developers and testers.

> 2. Unless you are in complete control of the range of possible
> values for UserID, it might not hurt to display it like
> this:
>
> <INPUT id=UserID value="<%=Server.HTMLEncode(UserID)%>">


Why, what does this do?

 
Reply With Quote
 
Dave Anderson
Guest
Posts: n/a
 
      10-12-2004
vbMark wrote:
>> <INPUT id=UserID value="<%=Server.HTMLEncode(UserID)%>">

>
> Why, what does this do?


It HTMLEncodes the value, which is how you protect your HTML from being
inadvertantly broken by characters like this:

" ><&
^^^^^

Generally not a big issue for UserIDs, I agree. But if you let your users
choose their own IDs, what happens when someone chooses [The "Dude"] ? Your
subsequent HTML:

<input id="UserID" value="The "Dude"">


Know thy data.


--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
What is different between Request.Cookie and Response.Cookie ad ASP .Net 2 01-27-2006 12:54 PM
Cookie Question (IP as domain and cookie file location) =?Utf-8?B?UGF1bA==?= ASP .Net 1 01-10-2006 08:37 PM
Any downsides to cookie assignment inside custom class using HttpContext.Current? ASP.NET 2.0 cookie fix? ASP .Net 2 08-17-2005 06:43 AM
Cookie and Session Cookie Questions. Shapper ASP .Net 1 04-27-2005 11:20 AM
Session cookie? Browser instance cookie? Ben ASP .Net 3 06-03-2004 03:41 AM



Advertisments