Hello
I am building a page where users can edit data
I have followed a sample case (http://demos.telerik.com/aspnet-ajax/grid/examples/programming/commanditem/defaultcs.aspx)
and here is my sample page (http://gaia.agraria.unitus.it/prova3.aspx)
The problem rise in the second grid after user selects a site: when you switch to edit mode, you can enter anything in the textbox.
In your sample, I tried to enter the string SELECT * FROM MyTable DELETE FROM MyTable or other attempts with dangerous words (such as delete or drop) and the input was blocked.
But inspecting your code there I could not find anything about sql injection prevenction; that is, when I tried to replicate the test into my page, all data were dangerously inserted.
Is there a way to process data before the update operatione in the database?
Thanks
Diego
I am building a page where users can edit data
I have followed a sample case (http://demos.telerik.com/aspnet-ajax/grid/examples/programming/commanditem/defaultcs.aspx)
and here is my sample page (http://gaia.agraria.unitus.it/prova3.aspx)
The problem rise in the second grid after user selects a site: when you switch to edit mode, you can enter anything in the textbox.
In your sample, I tried to enter the string SELECT * FROM MyTable DELETE FROM MyTable or other attempts with dangerous words (such as delete or drop) and the input was blocked.
But inspecting your code there I could not find anything about sql injection prevenction; that is, when I tried to replicate the test into my page, all data were dangerously inserted.
Is there a way to process data before the update operatione in the database?
Thanks
Diego
3 Answers, 1 is accepted
0
Jayesh Goyani
Top achievements
Rank 2
Rank 2
answered on 26 Jun 2012, 03:16 PM
Hello,
In above code snippet i have added RequiredFieldValidator to boundcolumn. But you can also apply Reggularexpressionvalidator or customvalidator to achieve your requirement.
Thanks,
Jayesh Goyani
private void RadGrid1_ItemCreated(object sender, Telerik.WebControls.GridItemEventArgs e) { if(e.Item is GridEditableItem && e.Item.IsInEditMode) { GridEditableItem item = e.Item as GridEditableItem; GridTextBoxColumnEditor editor = (GridTextBoxColumnEditor)item.EditManager.GetColumnEditor( "ColumnUniuqeName"); TableCell cell = (TableCell)editor.TextBoxControl.Parent; RequiredFieldValidator validator = new RequiredFieldValidator(); editor.TextBoxControl.ID = "ID_for_validation"; validator.ControlToValidate = editor.TextBoxControl.ID; validator.ErrorMessage = "*"; cell.Controls.Add(validator); } }In above code snippet i have added RequiredFieldValidator to boundcolumn. But you can also apply Reggularexpressionvalidator or customvalidator to achieve your requirement.
Thanks,
Jayesh Goyani
0
diego
Top achievements
Rank 1
Rank 1
answered on 27 Jun 2012, 10:26 AM
You are my saviour!
I have solved by creating a customvalidator and assigning a client side function.
One more question: how can I implement a SERVER validation function with a customvalidator ?
Many thanks!
I have solved by creating a customvalidator and assigning a client side function.
One more question: how can I implement a SERVER validation function with a customvalidator ?
Many thanks!
0
Hi Diego,
In order to have a server side validation with CustomValidator control you need to handle ServerValidate event of the CustomValidator. On the following link you could find example:
http://asp.net-tutorials.com/validation/custom-validator/
I hope this helps.
All the best,
Radoslav
the Telerik team
In order to have a server side validation with CustomValidator control you need to handle ServerValidate event of the CustomValidator. On the following link you could find example:
http://asp.net-tutorials.com/validation/custom-validator/
I hope this helps.
All the best,
Radoslav
the Telerik team
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.