\$\begingroup\$
\$\endgroup\$
1
I have a multiview to insert and edit users. Users are listed in a gridview. In selectedindexchanged event of gridview I've placed this code:
protected void GrvList_SelectedIndexChanged(object sender, EventArgs e)
{
// EditView
FrmaddEditUsers.ActiveViewIndex = 1;
// Get Username
UserName.Text = GrvList.DataKeys[GrvList.SelectedIndex].Value.ToString();
}
I wonder if it's necessary to change it as below, being afraid of values are changed by bad users:
protected void GrvList_SelectedIndexChanged(object sender, EventArgs e)
{
// change to EditView
FrmaddEditUsers.ActiveViewIndex = 1;
// Get Username from gridview and display in txtbox
string ToBeEditedUser = GrvList.DataKeys[GrvList.SelectedIndex].Value.ToString();
UserName.Text = HttpUtility.HtmlEncode(ToBeEditedUser);
}
Jamal
35.2k13 gold badges134 silver badges238 bronze badges
asked Jan 29, 2012 at 7:53
-
\$\begingroup\$ Depends upon whether you have the view state enabled or not and where you get the values of your list. \$\endgroup\$jmoreno– jmoreno2012年05月29日 07:43:22 +00:00Commented May 29, 2012 at 7:43
2 Answers 2
\$\begingroup\$
\$\endgroup\$
Since you are taking data from the user and passing it straight back, I would go with the encoded method. Also, on the serverside, since you are separating out the acquisition of the data from its reuse it should help with debugging.
\$\begingroup\$
\$\endgroup\$
It certainly wouldn't do any harm and if you users have a backend that does not do something like encode when the user's name goes into the database then this will prevent any nasties.
lang-cs