Saturday, May 5, 2012

asp.net Set Cookie for Client Pc using c#

   public void setCookie()
    {


        if ((chk_remember_me.Checked))
        {
            HttpCookie aCookie = new HttpCookie("mwa_gov_saChatInfo");
            Response.Cookies.Remove("mwa_gov_saChatInfo");
            Response.Cookies.Add(aCookie);
            aCookie.Values.Add("UserName",HttpUtility.UrlEncode(txtName.Value) );
            aCookie.Values.Add("Email", txtEmail.Value );
            aCookie.Expires = DateTime.Now.AddMonths(2);
            Response.Cookies.Add(aCookie);
        }
        else
        {
            HttpCookie cookie = Request.Cookies["mwa_gov_saChatInfo"];
            if (cookie != null)
            {
                HttpCookie aCookie = new HttpCookie("mwa_gov_saChatInfo");
                aCookie.Expires = DateTime.Now.AddMonths(-2);
                Response.Cookies.Add(aCookie);
                chk_remember_me.Checked = false;
            }
        }
    }

Friday, May 4, 2012

vb.net Sql server Query Parametrized Select Statement

This Sample Code Clarify how to call Sql statement using Parameters to Avoid Sql Injection problem

 Dim dsEmails As New DataSet()
Using connection As New SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings("mwa_mwa_gov_saConnectionString").ToString())
 Dim myDataAdapter As New SqlDataAdapter("SELECT [ID], [UserId], [UserName], [FirstName], [FatherName],[GrandfatherName], [FamilyName], [Email], [SubscriptionNo], [MobileNo] From IUSers Where ID=@ID", connection)
                        myDataAdapter.SelectCommand.Parameters.Add("@ID", SqlDbType.Int, 11)
                        myDataAdapter.SelectCommand.Parameters("@ID").Value = Convert.ToInt32(s) 'Request.Cookies("ID").Value)
   myDataAdapter.Fill(dsEmails)
   connection.Close()
   myDataAdapter.Dispose()
 End Using

asp.net Password Validation example

using System;
using System.Text.RegularExpressions;

public void CreateNewUserAccount(string name, string password)
{
    // Check name contains only lower case or upper case letters, 
    // the apostrophe, a dot, or white space. Also check it is 
    // between 1 and 40 characters long
    if ( !Regex.IsMatch(userIDTxt.Text, @"^[a-zA-Z'./s]{1,40}$"))
      throw new FormatException("Invalid name format");

    // Check password contains at least one digit, one lower case 
    // letter, one uppercase letter, and is between 8 and 10 
    // characters long
    if ( !Regex.IsMatch(passwordTxt.Text, 
                      @"^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,10}$" ))
      throw new FormatException("Invalid password format");

    // Perform data access logic (using type safe parameters)
    ...
}