|
i planning to put the flash button menu for my site.
but normaly i use frame so the button will have some effect like show submenu. but i found out many asp website dont really use frame because when user trying to scoll down the side frame will always fix there.
but if i use the global thing to fix all my page same as the first page... then my button will always at the beginning part... which i mean in 1 page the user click on the Product button then submenu come out then when user click another time will bring to other page, which the button will not show the submenu of product... user have to reclick again~??
1st page: product->submenu
2rd page:Product (i want to remain wat the user have done in 1st page which is product->submenu...)
|
|
|
|
|
Does this sound familiar to anyone: You're faced with reviewing a spec for a large project and you're trying to come up with a ball park estimate. A common approach (usually combined with others) is to count the number of screens or forms that the project requires. Multiply that by some average number of hours you think it takes to do an ASP.NET form and you've got some starting point for your ball park estimate.
Remember the goal is a superficial review and estimate with the understanding that there may be a large margin of error after a closer analysis of the spec.
So what number do you use for the average number of hours to code an ASP.NET form (1.x or 2.0)? Assume both page and code-behind programming, but not design/CSS, etc.
Just curious...
|
|
|
|
|
because i like to build whole apps in one page(lots of panels).
|
|
|
|
|
What I usually do when estimating is think of a project as similar as posibile with the one I need to estimate. And depending on the complexity add or remove hours to the estimation.
If there's no comparison type, depending of the complexity of the pages: between 1 and 5 hours.
Don't also forget to add some extra hours if your building a n-tier architecture. You need time for BLL, DAL also database design and implementation.
What I usually do is add another 30% extra hours over the estimation. This gives you a good advantage in case you estimated incorectly some tasks.
Well, this is me. If anyone has any recomendations, let me know. There's room for improvement for me too.
regards,
Mircea
Many people spend their life going to sleep when they’re not sleepy and waking up while they still are.
|
|
|
|
|
Hi , Sorry it was really a bad title but i really need to know what is the role of that stuff . i 've read a lot abt that view state but nobody & no document tell you directly what is the role of the viewstate & how it works & when & why we use it
i want an example that make it clear i want you explain it to me can you please ??
thank you
try to be good if you can't be the best
|
|
|
|
|
ViewState is a property of any web control for eg. textbox
the default is true
it means when you refesh the page the value will remain in the textbox
the value of the web control (textbox here) is stored as the encrypted hidden value in the page
and when the page refreshes the textbox takes the value from that encrypted value
ASP.NET uses a hidden input control named _VIEWSTATE to maintain state/values for all non-postback controls that are modified in the code.
ViewState also allows you to store structured data as long as the data is serializable
You can also use the ViewState property of the Page class to store page level values
hope this clears a bit
Rule # 17: Omit Needless Words - Strunk, William, Jr.
-------------------------------------------------------------
Universal DBA | Ajax Rating
|
|
|
|
|
thank you
try to be good if you can't be the best
|
|
|
|
|
Go through this article this will help you a lot.
http://www.aspnetresources.com/articles/ViewState.aspx
Best Regards,
Apurva Kaushal
|
|
|
|
|
I am a beginner programmer and do not understand the concept of database manipulation. So far I have a webform with textboxes and a button. I want to be able to enter information into these textboxes and by pressing the add button, the information should be stored in the database.
Can someone please help me with this?
|
|
|
|
|
you might wanna search @ CP a lot of examples are here at code project
i have an article here [^]
slightly advance but might be useful
Rule # 17: Omit Needless Words - Strunk, William, Jr.
-------------------------------------------------------------
Universal DBA | Ajax Rating
|
|
|
|
|
Hi,
If anybody can help me out in this, i really appreciate the efforts.
I have three bound columns(date(mm/dd/yyyy),starttime,endtime) in datagrid.
i want to sort my datagrid according to date. but the values are in string format as the dataset is populated from an xml file.
i implement this:
boundcolumn.dataformatstring = "{0 }";
but it short my grid according to month only.'
i m using dataview for sorting:
DataView mydataview = dataset.Tables[0].DefaultView;
mydataview.Sort = dataset.Tables[0].Columns["date"].ToString();
datagrid.DataSource = mydataview;
please help me out.
Thanks,
Dhruvil
|
|
|
|
|
Hi,
I don't know exact solution ,but there is alternative you can use orderby clause in your query.
I hope this will help.
Regards,
Nagraj
Let's Teach Life To Laugh........
|
|
|
|
|
Ok, I have a client with a web app in .net and it's the worst most disoranized thing I have ever seen in my life.
Please if your going to do consulting, please learn programming basics first and not on the job (Couse then they hire me to fix your code and they won't let me really fix it (rewrite), I have to use bandaids).
Heres an example of what I'm up agenst:
Theres a button on the form and its visibility is set to false.
btnAdd.Visible = false;
That Button has an onClick event, and that event says:
btnAdd.Visible = true;
My client said, why can't we ever see the button... lol
Matthew Hazlett
Sometimes I miss the simpler DOS days of Borland Turbo Pascal (but not very often).
|
|
|
|
|
might wanna post it in www.dailywtf.com
this is programming question forum
Rule # 17: Omit Needless Words - Strunk, William, Jr.
-------------------------------------------------------------
Universal DBA | Ajax Rating
|
|
|
|
|
I am hoping ot use the comet architecture in my application. This means that for every client browser, there will be a hidden iframe, pointing at a page that never completes loading. When I want to send a message to the client, I will write something to this page. When I don't, the connection to this page will stay open, but dormant.
Does anyone know if there are a limit to the number of ASP pages which I can keep open like that? I am hitting a limit, but it is just the connection limit imposed because I am running on an XP machine. On a server, will there be any limits, aside from memory and CPU?
|
|
|
|
|
I have a question about ASP.NET security. We learned in the advanced ASP.NET class not to put our username and password in our code behind page because a hacker could get to it there. They said as a good security practice we should put it in the web.config file, encrypt it, memorize the password, and lock the server room door, but what about our sql commands or query strings?
If in our code behind page we have the query:
SELECT * FROM SQLUSERDATA WHERE USER = txtUSER.Text AND PASS = txtPASS.Text
What stops a hacker from getting to the string in memory and changing it to:
SELECT * FROM SQLUSERDATA
to return all the usernames, passwords, addresses, etc. from our database. I'm assuming if they can get to the sql connection string to steal the password when it is in the code behind then they can just as easily get to sql query command string.
I am trying to put the command string for my sql query into web.config then pull in the username and password from the webform but cannot use varibles in the string because web.config does not see my webform objects. I googled for hours but could only find help with the connection string which everyone knows how to do by now, and doesn't need varibles from the webform. How do I make the following code work in the web.config:
SELECT * FROM SQLUSERDATA WHERE USER = txtUSER.Text AND PASS = txtPASS.Text
or what would be the most secure way to hide my query string from hackers?
Thanks!
timothymburke@hotmail.com
|
|
|
|
|
If a hacker would be able to read your queries in the code, that is hardly a security risk. He can't do anything with them without a database connection.
A database login is a completely different matter. If the login is in the code, and a hacker manages to get read access to the file, he has all the access to the database that the login is granted. (Sadly that is often full access.)
To change a query in the running code requires a completely different level of access. If a hacker gets that kind of access he wouldn't go for the queries, he would swipe the database login once the code has decrypted it. So in that case it matters very little where you store anything.
---
b { font-weight: normal; }
|
|
|
|
|
I understand a hackers reasoning about wanting the login to my sql server. It makes them able to get direct admin access to the sql server but it is just as difficult to grab the login from memory as it would be to grab the SQL query string, and I would assume just as simple for that same hacker to change the query before it posts back to the server. Sadly there isn't much difference between admin access and a query through an admin login given you know the most basic SQL.
"without a database connection"
They have database connection already, everyone has to have a database connection to check their login and pass against the database, even when it is incorrect, which is another best pratice to put the usernames and passwords in the database.
So my point is, access to SQL queries through an admin account yields the same security risks as direct admin access to the server, therefore, what is the point of encrypting your login in the web.config file if they are just going to have access to your queries in the code behind page that I already know is not secure since Microsoft tells us directly anyone can view the code behind page and/or change it.
"hardly a security risk"
Access to queries is a grave security risk especially when that connection has full access which as you pointed out is very often not to mention a must for any add, change, delete program, and it is only slightly less risky to a connection that has read only access always with the obvious unrevokable ability to run read-only queries like "SELECT * FROM... Hackers have used the same or related security hole for years to get at data from all the other frameworks so what can I do to stop this in .NET or am I to simply assume these same hackers will stop trying to get it at data?
Thanks for the reply.
timothymburke@hotmail.com
-- modified at 13:55 Tuesday 20th June, 2006
|
|
|
|
|
timothymburke wrote:
"hardly a security risk"
Access to queries is a grave security risk especially when that connection has full access which as you pointed out is very often not to mention a must for any add, change, delete program, and it is only slightly less risky to a connection that has read only access always with the obvious unrevokable ability to run read-only queries like "SELECT * FROM... Hackers have used the same or related security hole for years to get at data from all the other frameworks so what can I do to stop this in .NET or am I to simply assume these same hackers will stop trying to get it at data?
If you read the entire sentence, it is: "If a hacker would be able to read your queries in the code, that is hardly a security risk."
As I tried to explain in my previous post, there is a big difference between being able to read some files or part of files on the server, and changing them.
If you for an example make the mistake to publish code with debug info, and configure the site to show detailed error messages, anyone will be able to see a few lines of code if there is an exception in the page. That is an example of how someone might get to se part of the code without much effort.
To get full access to the server, on the other hand, so that someone can change any files, is quite a bit harder. As I tried to explain in the previous post, there is not much you can do to protect your code or database in that case. Whatever you do, you are f***ed anyway, pardon the language.
---
b { font-weight: normal; }
|
|
|
|
|
What I recommend is putting your connection string into a separate and compiled class file. We have a connection manager class that returns the appropriate connection depending if we are on the test or production server. Another good idea is to use stored procedures. Never give a user dataWriter access. I learned this hard way when the user connected via MS Access and was updating the tables outside the application.
how vital enterprise application are for proactive organizations leveraging collective synergy to think outside the box and formulate their key objectives into a win-win game plan with a quality-driven approach that focuses on empowering key players to drive-up their core competencies and increase expectations with an all-around initiative to drive up the bottom-line. But of course, that's all a "high level" overview of things
--thedailywtf 3/21/06
|
|
|
|
|
You should probably worry about what is in the Text field of the text box. Malicious code could be passed into the database if you do not strip it and you should parameterize your queries, never Concatenate strings to create a sql statement.
|
|
|
|
|
|
Hi
In my application if i give the application no and then click ,then the datails of that particular application(app no,date,...) in the form of table.please help me
|
|
|
|
|
Good luck getting an answer to that one.
how vital enterprise application are for proactive organizations leveraging collective synergy to think outside the box and formulate their key objectives into a win-win game plan with a quality-driven approach that focuses on empowering key players to drive-up their core competencies and increase expectations with an all-around initiative to drive up the bottom-line. But of course, that's all a "high level" overview of things
--thedailywtf 3/21/06
|
|
|
|
|
Hi,
please i want you to tell me what is the real role of a ViewState & when & why we should use it ??
it will be better if you can give me even a small example to let me understand it please
thank you
try to be good if you can't be the best
|
|
|
|