Cookie to textbox?

Discussion in 'ASP General' started by vbMark, Oct 11, 2004.

  1. vbMark

    vbMark Guest

    What am I doing wrong here?

    <%
    UserID = Request.Cookies("emu")("UserID")
    %>

    <TABLE>
    <TR>
    <TD>UserID: <INPUT id=UserID value="<%=UserID%>"></TD>
    </TR>
    </TABLE>

    The textbox shows <%=UserID%> and not the value.

    Any ideas?

    Thanks!
     
    vbMark, Oct 11, 2004
    #1
    1. Advertising

  2. Code looks good to me, what is the value in the cookie?

    --
    Manohar Kamath
    Editor, .netWire
    www.dotnetwire.com


    "vbMark" <> wrote in message
    news:Xns957F6EBAA2433noemailcom@130.133.1.4...
    > What am I doing wrong here?
    >
    > <%
    > UserID = Request.Cookies("emu")("UserID")
    > %>
    >
    > <TABLE>
    > <TR>
    > <TD>UserID: <INPUT id=UserID value="<%=UserID%>"></TD>
    > </TR>
    > </TABLE>
    >
    > The textbox shows <%=UserID%> and not the value.
    >
    > Any ideas?
    >
    > Thanks!
     
    Manohar Kamath, Oct 11, 2004
    #2
    1. Advertising

  3. vbMark

    vbMark Guest

    "Manohar Kamath" <> wrote in
    news::

    > Code looks good to me, what is the value in the cookie?
    >


    Sorry, it was just showing wrong in InterDev's Quick View. It works fine
    when viewed in the web browser.

    Thanks.
     
    vbMark, Oct 11, 2004
    #3
  4. That's what I thought... Quick view is an HTML view of the page, and the
    page is not "executed"

    --
    Manohar Kamath
    Editor, .netWire
    www.dotnetwire.com


    "vbMark" <> wrote in message
    news:Xns957F7910F22ECnoemailcom@130.133.1.4...
    > "Manohar Kamath" <> wrote in
    > news::
    >
    > > Code looks good to me, what is the value in the cookie?
    > >

    >
    > Sorry, it was just showing wrong in InterDev's Quick View. It works fine
    > when viewed in the web browser.
    >
    > Thanks.
     
    Manohar Kamath, Oct 11, 2004
    #4
  5. vbMark

    Evertjan. Guest

    Curt_C [MVP] wrote on 11 okt 2004 in
    microsoft.public.inetserver.asp.general:

    > <TD>UserID: <INPUT id=UserID value="<%=UserID%>"></TD>
    >
    > should be
    >
    > <TD>UserID: <INPUT id=UserID value=<%=UserID%>></TD>
    >
    >


    This is a bad advice as it will go wrong if UserID contains an inside space

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress,
    but let us keep the discussions in the newsgroup)
     
    Evertjan., Oct 11, 2004
    #5
  6. vbMark wrote:
    > What am I doing wrong here?
    >
    > UserID = Request.Cookies("emu")("UserID")
    > ...
    > <INPUT id=UserID value="<%=UserID%>">


    Never mind QuickView, two other potential problems leap to mind:

    1. Storing UserID as a cookie suggests a poor security model
    unless this is just a device of convenience similar to the
    way the Windows login prompt stores that Login ID of the
    last person to log in

    2. Unless you are in complete control of the range of possible
    values for UserID, it might not hurt to display it like
    this:

    <INPUT id=UserID value="<%=Server.HTMLEncode(UserID)%>">


    --
    Dave Anderson

    Unsolicited commercial email will be read at a cost of $500 per message. Use
    of this email address implies consent to these terms. Please do not contact
    me directly or ask me to contact you directly for assistance. If your
    question is worth asking, it's worth posting.
     
    Dave Anderson, Oct 11, 2004
    #6
  7. vbMark

    vbMark Guest

    "Dave Anderson" <> wrote in news:O$b06G#rEHA.2128
    @TK2MSFTNGP10.phx.gbl:

    > vbMark wrote:
    >> What am I doing wrong here?
    >>
    >> UserID = Request.Cookies("emu")("UserID")
    >> ...
    >> <INPUT id=UserID value="<%=UserID%>">

    >
    > Never mind QuickView, two other potential problems leap to mind:
    >
    > 1. Storing UserID as a cookie suggests a poor security model
    > unless this is just a device of convenience similar to the
    > way the Windows login prompt stores that Login ID of the
    > last person to log in


    This is just for our developers and testers.

    > 2. Unless you are in complete control of the range of possible
    > values for UserID, it might not hurt to display it like
    > this:
    >
    > <INPUT id=UserID value="<%=Server.HTMLEncode(UserID)%>">


    Why, what does this do?
     
    vbMark, Oct 12, 2004
    #7
  8. vbMark wrote:
    >> <INPUT id=UserID value="<%=Server.HTMLEncode(UserID)%>">

    >
    > Why, what does this do?


    It HTMLEncodes the value, which is how you protect your HTML from being
    inadvertantly broken by characters like this:

    " ><&
    ^^^^^

    Generally not a big issue for UserIDs, I agree. But if you let your users
    choose their own IDs, what happens when someone chooses [The "Dude"] ? Your
    subsequent HTML:

    <input id="UserID" value="The "Dude"">


    Know thy data.


    --
    Dave Anderson

    Unsolicited commercial email will be read at a cost of $500 per message. Use
    of this email address implies consent to these terms. Please do not contact
    me directly or ask me to contact you directly for assistance. If your
    question is worth asking, it's worth posting.
     
    Dave Anderson, Oct 12, 2004
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ben
    Replies:
    3
    Views:
    5,891
    Steven Cheng[MSFT]
    Jun 3, 2004
  2. Shapper

    Cookie and Session Cookie Questions.

    Shapper, Apr 27, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    588
  3. =?Utf-8?B?UGF1bA==?=

    Cookie Question (IP as domain and cookie file location)

    =?Utf-8?B?UGF1bA==?=, Jan 10, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    2,501
    Bruce Barker
    Jan 10, 2006
  4. ad
    Replies:
    2
    Views:
    7,567
    Kevin Spencer
    Jan 27, 2006
  5. =?Utf-8?B?TnVubw==?=

    Convert a PHP cookie to an ASP.NET cookie

    =?Utf-8?B?TnVubw==?=, Jan 31, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    452
    =?Utf-8?B?UGV0ZXIgQnJvbWJlcmcgW0MjIE1WUF0=?=
    Jan 31, 2006
Loading...

Share This Page