StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>To make sure that the connection is closed, replace the <code>ExecuteReader</code> call with the following:</p> <pre><code>return cmd.ExecuteReader(CommandBehavior.CloseConnection); </code></pre> <p>You should also remove te <code>try</code> / <code>finally</code> block.</p> <p>Also, in your <code>Page_Load</code> handler, you should use a <code>using</code> statement, like this:</p> <pre><code>using (SqlDataReader reader = DB.GetPost()) { //output the result reader.Read(); this.viewpost.InnerHtml = "<span id='post1_CreatedDate'>" + reader["CreatedDate"].ToString() + "</span><br>" + "<span class='blogheads'>" + reader["BlogTitle"].ToString() + "</span><p><p>" + reader["BlogText"].ToString(); } </code></pre> <p>Also, you should check that the SQL query actually returned something, like this:</p> <pre><code>if (!reader.Read()) { Something's wrong } </code></pre> <p>Finally, <strong>and most important by far</strong>, you should escape your HTML to prevent XSS holes by calling <a href="http://msdn.microsoft.com/en-us/library/w3te6wfz.aspx" rel="noreferrer"><code>Server.HtmlEncode</code></a>.</p> <p>For example:</p> <pre><code> this.viewpost.InnerHtml = "<span id='post1_CreatedDate'>" + reader["CreatedDate"].ToString() + "</span><br>" + "<span class='blogheads'>" + Server.HtmlEncode(reader["BlogTitle"].ToString()) + "</span><p><p>" + Server.HtmlEncode(reader["BlogText"].ToString()); </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload