• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1682
  • Last Modified:

Add <br/> from code behind in .net

I have two string in .net


string firststring =" my first value"

string secondstring = "my second value";

I want to but <br> in between two string from code behind in .net.

If I am trying to put like this way firststring +"<br/>" + secondstring;

.net giving me potenntially dengerus request.

Please guide me to use another way to add <br/>
0
itinfo7
Asked:
itinfo7
1 Solution
 
Tom BeckCommented:
firststring + Environment.NewLine() + secondstring
0
 
Tom BeckCommented:
http://www.dotnetperls.com/newline

Also, as stated on the site, \r\n  could work.

That's Environment.NewLine without the parenthesis.
0
 
itinfo7Author Commented:
I tried both but in my case none of this is working.............
0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 
Tom BeckCommented:
I just tested. This worked:

            string firststring = "my first value";
            string secondstring = "my second value";
            testLbl.Text = firststring + "<br/>" + secondstring;
0
 
Tom BeckCommented:
I need some context. The "<br/>" worked for me perhaps because I assigned it to a label text. "Potentially dangerous request" could result from trying to submit a "<br/>" inside a form value. Is there validation in between?
0
 
itinfo7Author Commented:
there is no validation in between even I am assigning my string value to Asp hidden field..than also it is giving me error.

don' know what should I try..
0
 
Tom BeckCommented:
An asp:HiddenField holds a form value. Adding HTML markup to it like a "<br/>"  could throw that error when is posted back. Asp.net has built-in validation for such things. It can be turned off, but it's not recommended.

Why would you need a line break in a hidden field? Maybe there is another way, like comma separated values that you can split later on the comma.
0
 
Vikram Singh SainiSoftware Engineer cum AD DeveloperCommented:
1. Disable request validation for page by <%@ Page validateRequest="false" %> for single page or by :

<system.web>
      <pages validateRequest="false" />
   </system.web>

for all pages. But this is not recommended because it ensures checking of user submitted content to prevent script attack.

2. However you can use this way if you can encode all client side submitted content, so that there is no chance of script attack.

3. You should read link : Request Validation - Preventing Script Attacks which explains nicely how you can prevent potential request error by alternate way.
0
 
Jerry MillerCommented:
Try using the StringBuilder class. I rarely (if ever)ever concatenate two strings.

AppendLine() adds a new line between the strings.

http://msdn.microsoft.com/en-us/library/ebk18257.aspx
0
 
gery128Commented:
@itinfo7
Agreed with tommyBoy.
Why you need <br/> tag in ASP:HiddenField ? you want to separate out than you can use any other delimiter and then process those values after form submitted to server. So before inserting to database in your business logic layer you can replace your Comma or any other delimiter with ",<br/>" tag.
0
 
dhawalsethCommented:
Hi ITINFO7,

You can use string.Format to do this for you. Try this:

outString = string.Format("{0} <br/> {1}", string1, string2);

Mark it as answer if helpful.
0
 
alrosmarzCommented:
if you want to use <br /> in codebehind and render it in the page... you need to use a literal... this control renders html...

var string1  = "first line";
var string2 = "second line";
litetal1.text = string1 + "<br />" + string2;

the result will be...

first line
secondline
0
 
Tom BeckCommented:
I think some are missing the point here. The problem is not how to get the "<br/>" into the string. The problem is that having the "<br/>" inserted into a form field is causing a Potentially dangerous request error. The two choices for a solution are 1.) Use a different delimiter like a comma or, 2.) Turn off validation on the page as detailed in ID: 37769583.
0
 
itinfo7Author Commented:
@tommyBoy I think so I have to use different delimiter.with "<br/>" I want to start second string with newline that's the reason I am trying with "<br/>".
0
 
Tom BeckCommented:
It depends what you are doing with the hidden field value. If you are retrieving it in code behind, you can use any char that will get past the validator as a delimiter (comma) then split the value into separate parts with String.Split(','). If you only need to display it client side instead, you can still use the delimiter and split on the delimiter and replace it with the "<br/>" or "\r\n" using javascript.
0
 
itinfo7Author Commented:
@tommyBoy I have hidden field which I am assign the value of string and than I am using this hiddenfield value in Jquery to assign to another control and than that control's value is going back to code behind to add into the database.SO it's back and fourth from client side to code behind.

So If I replace comma(,) with ("<br/>") on client side than also it is giving me error because again it's going to code behind.
0
 
Tom BeckCommented:
Right, so leave the hidden value alone with it's comma delimiter. When you need to assign it to another control retrieve the value to a new variable, replace the comma with a "<br/>" and assign. When you need jquery to post back the value, get it again from the hidden field value and post with the commas intact. Split it code behind to retrieve the individual values.
0
 
Tom BeckCommented:
Using a comma as a delimiter was just an example. If the strings you are adding contain commas as part of the string, your screwed unless you convert the commas to entities or remove them. Example: "this is my first string,this is my second string". This will split the way you expect on the comma into two values, but "this, is my first string,this is my second string" will split unexpectedly into three values.  You may want to use some other character that you know will never be entered as a value or can be easily tested for.

ValidateRequest only checks for these few things in asp.net 2.0:

&#
<alpha, <!, </, <?
Looks for these starting characters (‘<’, ‘&’)

So any other character could be used as a delimiter.
0
 
itinfo7Author Commented:
@tommyBoy...yeah that is why I am using pipe(|) .thanks for the solution
0
 
Tom BeckCommented:
Smart! Thanks for the points.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now