Microsoft C# ASPX code example modify product catalog details webpage.
<%@ Page Title="SANS Secure Code Exercise" Language="C#" MasterPageFile="~/sans.master" AutoEventWireup="true" CodeFile="ModifyCatalogDetails.aspx.cs" Inherits="admin_ModifyCatalogDetails" %><asp:Content ID="Content1" runat="server" contentplaceholderid="MainContent">
<asp:Label ID="Label1" runat="server" Font-Size="XX-Large" Text="Catalog"></asp:Label>
<br />
<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False"
DataKeyNames="itemid" DataSourceID="SqlDataSource1">
<Columns>
<asp:CommandField ShowDeleteButton="True" ShowEditButton="True"
ShowHeader="True" ButtonType="Button" InsertVisible="False" NewText="" />
<asp:TemplateField HeaderText="name" SortExpression="name">
<EditItemTemplate>
<asp:TextBox ID="TextBox3" runat="server" Text='<%# Bind("name") %>'></asp:TextBox>
<asp:RegularExpressionValidator ID="RegularExpressionValidator1" runat="server"
ControlToValidate="TextBox3" ErrorMessage="Bad Chars"
ValidationExpression="^[^%'\<\>"]*$"></asp:RegularExpressionValidator>
</EditItemTemplate>
<ItemTemplate>
<asp:Label ID="Label3" runat="server" Text='<%# Bind("name") %>'></asp:Label>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="description" SortExpression="description">
<EditItemTemplate>
<asp:TextBox ID="TextBox2" runat="server" Text='<%# Bind("description") %>'></asp:TextBox>
<asp:RegularExpressionValidator ID="RegularExpressionValidator2" runat="server"
ControlToValidate="TextBox2" ErrorMessage="Bad Chars"
ValidationExpression="^[^%'\<\>"]*$"></asp:RegularExpressionValidator>
</EditItemTemplate>
<ItemTemplate>
<asp:Label ID="Label2" runat="server" Text='<%# Bind("description") %>'></asp:Label>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="price" SortExpression="price">
<EditItemTemplate>
<asp:TextBox ID="TextBox1" runat="server" Text='<%# Bind("price") %>'></asp:TextBox>
<asp:RegularExpressionValidator ID="RegularExpressionValidator3" runat="server"
ControlToValidate="TextBox1" ErrorMessage="Bad Chars"
ValidationExpression="^\d+(\.\d{1,2})?$"></asp:RegularExpressionValidator>
</EditItemTemplate>
<ItemTemplate>
<asp:Label ID="Label1" runat="server" Text='<%# Bind("price") %>'></asp:Label>
</ItemTemplate>
</asp:TemplateField>
<asp:BoundField DataField="itemid" HeaderText="itemid" SortExpression="itemid"
InsertVisible="False" ReadOnly="True" Visible="False" />
</Columns>
</asp:GridView>
<asp:Button ID="Button1" runat="server" onclick="Button1_Click"
Text="New Item" />
<br />
<asp:Button ID="btSearch" runat="server" onclick="btSearch_Click" Text="Search" />
<asp:TextBox ID="tbSearch" runat="server"></asp:TextBox>
<asp:RegularExpressionValidator ID="RegularExpressionValidator4" runat="server"
ControlToValidate="tbSearch" ErrorMessage="Bad Chars"
ValidationExpression="^[^%'\<\>"]*$"></asp:RegularExpressionValidator>
<br />
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:TestConnectionString %>"
DeleteCommand="DELETE FROM [items] WHERE [itemid] = @itemid"
InsertCommand="INSERT INTO [items] ([name], [description], [price]) VALUES (@name, @description, @price)"
SelectCommand="SELECT [name], [description], [price], [itemid] FROM [items] WHERE [name] LIKE @stext OR [description] LIKE @stext"
UpdateCommand="UPDATE [items] SET [name] = @name, [description] = @description, [price] = @price WHERE [itemid] = @itemid">
<SelectParameters>
<asp:Parameter Name="stext" Type="String" DefaultValue="%" />
</SelectParameters>
<DeleteParameters>
<asp:Parameter Name="itemid" Type="Int32" />
</DeleteParameters>
<UpdateParameters>
<asp:Parameter Name="name" Type="String" />
<asp:Parameter Name="description" Type="String" />
<asp:Parameter Name="price" Type="Decimal" />
<asp:Parameter Name="itemid" Type="Int32" />
</UpdateParameters>
<InsertParameters>
<asp:Parameter Name="name" Type="String" DefaultValue="new" />
<asp:Parameter Name="description" Type="String" DefaultValue="new" />
<asp:Parameter Name="price" Type="Decimal" DefaultValue="0" />
</InsertParameters>
</asp:SqlDataSource>
</asp:Content>