DevStudent

State management Techniques

Every click on website will load some data in web page.
Every time that data will come from server
To save state for every request we use state management techniques.

google login - inbox - sent items(it will remember u)

There are two types of state management techniques. They are client side state management techniques and server side state management techniques.

Client Side State Management Techniques

View State (Same page)

Code Example:
create asp web form
add html textbox, asp text box and button
you can see on button click html textbox data will be lost but not for asp textbox because it has inbuilt viewstate.
viewstate data is stored behind the page which can be seen by seeing view page source.

Querystring (Next page)

Passing data from one page to other through url.
http://google.com?a=12
you selected an item on first page, that value is sent to next page through url.
Example:
protected void Button2_Click(object sender, EventArgs e)
    {
        //sending value in a text box to next page through url
        Response.Redirect("Default2.aspx?a=" + TextBox2.Text);
    }

http://localhost:50158/Default2.aspx?a=abc

 protected void Page_Load(object sender, EventArgs e)
    {
        Response.Write(Request["a"]);
    }

Cookies (Multiple pages)

Data is stored in system or browser.

Example: remember pwd

Hidden field (same page)

a control that is not visible but can store some data.

Server Side State Management Techniques

Session (Multiple page)

It will have the lifetime of the user.

From login to logout.

data is saved on the server.

Application State (Multiple page)

Stored a value which has lifetime of an application.
data is stored on the server.
Example: pageview in a blog
To count page views of a page:

protected void Page_Load(object sender, EventArgs e)
    {
        if (Application["PageViews"] == null)
        { Application["PageViews"] = 0; }
        else
        {
            Application["PageViews"] = ((int)Application["PageViews"]) + 1;
            Response.Write(Application["PageViews"].ToString());
        }
    }

Download Ajax Control Tool Kit from below link

Ajax control toolkit download link

Extract The file then Go To Visual Studio 
Open Tool Box
Right Click On The Existing Tab
And Click On Add New Tab 
Name the tab
Right click on the newly tab
click on choose all items
Template Will Be Open And Select Browse Go To The Location
And Select AjaxControlTOolkit.dll  
Click Open It Will Open Security PopUp Window - Select Yes
Ajax controls will be added in toolbox which can be used to extend the existing functionality of ASP.NET controls.

Master pages are used to create common layout for multiple websites.
Master pages will have .master as page extension and we can see output of master page directly.
Multiple web forms(.aspx pages) can be created using single master page. All these web forms will inherit the UI and functionality from its master page.
Output of the master page can be tested by testing its child pages which inherits its master page UI and functionality.

When multiple pages are created using a master page, Common UI and behavior of all the web forms can be controlled from master pages.

ASP.NET is a technology under .NET Framework which is used to create web sites.
ASP stands for Active Server Pages.

HTML, CSS and javascript are used as basic building blocks for developing websites using ASP.NET.

C#.NET will act as a code behind language along with ASP.NET to implement the functional logic of websites.

Hacking database by entering input data which maninpulates sql queries is

known as sql injection.

Example:

Expected: select * from tbl_data where name='admin' and pwd='password'
Hacked: select * from tbl_data where name='admin' and pwd=' or 'a'='a'

With sql injection attacker may overwrite or delete data in database, can make app to behave in a different way.


SQL injection can be done using post and get parameters, cookie values, form fields and header values.

Parmeterized sql queries will help in controlling sql injection.

In .NET - > ADO.NET -> SQL queries using parameters(@name) to append values in query is recommended.


Input client side validations will also mitigate sql injection issues.

stored procedures will reduce sql injection.

ref stands for reference and out stands for output.

ref parameter variable should be initialized before we call the method. That value will be used a as reference value in the method.

out parameter variable initialization is not required but it should be returned by the method.

Example program

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace FirstConsole
{
    class Program
    {
        static void Main(string[] args)
        {
            Program p = new Program();
            //val1 has to be initialized
            int val1 = 10;
            p.Add(ref val1);
            //val2 initialization not required
            int val2;
            int j = p.Sub(out val2);
            Console.WriteLine(j);
            Console.ReadKey();

        }

        public void Add(ref int val1)
        {            //code goes here
            Console.WriteLine("Hello");
        }
        public int Sub(out int val2)
        {
//val2 is changed from 2 to 5
            val2 = 5;
            return val2;
        }
    }
}