Developer forum

Forum » Development » API documentation for Dynamicweb.Base

API documentation for Dynamicweb.Base

E-mail notifications
Sten Hougaard
Reply
Posted on 07/07/2014 07:07:21

Hi,

I cannot find any online documentation for Dynamicweb.Base class - where can I find that?


Med venlig hilsen/Best regards,

Sten Hougaard
Webudvikler

E: sho@1stweb.dk
M: 29850818
A: København/Aarhus . W: www.1stweb.dk
@: netsi1964


Replies

 
Nicolai Høeg Pedersen
Posted on 07/07/2014 10:09:55
Reply

You cannot.

You should not use it. Anything in particular you are looking for? It is probably somewhere else.

BR Nicolai

 
Sten Hougaard
Posted on 07/07/2014 12:31:50
Reply

I was looking for say:

Base.Request()
and
Base.ChkString()

/Sten

 
Morten Snedker
Posted on 07/07/2014 13:05:46
Reply
This post has been marked as an answer

Hi Sten,

 

The Base class is basically a kind of "Swiss knife" to wrap commonly used functions for faster use. But the class is intended for "internal Dynamicweb" use - which is why it is not documented.

Base.Request() will return the value of the given form field / query string. If not found, an empty string is returned.

Base.ChkString() will return the string value of the given parameter. If unable to parse, an empty string is passed.

Use the class at own risk.

 

Regards /Snedker

Votes for this answer: 1
 
Morten Bengtson
Posted on 07/07/2014 13:10:43
Reply

DW should really mark methods as internal, obsolete and/or hide them from intellisense if we're not supposed to use them.

Anyway, you can use the Input class instead:

Input.Request(...)

Input.FormatString(...)

 
Sten Hougaard
Posted on 07/07/2014 13:13:58
Reply

Will  Input.Request also do SQLInjection check?

/Sten

 
Morten Bengtson
Posted on 07/07/2014 13:22:56
Reply
This post has been marked as an answer

Yes, Input.Request will also do SQLInjection check by default, but you can avoid that by using the overload Input.Request("param", false) in case you need to get the original value (no "dangerous" words or characters stripped).

Votes for this answer: 1
 
Sten Hougaard
Posted on 07/07/2014 13:24:45
Reply

Thanks Morten,

Do you by chance have the full path to the "Input.Request" method? Is it in Dynamicweb.Input?

/Sten

 
Morten Bengtson
Posted on 07/07/2014 13:31:08
Reply

Yes, like this:

string value = Dynamicweb.Input.Request("param")

 

It is a lot easier to use the API if you setup your project so that you have intellisense. That will also provide you with some documentation of most methods in DW ;-)

https://github.com/dynamicweb/razor/wiki/Editing-Razor-templates

 
Mikkel Ricky
Posted on 07/07/2014 13:34:43
Reply
This post has been marked as an answer

You should never send user input directly to the database. Always use a Command with Parameters. See these posts for examples:

And I would use HttpContext.Request to get query parameters (see first example above).

Best regards,
Mikkel

Votes for this answer: 1
 
Nicolai Høeg Pedersen
Posted on 08/07/2014 09:41:10
Reply

Sten

Dynamicweb.Input documentation here:

http://developer.dynamicweb-cms.com/api8/#Dynamicweb~Dynamicweb.Input_members.html

Dynamicweb scans all incoming requests no matter what and check for SQL injection checks.

 

You must be logged in to post in the forum