How to use the query as it looks like below

Question

How to use the query as it looks like below

Here is my code

var SearchUser = (from u in db.Users
                  join l in db.LoggedInUsers on u.UserID equals l.UserID
                  where u.Username==txtSearch.Text
                  select u).SingleOrDefault();

litUsers.Text = "<div style='background-color:#B0C4DE;color:red'>"
                + "<a href=\"ChatWindow.aspx\">" + SearchUser.Username + "</a></div>";

Now I would like to add some querystring to the anchor tag? as I would like to add

session variable

Is it possible................

0

c #

bhanu 04 dec. '08 at 6:55

source to share

1 answer

Jon Skeet · Answer 1 · 2008-12-04T07:08:33+0000

The query string is whatever comes after the "?" For example:

litUsers.Text = "<div style='background-color:#B0C4DE;color:red'>"
            + "<a href=\"ChatWindow.aspx?user=" + SearchUser.UserId 
            + "\">" + SearchUser.Username + "</a></div>";

However, you need to be very careful when creating URLs - you get the equivalent of a SQL injection attack, but in HTML. In other words, you need to know that the UserId will not contain anything to escape in the URL. (You also need to be careful with SearchUser.Username in terms of HTML escaping.)

How to use the query as it looks like below

More articles: