Is there a best practice for string replacement in .aspx pages?

0 votes
asked Mar 25, 2009 by john-bubriski

I have an .aspx page setup. I have a lot of placeholders that need to be replaced. First name, last name, city, state, etc, etc. How do I go about doing this in an efficient manner?

Drop a bunch of...

<asp:Label runat="server" id="Label_FirstName" Text="" />

...everywhere?

Or is there a way to use the data binding syntax in the normal page area:

<% FirstName %>

Thanks in advance!

9 Answers

0 votes
answered Jan 25, 2009 by andrew-hare

You can definitely use ASP-style tags (<%= %>) but I would argue that your first approach is cleaner and easier to maintain. When you use the ASP-style tags you will not be data binding, rather you will have access to all of the members (including fields, properties, and other methods) of the Page.

So both approaches will work if FirstName is a field or property on the Page you are working on. I personally find the control-based approach better but to each their own.

0 votes
answered Jan 25, 2009 by joshberke

You can use a bunch of labels or the Substitution control or even Literal Text if you want more control over the HTML.

You can use code in your markup like:

<%=this.FirstName%>

This will result in a property on your page called FirstName to be called and the return value from it to be placed inbetween the label.

0 votes
answered Jan 25, 2009 by cgreeno

I like using labels as it is easier to mess about with colors, fonts, bolding ect... to display errors or draw the users attention to certain text.

I usually just have a set-up method in the codebehind.

if(!Page.IsPostBack)
        SetupForm();

SetupForm()
{
    Label_FirstName.Text = firstName;

}
0 votes
answered Jan 25, 2009 by albert

Try this:

<%= FirstName %>
0 votes
answered Jan 25, 2009 by lomaxx

It depends on the context in which you'll be using them. Generally using the asp:label controls is fine as you'll be able to access them from the codebehind on your page. The databinding method is generally used from within a databound control like a DataGrid or Repeater.

The real problem with the databinding method is that there isn't very good IDE support for this. To get it to work you have to have a property on your page class that you need to populate in the code behind, but if the property name changes, you'll also have to make sure you update your aspx page. If you use the labels method, the IDE will detect if there is a change in the label name, or if it has been deleted altogether and give you a compile time error.

Alternatively you could use jQuery to populate your data and just use spans as your placeholders. Be aware tho that jQuery requires a bit of a different way of thinking about your pages as it's using javascript to populate your fields.

0 votes
answered Jan 25, 2009 by manrico-corazzi

Jeff Atwood explored the subject at Coding Horror and found out that performance just doesn't matter...

NOTE: it seems like Jeff posts have to be taken with a grain of salt, after all... sorry for rushing in the answer without reading the comments

0 votes
answered Jan 25, 2009 by greg

My rules of thumb are:

  • If I'm labeling an input control, I use a Label so that I can set the AssociatedControlID property.
  • Otherwise I use a Literal or Localize control. I generally don't style Labels directly, so I don't need the extra markup they generate in other situations.

So, in your situation I'd probably use the Literal control.

0 votes
answered Mar 25, 2009 by eglasius

You can certainly use:

<%= FirstName %>

Where FirstName is a property of the page. It doesn't necessarily have to be a property in the class, you can access pretty much anything from that line.

Update: As DrJokepu pointed out, if the data you are displaying is coming from user input, then it opens a XSS vulnerability. As was pointed out you use HtmlEncode to avoid that, in that case a more short syntax would be:

<%= Server.HtmlEncode(FirstName) %>

And if you have a base page, you can get define a method and get away with:

<%= HtmlEncode(FirstName) %>

If you go with asp.net labels, do EnableViewState = false where appropiate, so you avoid sending/receiving unnecessary viewstate.


For formatting use ids/css classes, and have the styles in a css stylesheet. The css can be cached by the browser regardless of whether the content is dynamic.


For lists of info, you can use ListView or Repeaters and still control the specific html that will be sent over the wire.

0 votes
answered Mar 25, 2009 by tamas-czinege

Note that

<asp:Label runat="server" id="Label_FirstName" Text="" />

will escape your strings (for example, replace < and > with &lt; and &gt;), but

<%= FirstName %>

will not. If that's your intention that's fine then, but be aware that you might open a channel for XSS attacks. To escape your strings properly, you might want to have

<%= System.Web.HttpUtility.HtmlEncode(FirstName) %>

instead.

Welcome to Q&A, where you can ask questions and receive answers from other members of the community.
Website Online Counter

...