views:

144

answers:

4

I desperately want to use server-side includes in a project I'm working on because I just have some HTML that repeats and I need to get it on several pages. Must I use ascx or some other include technology... I mean, will lightning strike if I use server-side includes?

My client -- the middle-person -- says "do what's easiest, this will probably be redone in a CMS soon anyway." Can I not use server-side includes?

It's ASP.NET 2.0.

Note: I feel this has been asked before, but I couldn't find it. If it has, please let me know and I will personally delete it, thanks!

Edit: Any way to get an include ON ONE LINE would be fine with me, if you have suggestions.

Edit: Why do I like includes?

Include code:

!--#include file="inc_footer.aspx"-->

the same code for a control. First you need one of these

<%@ Register TagPrefix="a" TagName="HeyFooter" Src="inc_footer.ascx" %>

and then you can use it like this

<a:HeyFooter runat="server" />

this is kind of long for what I need.

Note Two security concerns with includes: 1) don't use the .inc extension, since it can be browsed. 2) do not include filenames based on user variables, as the best answer points o ut.

+2  A: 

If you include a file via a string variable: <!--#include file=some_variable -->, then depending on how that variable is filled there are possible attacks a hacker could do to include his own files and run arbitrary code on your machine. But as long as you use a string literal, you won't run into this problem.

I would use Master Pages in ASP.NET. This is the accepted way to have common areas of a page.

You would create a Master Page similarly as you would regular pages, then modification of each of the other pages would be minimal. Add a single line to the top of each page file, then specify the sections used.

Aaron
what's the problem with server-side includes aside from them being old-school?
Yar
If you eliminate the potential security threats with server-side includes, there's really nothing wrong with them. I just prefer Master Pages and all the useful stuff you can do with them.
Aaron
Cool thank you, I'm trying not to do anything interesting on this particular project :)... what are the security risks? You have to name them .aspx and that's it?
Yar
If you include a file via a string variable: `<!--#include file=some_variable -->`, then depending on how that variable is filled there are possible attacks a hacker could do to include his own files and run arbitrary code on your machine. But as long as you use a string literal, you won't run into this problem.
Aaron
cool, could you put that in your answer so I can upvote and mark it best answer please? Though Master Pages are nice and alll...
Yar
Ask and ye shall receive (though the promise of a best answer certainly doesn't hurt ;))
Aaron
Thanks Aaron and good luck on SO...
Yar
+1  A: 

No, you most definitely do not need to use fancy .NET web form ways of doing this, if you want to keep it simple. Just put this at the points where you want it inserted:

<!--#include virtual="../repeatStuff/fun.html" -->

The html will show up there. I gave a path one up and down another directory. This is "easiest", but also has the virtue of being very straightforward. Note that this won't show up in your visual designer. (I never use it anyway.)

Patrick Karcher
Visual designer... what's that? I code with Speech Recognition software in my car only, and then I say, "deploy."
Yar
So, you just drive back and forth between work? I guess you might stop at work for meetings, then drive home and back to generate code. I myself just have two buttons, for 0's and 1's; that's all I use. I typically code straight to production, to avoid deployment issues.
Patrick Karcher
+1  A: 

I still use includes every once in awhile for exactly the purpose you describe.

You don't really need to register a user control because it's just plain html anyway. And you don't want a master page because it's really just a snippet of html that needs to be on a few select pages.

So I've got includes like this from a glossary of help text files:

<!--#include file="~/Glossary/BusinessDetails.inc"-->

In my opinion there's nothing wrong with using old school include files for this purpose.

Steve Wortham
cool, thanks for that. to be honest, I'm trying to provoke the do-not-use-include police, because I know that they are out there. But +1 for now :)
Yar
A: 

I don't see anything wrong with "the old school" programming either :)

Jane
-1: doesn't answer the question.
John Saunders