Need help in displaying data insider marquee

Question

Hi all, I want to display news inside the marquee markup in my banking application but its not happening.Please somebody help me what is the error in my code.Here is my code:

<marquee bgcolor="silver" direction="left" id="marq1" runat="server" behavior="scroll" scrolldelay="80" style="height: 19px" width="565">
<% 
   String se = Session["countnews"].ToString();
   for (int i = 0; i < int.Parse("" +se); i++)
   { %>
       <strong><%Response.Write("&nbsp;&nbsp;" + Session["news"+i] + "&nbsp;&nbsp;"); %></strong>
<% } %>
</marquee>

public class News
{
    DataSet ds = new DataSet("Bank");
    SqlConnection conn;
    String check;
    SqlDataAdapter sda;
    int i;
    public string News_Name;
    public int Count_News;
public int newsticker()
    {
        conn = new SqlConnection(ConfigurationManager.ConnectionStrings["BankingTransaction"].ConnectionString.ToString());
        check = "Select NewsTitle from News where NewsStatus = 'A'";
        sda = new SqlDataAdapter(check, conn);
        sda.Fill(ds, "News");
        if (ds.Tables[0].Rows.Count > 0)
        {
            for (i = 0; i < ds.Tables[0].Rows.Count; i++)
            {
                News_Name =i+ ds.Tables[0].Rows[i].ItemArray[0].ToString();
            }
            Count_News = ds.Tables[0].Rows.Count;        }
        else
        {
            News_Name =0+ "Welcome to WestSide Bank Online Web site!";
            Count_News = 1;
        }
        return int.Parse(Count_News.ToString());       
    }

protected void Page_Load(object sender, EventArgs e)
    {
        News obj = new News();
        try
        {
            obj.newsticker();
            Session["news"] = obj.News_Name.ToString();
            Session["countnews"] = obj.Count_News.ToString();       
        }
        catch (SqlException ex)
        {
            Response.Write("Error in login" + ex.Message);
            Response.Redirect("Default.aspx");
        }
        finally
        {
            obj = null;
        } 
    }

Answer 1

Session["news"+i]

But you're not putting anything called ‘news’-plus-an-integer into Session scope. You're iterating over a dataset and storing each title (mysteriously prefixed by an integer) as the ‘News_Name’ property in a single News object. Each write to ‘News_Name’ overwrites the previous one, so only the last title gets stored at the end in Session["news"].

In any case, Session is a troublesome place to be storing per-page data: Session is for data that persists over multiple page loads, and can interfere if the user is loading two pages at once.

Also, you're Response.Write()ing a string without HTMLEncode()ing it on the way out, which is bad news for security (especially on a ‘banking site’!) if the title of the news might have a ‘<’ character in it. And I'm not quite sure why you're taking the ‘newscount’ integer, converting it to string, converting it to string again, converting it to string again then finally parsing it back to an integer. (?)

In general this seems like an uncomfortable mix of classic-ASP and codebehind techniques. It seems to me it should be possible to write this a whole lot simpler using something like:

<asp:Repeater DataSourceID="TickerSource" runat="server">
    <ItemTemplate><strong>
        <%# Eval("NewsTitle") %>
    </strong></ItemTemplate>
</asp:Repeater>

<asp:SqlDataSource ID="TickerSource" runat="server"
    SelectCommand="SELECT NewsTitle FROM News WHERE NewsStatus='A'"
    ConnectionString="<%$ ConnectionStrings:BankingTransaction %>"
/>

[Disclaimer: I've never actually written a line of ASP.NET in my life, so this may not work as-is. Edits from more .NET-savvy users welcome.]