GridView: Obfuscated Contact Email Link using Eval()

August 3, 2007 17:18 by agrace

Most people are by now familiar with the typical usage of the Eval() and Bind() methods in a GridView. You can even use a format string with the Eval() method:

<%# Eval("[Email]", "mailto:{0}") %>

However, sometimes you may want to obfuscate an email address when displaying a contact link in a GridView. This example displays a databased contact link in the GridView only if there is an email address in the database for a particular business.

When the column is read-only, the Eval() one-way binding method is the most appropriate choice:

<ItemTemplate>
 <table cellpadding="5" cellspacing="10" >
 <tr>
 <td style="padding-left:10px;">
 <%# Eval("BizName")%> 
 
 Address: <%# Eval("Street")%>, <%# Eval("City")%>
 
 Phone: <%# Eval("Phone")%> 
 
 Email: <%# BuildContactRequest((int)Eval("BizID"), (string)Eval("Email")) %>
 
 Website:<a href='<%# Eval("BizURL") %>'
 target="_blank"> <%# Eval("BizURL") %></a> 
 </td>
 </tr>
 </table>
</ItemTemplate>

// Code-behind: URL with query parameter is returned
protected string BuildContactRequest(int bizId, string email)
{
 string contactURL = "";

 // Check if email is blank
 if (email == "")
 {
 return "";
 }
 // Contruct the Contact URL with the BizID query parameter
 else
 {
 contactURL += "<a href=Contact.aspx?bizParam=" + bizId + ">Contact Us</a>";
 return contactURL;
 }
}

When the user clicks on the "Contact Us" link, they are directed to a Contact form which displays the recipient business name and generates an email to that business's (confidential) email address.

The business ID is passed as a query parameter and used to retrieve the business email address:

if (Request.QueryString["bizParam"] != null)
{
    bizId = Convert.ToInt32(Request.QueryString["bizParam"]);
    DataSet ds = new DataSet();

    // Get email address from DB and store it in session state
    ds = mbidBiz.GetContactDetailsByBizID(bizId);

    contactLabel.Visible = true;
    contactLabel.Text = "Contact: " + ds.Tables[0].Rows[0]["BizName"].ToString();

    Session["Email"] = ds.Tables[0].Rows[0]["Email"].ToString();
}

If security is a real concern, rather than passing a query parameter, you could alternatively store and retrieve it from session state. Many small businesses today do not have their own website and may be using personal email addresses. The above example is based on an actual website I developed recently. Enjoy!

Tags: asp.net, gridview
Categories: ASP.NET
Actions: E-mail | Permalink | Comments (3) | Comment RSS RSS comment feed

ASP.NET Email Strategy Pattern Sometimes when building websites, we need to generate email more than once. For example a site c...ASP.NET Contact Forms I've seen some blog postings out there recently on what to do if your contact form fails for some ...Tech Support from HellTech Support from Hell

Comments

December 19. 2008 10:02

Trackback from Web Development Community

GridView: Obfuscated Contact Email Link using Eval()

Web Development Community

December 22. 2008 12:56

Hi,

Great Article.

You may also use an HttpModule to Process Email Addresses before page Sent to Client : blog.sb2.fr/.../...ule-With-Custom-HttpFilter.aspx

Yoann. B

July 31. 2010 06:20

When I firstly saw your web, I've been around in many pages that I'll use to get my final assignment. I googling with my short idea in my brain, and then I met with useful article. I hope you can give several advices to me, because your knowledge is great, it can help many students to get great score in every task or project. If you don't mind, I will contact you to make short discussion for my project. I write my short comment for you to give support for your site; my friends had used your article as reference in specific term and condition. After that, my friends are satisfied with your article (I've given reference to read many pages in your site). We can make other discussion later, because it will be worth to me. Thanks in advance, hope you contact me, so we can broaden our knowledge together.

meet people online

Add comment