GridView: Obfuscated Contact Email Link using Eval()

August 3, 2007 18:18 by agrace

Most people are by now familiar with the typical usage of the Eval() and Bind() methods in a GridView. You can even use a format string with the Eval() method:

<%# Eval("[Email]", "mailto:{0}") %>

However, sometimes you may want to obfuscate an email address when displaying a contact link in a GridView. This example displays a databased contact link in the GridView only if there is an email address in the database for a particular business.

When the column is read-only, the Eval() one-way binding method is the most appropriate choice:

<ItemTemplate>
 <table cellpadding="5" cellspacing="10" >
 <tr>
 <td style="padding-left:10px;">
 <%# Eval("BizName")%> 
 
 Address: <%# Eval("Street")%>, <%# Eval("City")%>
 
 Phone: <%# Eval("Phone")%> 
 
 Email: <%# BuildContactRequest((int)Eval("BizID"), (string)Eval("Email")) %>
 
 Website:<a href='<%# Eval("BizURL") %>'
 target="_blank"> <%# Eval("BizURL") %></a> 
 </td>
 </tr>
 </table>
</ItemTemplate>

// Code-behind: URL with query parameter is returned
protected string BuildContactRequest(int bizId, string email)
{
 string contactURL = "";

 // Check if email is blank
 if (email == "")
 {
 return "";
 }
 // Contruct the Contact URL with the BizID query parameter
 else
 {
 contactURL += "<a href=Contact.aspx?bizParam=" + bizId + ">Contact Us</a>";
 return contactURL;
 }
}

When the user clicks on the "Contact Us" link, they are directed to a Contact form which displays the recipient business name and generates an email to that business's (confidential) email address.

The business ID is passed as a query parameter and used to retrieve the business email address:

if (Request.QueryString["bizParam"] != null)
{
    bizId = Convert.ToInt32(Request.QueryString["bizParam"]);
    DataSet ds = new DataSet();

    // Get email address from DB and store it in session state
    ds = mbidBiz.GetContactDetailsByBizID(bizId);

    contactLabel.Visible = true;
    contactLabel.Text = "Contact: " + ds.Tables[0].Rows[0]["BizName"].ToString();

    Session["Email"] = ds.Tables[0].Rows[0]["Email"].ToString();
}

If security is a real concern, rather than passing a query parameter, you could alternatively store and retrieve it from session state. Many small businesses today do not have their own website and may be using personal email addresses. The above example is based on an actual website I developed recently for my local Downtown Marysville Business Improvement District. Enjoy!