HttpResponse.Write Method

Definition

Writes information to an HTTP response output stream.

Overloads

Write(Char)

Writes a character to an HTTP response output stream.

Write(Object)

Writes an Object to an HTTP response stream.

Write(String)

Writes a string to an HTTP response output stream.

Write(Char[], Int32, Int32)

Writes an array of characters to an HTTP response output stream.

Write(Char)

Writes a character to an HTTP response output stream.

public:
 void Write(char ch);
public void Write (char ch);
member this.Write : char -> unit
Public Sub Write (ch As Char)

Parameters

ch
Char

The character to write to the HTTP output stream.

Examples

The following example creates a series of constants that are written to an ASP.NET page using the Write method. The code calls this version of the Write method to write individual character constants to the page.

    <%

        // Create a character array.
    char[] charArray = {'H', 'e', 'l', 'l', 'o', ',', ' ', 
                           'w', 'o', 'r', 'l', 'd'};

        // Write a character array to the client.
        Response.Write(charArray, 0, charArray.Length);

        // Write a single characher.
        Response.Write(';');

        // Write a sub-section of a character array to the client.
        Response.Write(charArray, 0, 5);
// <snippet6>
        // Write an object to the client.
        object obj = (object)13;
        Response.Write(obj);
// </snippet6>

    %>
      <%
         Dim charArray As Char() = {"H"c, "e"c, "l"c, "l"c, "o"c, ","c, " "c, _
                                 "w"c, "o"c, "r"c, "l"c, "d"c}
         ' Write a character array to the client.
         Response.Write(charArray, 0, charArray.Length)

         ' Write a single character.
         Response.Write(";"c)

         ' Write a sub-section of a character array to the client.
         Response.Write(charArray, 0, 5)
' <snippet6>
         ' Write an object to the client.
         Dim obj As Object
         obj = CType(13, Object)
         Response.Write(obj)
' </snippet6>
      %>

Write(Object)

Writes an Object to an HTTP response stream.

public:
 void Write(System::Object ^ obj);
public void Write (object obj);
member this.Write : obj -> unit
Public Sub Write (obj As Object)

Parameters

obj
Object

The Object to write to the HTTP output stream.

Write(String)

Writes a string to an HTTP response output stream.

public:
 void Write(System::String ^ s);
public void Write (string s);
member this.Write : string -> unit
Public Sub Write (s As String)

Parameters

s
String

The string to write to the HTTP output stream.

Examples

The following example echoes the client's name back to the client's browser. The HtmlEncode method strips any malicious script and invalid characters that may have been submitted in the UserName input field.

Response.Write("Hello " + Server.HtmlEncode(Request.QueryString["UserName"]) + "<br>");
    
Response.Write("Hello " & Server.HtmlEncode(Request.QueryString("UserName")) & "<br>")

Remarks

Dynamically generated HTML pages can introduce security risks if input received from Web clients is not validated either when it is received from a client or when it is transmitted back to a client. Malicious script that is embedded in input submitted to a Web site and later written back out to a client can appear to be originating from a trusted source. This security risk is referred to as a cross-site scripting attack. You should always validate data that is received from a client when it will be transmitted from your site to client browsers.

Moreover, whenever you write out as HTML any data that was received as input, you should encode it using a technique such as HtmlEncode or UrlEncode to prevent malicious script from executing. This technique is useful for data that was not validated when it was received.

When you encode or filter data, you must specify a character set for your Web pages so that your filter can identify and remove any byte sequences that do not belong to that set (such as nonalphanumeric sequences) and could potentially have malicious script embedded in them.

For more information about cross-site scripting attacks, see article Q252985, "How to Prevent Cross-Site Scripting Security Issues" on the Microsoft Knowledge Base Web site.

Write(Char[], Int32, Int32)

Writes an array of characters to an HTTP response output stream.

public:
 void Write(cli::array <char> ^ buffer, int index, int count);
public void Write (char[] buffer, int index, int count);
member this.Write : char[] * int * int -> unit
Public Sub Write (buffer As Char(), index As Integer, count As Integer)

Parameters

buffer
Char[]

The character array to write.

index
Int32

The position in the character array where writing starts.

count
Int32

The number of characters to write, beginning at index.

Examples

The following example creates a series of constants that are written to an ASP.NET page using the Write method. The code calls this version of the Write method to write individual character constants to the page.

    <%

        // Create a character array.
    char[] charArray = {'H', 'e', 'l', 'l', 'o', ',', ' ', 
                           'w', 'o', 'r', 'l', 'd'};

        // Write a character array to the client.
        Response.Write(charArray, 0, charArray.Length);

        // Write a single characher.
        Response.Write(';');

        // Write a sub-section of a character array to the client.
        Response.Write(charArray, 0, 5);
// <snippet6>
        // Write an object to the client.
        object obj = (object)13;
        Response.Write(obj);
// </snippet6>

    %>
      <%
         Dim charArray As Char() = {"H"c, "e"c, "l"c, "l"c, "o"c, ","c, " "c, _
                                 "w"c, "o"c, "r"c, "l"c, "d"c}
         ' Write a character array to the client.
         Response.Write(charArray, 0, charArray.Length)

         ' Write a single character.
         Response.Write(";"c)

         ' Write a sub-section of a character array to the client.
         Response.Write(charArray, 0, 5)
' <snippet6>
         ' Write an object to the client.
         Dim obj As Object
         obj = CType(13, Object)
         Response.Write(obj)
' </snippet6>
      %>

Applies to