Software Engineering, a personal journey

Comments system using a Litedb

I've had article comments on my todo list for a while now and the view have had the input form ready for plumbing in for ages now

As the site uses a document database for everything else the comments funcationality would use one too. The top priority was security and sanitising user input. C# Asp.Net has some great helpers to keep the site safe from nasties.
Here's the insert method with it's insert limiter and html encoder:
        public static void InsertComment(string Author, string Comment, string ArticleID)

            var commetAuthor = HttpUtility.HtmlEncode(new string(Article.Take(50).ToArray()));
            var comment = HttpUtility.HtmlEncode(new string(Comment.Take(140).ToArray()));
            var commentArticleId = HttpUtility.HtmlEncode(ArticleID);
            var model = new CommentModel(){Author = commetAuthor, Comment = comment, ArticleID = commentArticleId, dateCommented = DateTime.UtcNow, CommentID = LiteDB.ObjectId.NewObjectId()};
            using (var db = new LiteDatabase(DbConnectionString.CommentsDb))
                var comm = db.GetCollection("Comments");
                comm.EnsureIndex(x => x.CommentID);



Have your say


Comment here (140 chars only)*:

Email address: