Most people are by now familiar with the typical usage of the Eval() and Bind() methods in a GridView. You can even use a format string with the Eval() method:

<%# Eval("[Email]", "mailto:{0}") %>


However, sometimes you may want to obfuscate an email address when displaying a contact link in a GridView. This example displays a databased contact link in the GridView only if there is an email address in the database for a particular business.

GridView Business Listing


When the column is read-only, the Eval() one-way binding method is the most appropriate choice:

   <table cellpadding="5" cellspacing="10" >
     <td style="padding-left:10px;">
       <span class="formtext"><b><%# Eval("BizName")%></b></span><br />
       <span class="formtext">
         Address: <%# Eval("Street")%>,&#160;<%# Eval("City")%>
       </span><br />
       <span class="formtext">Phone: <%# Eval("Phone")%></span><br />
       <span class="formtext">
         Email: <%# BuildContactRequest((int)Eval("BizID"), (string)Eval("Email")) %>
       </span><br />
       <span class="formtext">Website:<a href='<%# Eval("BizURL") %>'
        target="_blank"> <%# Eval("BizURL") %></a></span><br />

 // Code-behind: URL with query parameter is returned
 protected string BuildContactRequest(int bizId, string email)
   string contactURL = "";

   // Check if email is blank
   if (email == "")
     return "";
   // Contruct the Contact URL with the BizID query parameter
     contactURL += "<a href=Contact.aspx?bizParam=" + bizId + ">Contact Us</a>";
     return contactURL;

When the user clicks on the "Contact Us" link, they are directed to a Contact form which displays the recipient business name and generates an email to that business's (confidential) email address.

Contact Form


The business ID is passed as a query parameter and used to retrieve the business email address:

  if (Request.QueryString["bizParam"] != null)
    bizId = Convert.ToInt32(Request.QueryString["bizParam"]);
    DataSet ds = new DataSet();

    // Get email address from DB and store it in session state
    ds = mbidBiz.GetContactDetailsByBizID(bizId);

    contactLabel.Visible = true;
    contactLabel.Text = "Contact: " + ds.Tables[0].Rows[0]["BizName"].ToString();

    Session["Email"] = ds.Tables[0].Rows[0]["Email"].ToString();

If security is a real concern, rather than passing a query parameter, you could alternatively store and retrieve it from session state. Many small businesses today do not have their own website and may be using personal email addresses. The above example is based on an actual website I developed recently. Enjoy!


Comments (1) -

Yoann. B
Yoann. B France
12/22/2008 12:56:47 PM #


Great Article.

You may also use an HttpModule to Process Email Addresses before page Sent to Client :

Pingbacks and trackbacks (1)+