Label Web Server Control Overview
The Label Web server control provides you with a way to programmatically set text in an ASP.NET Web page. You typically use the Label control when you want to change text in the page at run time, such as in response to a button click.
The Label control provides one way to display text in an ASP.NET Web page. Other options include the following:
HTML If you want to display static text, you can present it using HTML; you do not need a Label control. Use a Label control only if you need to change the contents or other characteristics of the text in server code.
The Literal control Like the Label control, the Literal control allows you to programmatically set text to be displayed in the page. However, the Literal control does not support style properties and does not support themes or skins.
You can set the text of the Label control at design time or at run time in a program. You can also bind the Label control's Text property to a data source to display database information on a page.
Labels as Control Captions
You can use the Label control to act as an active caption in front of a TextBox control or other control. Users can then press an access key to move to the control for which the Label control is the caption. For details, see How to: Use Label Web Server Controls as Captions.
Using Labels in List Controls
The Label control is often used in list Web server controls (Repeater, DataList, GridView, DetailsView, and FormView controls) to display read-only information from a database. The usual strategy is to add a Label control to a template for one of these controls. You then bind the Label control to a data source. For details about templates, see ASP.NET Web Server Controls Templates.
Security and the Label Control
You can set the Text property of the Label control to any string, including strings that contain markup. If the string contains markup, the Label control interprets the markup. For example, if you set the Text property to <b>Test</b>, the Label control will render the word Test in bold type.
To avoid security issues, such as the possibility of script injection, do not set the Text property to a string containing markup that comes from an untrusted source. If you do not trust the source of the string that you are using for the Text property, you should encode the string. For details, see How to: Protect Against Script Exploits in a Web Application by Applying HTML Encoding to Strings.