Last post May 11, 2013 10:06 AM by Afzaal.Ahmad.Zeeshan
Member
294 Points
304 Posts
May 09, 2013 06:22 AM|a-rad|LINK
Hey guys,
I am coding a basic web application and would like to know the best way to insert HTML? At the moment this is what my page looks like:
@{ var Name=""; var Details=""; if(IsPost){ Validation.RequireField("formName", "You must enter a Subject Name"); Validation.RequireField("formDetails", "You must enter Subject Details"); SubjectName=Request["formName"]; SubjectDetails=Request["formDetails"]; if(Validation.IsValid()){ var SQLINSERT = "INSERT INTO TABLE (name, details) VALUES (@0, @1)"; var db = Database.Open("DATABASE"); db.Execute(SQLINSERT, Name, Details); Response.Redirect("~/Admin"); } } } @Html.ValidationSummary() <h2>My Form</h2> <form action="" method="post"> <p>Name:<input type="text" name="formaName" /></p> <p>Details:<textarea name="formDetails" /></textarea></p> <p><input type="submit" value="Add" /></p> </form>
When I use this - I get an error spat out:
I understand why its happening however I need advise as to how I make my page allow the code and not compromise SQL security?
Star
11795 Points
2340 Posts
May 09, 2013 06:31 AM|urenjoy|LINK
Use Request.Unvalidated["myTextBox"]
check following:
http://www.mikesdotnetting.com/Article/159/WebMatrix-Protecting-Your-Web-Pages-Site
Participant
1300 Points
407 Posts
May 10, 2013 04:55 AM|akhleshchauhan|LINK
if you are using MVC then
[AllowHtml] Attribute is avilable to allow html for your asp.net application.
Contributor
4010 Points
1926 Posts
May 11, 2013 10:06 AM|Afzaal.Ahmad.Zeeshan|LINK
You can convert that to a string!
like
SubjectDetails = Request["formDetails"].ToString();
This way, a string would be saved to database.
Member
294 Points
304 Posts
Best way to insert HTML into database
May 09, 2013 06:22 AM|a-rad|LINK
Hey guys,
I am coding a basic web application and would like to know the best way to insert HTML? At the moment this is what my page looks like:
@{ var Name=""; var Details=""; if(IsPost){ Validation.RequireField("formName", "You must enter a Subject Name"); Validation.RequireField("formDetails", "You must enter Subject Details"); SubjectName=Request["formName"]; SubjectDetails=Request["formDetails"]; if(Validation.IsValid()){ var SQLINSERT = "INSERT INTO TABLE (name, details) VALUES (@0, @1)"; var db = Database.Open("DATABASE"); db.Execute(SQLINSERT, Name, Details); Response.Redirect("~/Admin"); } } } @Html.ValidationSummary() <h2>My Form</h2> <form action="" method="post"> <p>Name:<input type="text" name="formaName" /></p> <p>Details:<textarea name="formDetails" /></textarea></p> <p><input type="submit" value="Add" /></p> </form>When I use this - I get an error spat out:
Server Error in '/' Application.
A potentially dangerous Request.Form value was detected from the client
I understand why its happening however I need advise as to how I make my page allow the code and not compromise SQL security?
Star
11795 Points
2340 Posts
Re: Best way to insert HTML into database
May 09, 2013 06:31 AM|urenjoy|LINK
Use Request.Unvalidated["myTextBox"]
check following:
http://www.mikesdotnetting.com/Article/159/WebMatrix-Protecting-Your-Web-Pages-Site
Participant
1300 Points
407 Posts
Re: Best way to insert HTML into database
May 10, 2013 04:55 AM|akhleshchauhan|LINK
if you are using MVC then
[AllowHtml] Attribute is avilable to allow html for your asp.net application.
Akhlesh Chauhan
Contributor
4010 Points
1926 Posts
Re: Best way to insert HTML into database
May 11, 2013 10:06 AM|Afzaal.Ahmad.Zeeshan|LINK
You can convert that to a string!
like
This way, a string would be saved to database.