Domanda
My Column in the DB are: nvarchar(MAX)
I need to add HTML code into my Database: from CKEditor. I get the following Error.
https://stackoverflow.com/questions/14104912
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianA potentially dangerous Request.Form value was detected from the client (Description="<h1>Heding 1 </...").
I am using the following Code:
var String=Request["String"];
I even used the following:
var String= HttpUtility.HtmlEncode(Request["String"]);
String=Request["String"];
here is part of my code:
if(IsPost){
var Description =Request.Unvalidated["Description"];
// Here I insert into Database
and The FORM part is:
<form action="" enctype="multipart/form-data" method="post">
<div class="row">
<div class="two columns offset-by-two"><br/><label> Description: </label><br/></div>
<div class="eight columns"><textarea name="Description"></textarea></div>
I want to store the text from "Description" to my database....
Soluzione
You simply need to use Request.Unvalidated to reference inputs that contain HTML if you don't want ASP.NET Request validation kicking in within the ASP.NET Web Pages framework:
var text = Request.Unvalidated["myTextBox"];
Or:
var text = Request.Unvalidated("myTextBox");
Altri suggerimenti
It looks like HtmlEncoding should do the trick.
Did you try the following:
var myColumnData = HttpUtility.HtmlEncode(Request["String"]);
Then pass this myColumnData, and all other columns to your Database table.
Edit: In addition to above, you may also want to look at the project settings, as it is recommended in the following blog - A potentially dangerous Request value was detected from the client.
This did the trick for me.
var text = Request.Unvalidated["myTextBox"];
Thank you.
SAFETY RULES.....Before you push it to the database, i suggest you filter suspicious tags such as script tags.
var x = Request.Unvalidated("MyField");
if(x.Contains("<script>") || x.Contains("</script>")){
//no script tag allowed.
}
