Passing html into a database field

N

N_K

Member
Joined
Oct 10, 2006
Messages
22
Programming Experience
3-5
Hi,

Im writing a control to send answers to FAQs to the database. Some of these answers may have html a links in them.

How should I treat these fields so that any characters harmful to the MSSQL database are converted but still parse as html when recalled later and sent to a page?

At the moment I get an error saying "A potentially dangerous Request.Form value was detected from the client " when I try to submit some text with a hyperlink in.

I'm using VB.Net.

Cheers,

NK
 
Last edited:
Sort by date Sort by votes
Set the page's ValidateRequest property to false:
HTML: 
<%@ Page ... validateRequest="false" %>
And use Server.HtmlEncode, Server.HtmlDecode methods.
 
Upvote 0 Downvote
You can also use Server.HtmlEncode and Server.HtmlDecode to store the values. This way any harmful characters will be encoded as you have often seen in the url links.
 
Upvote 0 Downvote

Similar threads

Runescope
  • Question
Question Concurrency Violation. Can't force an edit into the database.
Replies
8
Views
14K
cjard
cjard
V
  • Question
Question Some challenges related to databases
Replies
0
Views
2K
VBozzy
V
A
  • Question
Apose tools
8 9 10
Replies
136
Views
75K
aspose_seo
A
S
  • Question
Question How to detect control characters in database fields
Replies
2
Views
3K
Snowflake
S
J
  • Question
Question Simple database help in getting started
Replies
1
Views
3K
jmcilhinney
jmcilhinney

Share this page

Latest posts

Back
Top