How to save html tags at SQL Server?

[Dexter]

I need to save a text with html tags in a SQL Server database. I'm using
server.htmlencode, but don't function.
A error is generate.

Somebody know how to resolve this problem?


Dexter

 

[Dexter]

The error message is:
A potentially dangerous Request.Form value was detected from the client
(TextBox1="...imento do <b>ISS homologado</b...").


Dexter

 

[Dexter]

1. what version of sql server
- SQL Server 2000
2. where is the error message being generated?
- A potentially dangerous Request.Form value was detected from the
client (TextBox1="...imento do <b>ISS homologado</b...").
3. what html tags are you trying to encode?
- "Data de Vencimento do <b>ISS homologado</b>"

Answer those questions and someone might be able to help you.


Dexter

 

[Curt_C [MVP]]

You shouldnt have to do anything. As long as the characters, like quotes,
are escaped you should be fine.
What's the error?

 

[dkode8]

a little more information would be helpful,

1. what version of sql server
2. where is the error message being generated?
3. what html tags are you trying to encode?
Answer those questions and someone might be able to help you.

 

[Guest]

Dexter,

What error is being generated? How are you currently trying to do the
insert? Are you attempting to execute a string? Are you using a stored
procedure? If you are executing a string, you may be experiencing errors
related to characters such as a single quote that interrupt the SQL string.
It would be safer for you to use the SqlCommand object and define a parameter
with a specified type such as SqlDbType.Text or SqlDbType.VarChar (depending
on your needs). Then set the parameter's value property to the HTML and give
that a shot. The SqlCommand object will make assumptions and handle some of
the data that would normally be invalid when executing a string.

Thanks,
Ian Suttle
http://www.IanSuttle.com

 

[Curt_C [MVP]]

Thats different. You need to turn off that check for that page then. Do a
google on that error, actually I think the error tells you exactly what to
do. It's just another tag to add to the header.

--
Curt Christianson
Owner/Lead Developer, DF-Software
Site: http://www.Darkfalz.com
Blog: http://blog.Darkfalz.com

 

[Guest]

You need to add the ValidateRequest="false" on the <%@Page .. %> directive.

 

[pramodgoswami]

I need to save a text with html tags in a SQL Server database. I'm using
server.htmlencode, but don't function.
A error is generate.

Somebody know how to resolve this problem?


Dexter

for storing html in sql server database follow the step given below:-

first you have to take input from user through javascript html box
then
insert this value into the database. the datatype should be any varchar of enough length to hold that text or use text datatype of sqlserver.
IT will surely work.
If problem exist contact me.

 

[tizard]

Hi all, Im trying to store text in a textbox to a sql database which I can do fine until I try to use <br /> to give me a line break when it is read back and displayed on another page. My problem is I get the usual 'A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$GridView1$ctl02$TextBox1="...' error.

In more detail, I have a gridview that is edit enabled so I can edit what is already stored in my db and click Update which will update my db data. But as I said above if I try to put HTML into my textbox I get an error.

I have a gridview with this code:

 <asp:GridView ID="GridView1" runat="server" AllowPaging="True" 
        AllowSorting="True" AutoGenerateColumns="False" DataKeyNames="propertyRef" 
        DataSourceID="SqlDataSource1">

...

<EditItemTemplate>
                    <asp:TextBox ID="TextBox1" runat="server" Text='<%# Bind("fullDescription") %>'></asp:TextBox>
                </EditItemTemplate>

...

</asp:GridView>

<asp:SqlDataSource ID="SqlDataSource1" runat="server"

...

UpdateCommand="UPDATE [propertysForRentTable] SET [fullDescription] = @fullDescription">

...

<UpdateParameters>
  <asp:Parameter Name="fullDescription" Type="String" />
</UpdateParameters>
</asp:SqlDataSource>

and code behind of:

 protected void GridView1_RowUpdating(Object sender, GridViewUpdateEventArgs e)
    {
TextBox tbox = GridView1.Rows[e.RowIndex].FindControl("TextBox1") as TextBox;
        if (tbox != null)
        {
            // Console.WriteLine("found it");
            e.NewValues["fullDescription"] = System.Web.HttpUtility.HtmlEncode(tbox.Text);
        }
}

but i cant seem to add html code to my textbox text and update it in my sql database.
I should add I've tried the 'ValidateRequest=false' and that makes no difference.


Any ideas why not, cheers

Trevor
(SqlServer Express 2010, .Net 4)