How to save html tags at SQL Server?

Discussion in 'ASP .Net' started by Dexter, Dec 10, 2004.

  1. Dexter

    Dexter Guest

    I need to save a text with html tags in a SQL Server database. I'm using
    server.htmlencode, but don't function.
    A error is generate.

    Somebody know how to resolve this problem?


    Dexter
     
    Dexter, Dec 10, 2004
    #1
    1. Advertising

  2. Dexter

    Dexter Guest

    The error message is:
    A potentially dangerous Request.Form value was detected from the client
    (TextBox1="...imento do <b>ISS homologado</b...").


    Dexter

    "Curt_C [MVP]" <software_AT_darkfalz.com> escreveu na mensagem
    news:%...
    > You shouldnt have to do anything. As long as the characters, like quotes,
    > are escaped you should be fine.
    > What's the error?
    >
    > --
    > Curt Christianson
    > Owner/Lead Developer, DF-Software
    > Site: http://www.Darkfalz.com
    > Blog: http://blog.Darkfalz.com
    >
    >
    > "Dexter" <> wrote in message
    > news:%239Aw%...
    >>I need to save a text with html tags in a SQL Server database. I'm using
    >>server.htmlencode, but don't function.
    >> A error is generate.
    >>
    >> Somebody know how to resolve this problem?
    >>
    >>
    >> Dexter
    >>

    >
    >
     
    Dexter, Dec 10, 2004
    #2
    1. Advertising

  3. Dexter

    Dexter Guest

    1. what version of sql server
    - SQL Server 2000
    2. where is the error message being generated?
    - A potentially dangerous Request.Form value was detected from the
    client (TextBox1="...imento do <b>ISS homologado</b...").
    3. what html tags are you trying to encode?
    - "Data de Vencimento do <b>ISS homologado</b>"

    Answer those questions and someone might be able to help you.


    Dexter


    <> escreveu na mensagem
    news:...
    >a little more information would be helpful,
    >
    > 1. what version of sql server
    > 2. where is the error message being generated?
    > 3. what html tags are you trying to encode?
    > Answer those questions and someone might be able to help you.
    >
     
    Dexter, Dec 10, 2004
    #3
  4. Dexter

    Curt_C [MVP] Guest

    You shouldnt have to do anything. As long as the characters, like quotes,
    are escaped you should be fine.
    What's the error?

    --
    Curt Christianson
    Owner/Lead Developer, DF-Software
    Site: http://www.Darkfalz.com
    Blog: http://blog.Darkfalz.com


    "Dexter" <> wrote in message
    news:%239Aw%...
    >I need to save a text with html tags in a SQL Server database. I'm using
    >server.htmlencode, but don't function.
    > A error is generate.
    >
    > Somebody know how to resolve this problem?
    >
    >
    > Dexter
    >
     
    Curt_C [MVP], Dec 10, 2004
    #4
  5. Dexter

    Guest

    a little more information would be helpful,

    1. what version of sql server
    2. where is the error message being generated?
    3. what html tags are you trying to encode?
    Answer those questions and someone might be able to help you.
     
    , Dec 10, 2004
    #5
  6. Dexter,

    What error is being generated? How are you currently trying to do the
    insert? Are you attempting to execute a string? Are you using a stored
    procedure? If you are executing a string, you may be experiencing errors
    related to characters such as a single quote that interrupt the SQL string.
    It would be safer for you to use the SqlCommand object and define a parameter
    with a specified type such as SqlDbType.Text or SqlDbType.VarChar (depending
    on your needs). Then set the parameter's value property to the HTML and give
    that a shot. The SqlCommand object will make assumptions and handle some of
    the data that would normally be invalid when executing a string.

    Thanks,
    Ian Suttle
    http://www.IanSuttle.com


    "Dexter" wrote:

    > I need to save a text with html tags in a SQL Server database. I'm using
    > server.htmlencode, but don't function.
    > A error is generate.
    >
    > Somebody know how to resolve this problem?
    >
    >
    > Dexter
    >
    >
    >
     
    =?Utf-8?B?SWFuIFN1dHRsZQ==?=, Dec 10, 2004
    #6
  7. Dexter

    Curt_C [MVP] Guest

    Thats different. You need to turn off that check for that page then. Do a
    google on that error, actually I think the error tells you exactly what to
    do. It's just another tag to add to the header.

    --
    Curt Christianson
    Owner/Lead Developer, DF-Software
    Site: http://www.Darkfalz.com
    Blog: http://blog.Darkfalz.com


    "Dexter" <> wrote in message
    news:...
    > The error message is:
    > A potentially dangerous Request.Form value was detected from the client
    > (TextBox1="...imento do <b>ISS homologado</b...").
    >
    >
    > Dexter
    >
    > "Curt_C [MVP]" <software_AT_darkfalz.com> escreveu na mensagem
    > news:%...
    >> You shouldnt have to do anything. As long as the characters, like quotes,
    >> are escaped you should be fine.
    >> What's the error?
    >>
    >> --
    >> Curt Christianson
    >> Owner/Lead Developer, DF-Software
    >> Site: http://www.Darkfalz.com
    >> Blog: http://blog.Darkfalz.com
    >>
    >>
    >> "Dexter" <> wrote in message
    >> news:%239Aw%...
    >>>I need to save a text with html tags in a SQL Server database. I'm using
    >>>server.htmlencode, but don't function.
    >>> A error is generate.
    >>>
    >>> Somebody know how to resolve this problem?
    >>>
    >>>
    >>> Dexter
    >>>

    >>
    >>

    >
    >
     
    Curt_C [MVP], Dec 10, 2004
    #7
  8. You need to add the ValidateRequest="false" on the <%@Page .. %> directive.

    "Dexter" wrote:

    > The error message is:
    > A potentially dangerous Request.Form value was detected from the client
    > (TextBox1="...imento do <b>ISS homologado</b...").
    >
    >
    > Dexter
    >
    > "Curt_C [MVP]" <software_AT_darkfalz.com> escreveu na mensagem
    > news:%...
    > > You shouldnt have to do anything. As long as the characters, like quotes,
    > > are escaped you should be fine.
    > > What's the error?
    > >
    > > --
    > > Curt Christianson
    > > Owner/Lead Developer, DF-Software
    > > Site: http://www.Darkfalz.com
    > > Blog: http://blog.Darkfalz.com
    > >
    > >
    > > "Dexter" <> wrote in message
    > > news:%239Aw%...
    > >>I need to save a text with html tags in a SQL Server database. I'm using
    > >>server.htmlencode, but don't function.
    > >> A error is generate.
    > >>
    > >> Somebody know how to resolve this problem?
    > >>
    > >>
    > >> Dexter
    > >>

    > >
    > >

    >
    >
    >
     
    =?Utf-8?B?VHUtVGhhY2g=?=, Dec 10, 2004
    #8
  9. Dexter

    pramodgoswami

    Joined:
    Aug 29, 2007
    Messages:
    1
    for storing html in sql server database follow the step given below:-

    first you have to take input from user through javascript html box
    then
    insert this value into the database. the datatype should be any varchar of enough length to hold that text or use text datatype of sqlserver.
    IT will surely work.
    If problem exist contact me.
     
    pramodgoswami, Aug 29, 2007
    #9
  10. Dexter

    tizard

    Joined:
    Jul 1, 2010
    Messages:
    1
    Hi all, Im trying to store text in a textbox to a sql database which I can do fine until I try to use <br /> to give me a line break when it is read back and displayed on another page. My problem is I get the usual 'A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$GridView1$ctl02$TextBox1="...' error.

    In more detail, I have a gridview that is edit enabled so I can edit what is already stored in my db and click Update which will update my db data. But as I said above if I try to put HTML into my textbox I get an error.

    I have a gridview with this code:

    Code:
     <asp:GridView ID="GridView1" runat="server" AllowPaging="True" 
            AllowSorting="True" AutoGenerateColumns="False" DataKeyNames="propertyRef" 
            DataSourceID="SqlDataSource1">
    
    ...
    
    <EditItemTemplate>
                        <asp:TextBox ID="TextBox1" runat="server" Text='<%# Bind("fullDescription") %>'></asp:TextBox>
                    </EditItemTemplate>
    
    ...
    
    </asp:GridView>
    
    <asp:SqlDataSource ID="SqlDataSource1" runat="server"
    
    ...
    
    UpdateCommand="UPDATE [propertysForRentTable] SET [fullDescription] = @fullDescription">
    
    ...
    
    <UpdateParameters>
      <asp:Parameter Name="fullDescription" Type="String" />
    </UpdateParameters>
    </asp:SqlDataSource>
    and code behind of:

    Code:
     protected void GridView1_RowUpdating(Object sender, GridViewUpdateEventArgs e)
        {
    TextBox tbox = GridView1.Rows[e.RowIndex].FindControl("TextBox1") as TextBox;
            if (tbox != null)
            {
                // Console.WriteLine("found it");
                e.NewValues["fullDescription"] = System.Web.HttpUtility.HtmlEncode(tbox.Text);
            }
    }
    but i cant seem to add html code to my textbox text and update it in my sql database.
    I should add I've tried the 'ValidateRequest=false' and that makes no difference.


    Any ideas why not, cheers

    Trevor
    (SqlServer Express 2010, .Net 4)
     
    Last edited: Jul 1, 2010
    tizard, Jul 1, 2010
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dean H. Saxe
    Replies:
    0
    Views:
    1,043
    Dean H. Saxe
    Jan 3, 2004
  2. Rob Nicholson
    Replies:
    3
    Views:
    759
    Rob Nicholson
    May 28, 2005
  3. Donald Firesmith

    html tags within meta tags allowed?

    Donald Firesmith, Jan 5, 2005, in forum: XML
    Replies:
    5
    Views:
    911
    Andy Dingley
    Jan 8, 2005
  4. Tor Inge Rislaa

    Adding HTML tags to data from SQL server

    Tor Inge Rislaa, Nov 9, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    701
    seigo
    Nov 9, 2006
  5. Bhuwan Bhaskar
    Replies:
    5
    Views:
    579
    Bhuwan Bhaskar
    Oct 21, 2007
Loading...

Share This Page