HtmlEncode? Other Alternative?

G

Groove

Hey guys. I'm working a large project that has dozens of forms to collect
user input. A lot of the fields are text and capture long text from the
user. It writes to MS SQL 2000.

I've built a simple "replace" function to replace and encode harmful
characters on the server side such as single quotes, commas and so on.
Problem is that when a user submits a < or a > char, the server barks and
sees it as harmful. For example:

A potentially dangerous Request.Form value was detected from the client
(txtDescription="My expenses are > my revenues").

It's likely that the user will use these two chars. I thought about looking
into HTMLEncode but this is processed on the server. So how should I handle
this? Should I use HTMLEncode? How do the guru's do it?

Thanks!

(asp.net 2 /vb)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top