G
Groove
Hey guys. I'm working a large project that has dozens of forms to collect
user input. A lot of the fields are text and capture long text from the
user. It writes to MS SQL 2000.
I've built a simple "replace" function to replace and encode harmful
characters on the server side such as single quotes, commas and so on.
Problem is that when a user submits a < or a > char, the server barks and
sees it as harmful. For example:
A potentially dangerous Request.Form value was detected from the client
(txtDescription="My expenses are > my revenues").
It's likely that the user will use these two chars. I thought about looking
into HTMLEncode but this is processed on the server. So how should I handle
this? Should I use HTMLEncode? How do the guru's do it?
Thanks!
(asp.net 2 /vb)
user input. A lot of the fields are text and capture long text from the
user. It writes to MS SQL 2000.
I've built a simple "replace" function to replace and encode harmful
characters on the server side such as single quotes, commas and so on.
Problem is that when a user submits a < or a > char, the server barks and
sees it as harmful. For example:
A potentially dangerous Request.Form value was detected from the client
(txtDescription="My expenses are > my revenues").
It's likely that the user will use these two chars. I thought about looking
into HTMLEncode but this is processed on the server. So how should I handle
this? Should I use HTMLEncode? How do the guru's do it?
Thanks!
(asp.net 2 /vb)