CODEWITHSUNDEEP
asp.netfckeditor
divya
divya

Reputation: 405

How to save text of FCKEditor on database?

I am using FCKEditor on my page.

and i want to save its content on database..but on doing this error A potentially dangerous Request.Form value was detected from the client (LongDescriptionVal="<p>hello..</p>"). occur on my page..

what i am doing is here:-

aspx.cs:-

protected void btnadd_Click(object sender, EventArgs e)

{
    string _detail = Request["LongDescriptionVal"].ToString();
    string query = "insert into Description(description) values('" + _detail.Trim() + "')";
    SqlCommand cmd = new SqlCommand(query, con);
    con.Open();
    cmd.ExecuteNonQuery();
    con.Close();
}

and aspx:-

<strong>Full Description :</strong>
                <br />
                            <!--Editor Code comes here  -->

                            <script type="text/javascript">
                                <!--
                                var oFCKeditor = new FCKeditor( 'LongDescriptionVal') ;
                                oFCKeditor.BasePath = 'fckeditor/';
                                oFCKeditor.Height   = 300;
                                oFCKeditor.Value    = '<%=FullDescription%>';
                                oFCKeditor.Create() ;
                                //-->
                            </script>
                  <br />
                  <asp:Button ID="btnadd" runat="server" Text="Add" OnClick="btnadd_Click" />

anyone can tell me that how can i save data on database...

Thanks in advance..

Upvotes: 1

Views: 1745

Answers (3)

Adeel
Adeel

Reputation: 19238

in aspx page, set the property ValidateRequest="False", but don't forget to encode input before saving in database.

Upvotes: 1

tugberk
tugberk

Reputation: 58494

add validateRequest="false" into your page;

Sample;

<%@ Page Title="" Language="C#" MasterPageFile="~/Site.Master" AutoEventWireup="true" CodeBehind="Default.aspx.cs" ValidateRequest="false" Inherits="MyApp.Default" %>

Upvotes: 1

devprog
devprog

Reputation: 285

Have a look at this question: A potentially dangerous Request.Form value was detected from the client

The gist of the answer is that you can suppress the warning by setting validateRequest="false" in the <@Page directive of your aspx file.

There is a reason for that warning however, by doing so you could in your case open yourself up to all sorts of attacks. Given the nature of your database access code can I suggest that you read up on using Parameterized Queries

Upvotes: 1

Related Questions