Help in HTML tags entry in SQL server
-
Hi! I m developing an application in C# asp.net....when i give value like in my text box and then insert it into sql server by using insert query ....it gives exception message A potentially dangerous REquest.Form value was detected from the client is there any way to insert values like this coz i have to do it must
-
Hi! I m developing an application in C# asp.net....when i give value like in my text box and then insert it into sql server by using insert query ....it gives exception message A potentially dangerous REquest.Form value was detected from the client is there any way to insert values like this coz i have to do it must
The exception is being thrown is a SqlException? Or is it from the page? It is more likely the exception is being thrown from the page as a HttpRequestValidationException. Setting ValidateRequest=true on the page will stop this, however it opens you potentially dangerous attacks. ValidateRequest Indicates whether request validation should occur. If true, request validation checks all input data against a hard-coded list of potentially dangerous values. If a match occurs, an HttpRequestValidationException exception is thrown. The default is true. This feature is enabled in the machine configuration file (Machine.config). You can disable it in your application configuration file (Web.config) or on the page by setting this attribute to false. Note This functionality helps reduce the risk of cross-site scripting attacks for straightforward pages and ASP.NET applications. An application that does not properly validate user input can suffer from many types of malformed input attacks, including cross-site scripting and Microsoft SQL Server injection attacks. There is no substitute for carefully evaluating all forms of input in an application and making sure that they are either properly validated or encoded, or that the application is escaped prior to manipulating data or sending information back to the client.
only two letters away from being an asset
-
The exception is being thrown is a SqlException? Or is it from the page? It is more likely the exception is being thrown from the page as a HttpRequestValidationException. Setting ValidateRequest=true on the page will stop this, however it opens you potentially dangerous attacks. ValidateRequest Indicates whether request validation should occur. If true, request validation checks all input data against a hard-coded list of potentially dangerous values. If a match occurs, an HttpRequestValidationException exception is thrown. The default is true. This feature is enabled in the machine configuration file (Machine.config). You can disable it in your application configuration file (Web.config) or on the page by setting this attribute to false. Note This functionality helps reduce the risk of cross-site scripting attacks for straightforward pages and ASP.NET applications. An application that does not properly validate user input can suffer from many types of malformed input attacks, including cross-site scripting and Microsoft SQL Server injection attacks. There is no substitute for carefully evaluating all forms of input in an application and making sure that they are either properly validated or encoded, or that the application is escaped prior to manipulating data or sending information back to the client.
only two letters away from being an asset