将 HTML 数据插入 SQL Server
我在将 HTML 数据插入 SQL Server 时遇到问题。详细信息如下:
这是我的存储过程;
@articleID int,
@articleBody nvarchar(max)
AS
UPDATE v2_Articles SET articleBody = @articleBody WHERE articleID = @articleID
这是我用于插入数据的 asp 代码;
x_articleBody = Replace(Replace(Request.Form("x_articleBody"), CHR(34), """"), "'", """")
Connection.Open(ConnStr)
Connection.Execute("EXEC InsertBody @articleID = " & aID & ", _
@articleBody = '" & x_articleBody & "'")
Connection.Close()
这是我要插入的数据;
<font> TEXT TEXT TEXT TEXT</font>
所以,问题是:当我尝试这个时,数据保存直到
这意味着在处理 sql 表之后发生变化;
<font> TEXT TEXT
有什么想法吗?
ps。我正在使用 nicedit 文本编辑器来生成 html 数据。
I have a problem about inserting HTML data into SQL Server. here are the details:
this is my stored procedure;
@articleID int,
@articleBody nvarchar(max)
AS
UPDATE v2_Articles SET articleBody = @articleBody WHERE articleID = @articleID
and this is my asp code for inserting data;
x_articleBody = Replace(Replace(Request.Form("x_articleBody"), CHR(34), """"), "'", """")
Connection.Open(ConnStr)
Connection.Execute("EXEC InsertBody @articleID = " & aID & ", _
@articleBody = '" & x_articleBody & "'")
Connection.Close()
and this is my data for insert;
<font> TEXT TEXT TEXT TEXT</font>
So, problem is: when I try this, data saving until
it means after the process sql table is changing like;
<font> TEXT TEXT
Is there any idea about that?
ps. I'm using nicedit text editor for generating html data.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
首先,不要使用嵌入式 SQL - 这样做会给自己带来额外的麻烦,因为您必须经历这种数据清理混乱,并且将您的应用程序暴露给潜在的 SQL 注入。
创建一个将文本作为参数的存储过程,并使用它来保存 HTML 标记。
First of all, do not use embedded SQL - you are causing yourself extra headaches by doing that, because you have to go through this data cleansing mess and you're exposing your application to potential SQL Injection.
Create a stored procedure that takes text as a parameter, and use that to save your HTML markup.