如何将FCKEditor的文本保存到数据库中?
我在我的页面上使用 FCKEditor。
我想将其内容保存在数据库上..但是在执行此错误时 hello..从客户端检测到潜在危险的 Request.Form 值 (LongDescriptionVal=" 发生在我的页面上..
我正在做的事情在这里:-
aspx.cs:-
protected void btnadd_Click(object sender, EventArgs e)
{
string _detail = Request["LongDescriptionVal"].ToString();
string query = "insert into Description(description) values('" + _detail.Trim() + "')";
SqlCommand cmd = new SqlCommand(query, con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
和 aspx:-
<strong>Full Description :</strong>
<br />
<!--Editor Code comes here -->
<script type="text/javascript">
<!--
var oFCKeditor = new FCKeditor( 'LongDescriptionVal') ;
oFCKeditor.BasePath = 'fckeditor/';
oFCKeditor.Height = 300;
oFCKeditor.Value = '<%=FullDescription%>';
oFCKeditor.Create() ;
//-->
</script>
<br />
<asp:Button ID="btnadd" runat="server" Text="Add" OnClick="btnadd_Click" />
任何人都可以告诉我如何在数据库中保存数据...
提前致谢..
I am using FCKEditor on my page.
and i want to save its content on database..but on doing this error A potentially dangerous Request.Form value was detected from the client (LongDescriptionVal="<p>hello..</p>"). occur on my page..
what i am doing is here:-
aspx.cs:-
protected void btnadd_Click(object sender, EventArgs e)
{
string _detail = Request["LongDescriptionVal"].ToString();
string query = "insert into Description(description) values('" + _detail.Trim() + "')";
SqlCommand cmd = new SqlCommand(query, con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
and aspx:-
<strong>Full Description :</strong>
<br />
<!--Editor Code comes here -->
<script type="text/javascript">
<!--
var oFCKeditor = new FCKeditor( 'LongDescriptionVal') ;
oFCKeditor.BasePath = 'fckeditor/';
oFCKeditor.Height = 300;
oFCKeditor.Value = '<%=FullDescription%>';
oFCKeditor.Create() ;
//-->
</script>
<br />
<asp:Button ID="btnadd" runat="server" Text="Add" OnClick="btnadd_Click" />
anyone can tell me that how can i save data on database...
Thanks in advance..
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
将 validateRequest="false" 添加到您的页面中;
样本;
add validateRequest="false" into your page;
Sample;
看看这个问题:
检测到潜在危险的 Request.Form 值客户端
答案的要点是,您可以通过在 aspx 文件的 <@Page 指令中设置 validateRequest="false" 来抑制警告。
然而,发出该警告是有原因的,如果这样做,您可能会面临各种攻击。鉴于您的数据库访问代码的性质,我建议您阅读有关使用参数化查询的内容
Have a look at this question:
A potentially dangerous Request.Form value was detected from the client
The gist of the answer is that you can suppress the warning by setting validateRequest="false" in the <@Page directive of your aspx file.
There is a reason for that warning however, by doing so you could in your case open yourself up to all sorts of attacks. Given the nature of your database access code can I suggest that you read up on using Parameterized Queries
在 aspx 页面中,设置属性
ValidateRequest="False",但不要忘记在保存到数据库之前对输入进行编码。in aspx page, set the property
ValidateRequest="False", but don't forget to encode input before saving in database.