Encoding Html code and Insert into database

Question

I want insert html tags in encoded form into sql database table.I use MVC4 for developing this. I take the html code into the following model item.

public class ResourceItems
{
     public string Res_Details { get; set; }
}

what will be the controller/model action

my html code is in a textarea(in a form). so where i put this. In controller or model — user2586070, Jul 17 '13 at 08:13
Vauge question! plz elaborate what you want and what's your problem? — Tomer W, Jul 17 '13 at 08:13

Jason Evans · Answer 1 · 2013-07-17T08:18:50.640

0

To encode the string, you can use the HttpUtility.HtmlEncode function.

private ActionResult Index(ResourceItem item){

    string encoded = HttpUtility.Encode(item.Res_Details);

    // Whatever you do to save to the database.
}

Now I don't know what your MVC code looks like, so the above example is just a guess. However the core idea of the encoding should suffice.

edited Jul 17 '13 at 08:18

answered Jul 17 '13 at 08:10

Jason Evans

28,906
14
90
154

When you say it's not working, how is it not working? Exception being raised, the string is not encoded? Bit more info dude :) – Jason Evans Jul 17 '13 at 08:13
i always get the error msg like: A potentially dangerous Request.Form value was detected from the client (Res_Details="
dhf
"). – user2586070 Jul 17 '13 at 08:14
OK, take a look at this: http://stackoverflow.com/questions/81991/a-potentially-dangerous-request-form-value-was-detected-from-the-client – Jason Evans Jul 17 '13 at 08:16
1

But you must be careful. Don't just accept data into your controller action without encoding it. If you just accept HTML input as is, then you might be opening yourself up to some dangerous JavaScript code, for example. – Jason Evans Jul 17 '13 at 08:17

Encoding Html code and Insert into database

1 Answers1

dhf