How to run HTML based sql query from MultilineTextBox?

Question

I have a multiline textbox from which I am updating my sql store procedure. In my store procedure I'm sending email(Html Formated) to user via SQL Job. Problem is when I try to put below code in my textbox my submit button is stop working and perform no action.

Set @link = ' <br> URL: <a href=abc.com/default4.aspx> abc.com/default4.aspx</a> <br> ' -- For Test

I'm also tried to put validateRequest="false" in my page directive but nothing happened.

Sorry here I mentioned one thing more that when I remove <br> tag from above code my submit button works fine. But when I put only <br> in my ASP.Net Textbox submit button again perform no action on submit.

How can I able to insert HTML Tags in ASP.Net Textbox.

Also I found below links regarding to my question but these links not works for me.

Allow HTML tags in TextBox control

ASP.Net Text with LineBreak from Multi-Line-TextBox to save in a database

ASP.NET Replacing Line Break with HTML br not working

score 1 · Answer 1 · answered Jun 06 '17 at 09:42

1

You should put HTML attribute values in double quotes;

<a href="abc.com/default4.aspx">
        ^                     ^

Also br tags should be self closed;

<br/>
   ^

Also, I don't fully understand what you mean by 'I have a multiline textbox from which I am updating my sql store procedure', but if you are having users type SQL code into a textbox this is usually a terrible idea... You should consider having them just type the URL and having this inserted into the SQL in a safe manner....

answered Jun 06 '17 at 09:42

Milney

6,253
2
19
33

Means from textbox I am running a sql store procedure in which I am generating email. – Ahmer Ali Ahsan Jun 06 '17 at 10:54
You don't run things 'from a textbox', a textbox just takes in input... – Milney Jun 06 '17 at 11:32
So you are running the query straight form the text box.... do you understand why that is usually a bad idea? – Milney Jun 07 '17 at 07:55
Yes. I know that it is a bad idea but I need this in my testing. – Ahmer Ali Ahsan Jun 07 '17 at 07:58
As a developer I need to know how to run sql procedures from textbox. Also I know the disadvantages of it. – Ahmer Ali Ahsan Jun 07 '17 at 07:59
Why would you need to run it from the textbox? You would usually use SSMS (Management Studio) to run Ad-Hoc queries... and if your application needs to run SQL, it should have hard coded SQL statements, which you simply fill with parameters: https://www.mssqltips.com/sqlservertip/2981/using-parameters-for-sql-server-queries-and-stored-procedures/ – Milney Jun 07 '17 at 08:01
If you need to have users run SQL queries... why not give them access to management studio? Instead of (insecurely) re-inventing the wheel – Milney Jun 07 '17 at 08:01
You're right. I need this because after our live deployment on client side we have no rights to access live database directly. So we created a Page in which we fixed bugs in our Store Procedures. Also only admin users can access that page and their log will generate. – Ahmer Ali Ahsan Jun 07 '17 at 08:40

Ahmer Ali Ahsan · Accepted Answer · 2017-06-07T07:46:40.667

After spending some time on internet I found my answer.

Here I'm sharing my findings.

I put below in my page header

<script>
    function fnescape() {
        document.getElementById('myTextBox1').value = window.escape(document.getElementById('myTextBox1').value);
    };

    function fnunescape() {
        document.getElementById('myTextBox1').value = window.unescape(document.getElementById('myTextBox1').value);
    }
</script>

and put below code before closing body tag

<script>
    fnunescape();
</script>

set ClientIDMode="Static" to ASP.Net Textbox

Codebehind:

put below code inside submit button clicked

var query = System.Uri.UnescapeDataString(txtInsertQuery.Text.ToString().Trim());

Reference Link

Unescape JavaScript's escape() using C#

How to run HTML based sql query from MultilineTextBox?

2 Answers2