How to save text of FCKEditor on database?

Question

I am using FCKEditor on my page.

and i want to save its content on database..but on doing this error A potentially dangerous Request.Form value was detected from the client (LongDescriptionVal="<p>hello..</p>"). occur on my page..

what i am doing is here:-

aspx.cs:-

protected void btnadd_Click(object sender, EventArgs e)

{
    string _detail = Request["LongDescriptionVal"].ToString();
    string query = "insert into Description(description) values('" + _detail.Trim() + "')";
    SqlCommand cmd = new SqlCommand(query, con);
    con.Open();
    cmd.ExecuteNonQuery();
    con.Close();
}

and aspx:-

<strong>Full Description :</strong>
                <br />
                            <!--Editor Code comes here  -->

                            <script type="text/javascript">
                                <!--
                                var oFCKeditor = new FCKeditor( 'LongDescriptionVal') ;
                                oFCKeditor.BasePath = 'fckeditor/';
                                oFCKeditor.Height   = 300;
                                oFCKeditor.Value    = '<%=FullDescription%>';
                                oFCKeditor.Create() ;
                                //-->
                            </script>
                  <br />
                  <asp:Button ID="btnadd" runat="server" Text="Add" OnClick="btnadd_Click" />

anyone can tell me that how can i save data on database...

Thanks in advance..

Thanks to all.. now it is running.... – divya Jun 02 '11 at 10:51 — divya, Jun 02 '11 at 10:51

score 1 · Answer 1 · edited May 23 '17 at 12:12

Have a look at this question: A potentially dangerous Request.Form value was detected from the client

The gist of the answer is that you can suppress the warning by setting validateRequest="false" in the <@Page directive of your aspx file.

There is a reason for that warning however, by doing so you could in your case open yourself up to all sorts of attacks. Given the nature of your database access code can I suggest that you read up on using Parameterized Queries

score 1 · Accepted Answer · answered Jun 02 '11 at 10:44

1

add validateRequest="false" into your page;

Sample;

<%@ Page Title="" Language="C#" MasterPageFile="~/Site.Master" AutoEventWireup="true" CodeBehind="Default.aspx.cs" ValidateRequest="false" Inherits="MyApp.Default" %>

answered Jun 02 '11 at 10:44

tugberk

57,477
67
243
335

score 1 · Answer 3 · answered Jun 02 '11 at 10:44

1

in aspx page, set the property ValidateRequest="False", but don't forget to encode input before saving in database.

answered Jun 02 '11 at 10:44

Adeel

19,075
4
46
60

How to save text of FCKEditor on database?

3 Answers3