0

Error:

A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$htmlCode="table style="backgr...")

Code:

    SqlConnection n_con = new SqlConnection(constring);
    n_con.Open();
    string N_Query = "update imageAd set code = '"+textbox1.text+"' where id = '" + id + "'";
    SqlCommand N_cmd = new SqlCommand(N_Query, n_con);
    N_cmd.ExecuteNonQuery();
Improve this question
2
  • What is SQL 2008 Simple? Commented Nov 20, 2016 at 22:36
  • Learn about parameterised queries, particularly if turning off request validation as mentioned by @jafarbtech Commented Nov 21, 2016 at 5:08

1 Answer 1

Reset to default
2

Set validateRequest="false" in the <%@ Page ... %> directive in your .aspx

In .NET 4 you may need to do a little more. Sometimes it's necessary to also add <httpRuntime requestValidationMode="2.0" /> to web.config

Note : But this will cause script injection and Sql injection attacks possible in that page. Thats why it shows "A potentially dangerous". To prevent it use Lbel1.Text = Server.HtmlEncode(TextBox1.Text) when you displaying the html which u got input from this page. you can negotiate it if you are using in admin side of the webpage

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Erm, doesn't this query have an enormous SQL injection vulnerability in it, and isn't that worth mentioning in your answer?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.