Strange error when RichTextBox Submit! [Resolved]

Posted by Coolbharat under ASP.NET on 1/24/2014 | Points: 10 | Views : 760 | Status : [Member] | Replies : 2
hi,
i have been assigned a job to enable the owner of the website to EDIT the Text Contents of his website as and when he desires.So i have designed a Database with a field 'RichTextData' having 'nvarchar(max)' datatype.The user can edit the contents by clicking on the EDIT button which opens a RichTextEditor.When it loads it retrieves the contents from the database and represents it.But when i press ENTER button and add some data a strange error occures i.e. say i press ENTER after some text and type agyt and SUBMIT the RichTextBox Data then this occures-:

"A potentially dangerous Request.Form value was detected from the client (FreeTextBox1="...o muyt

<div>agyt</div>")."

I set ValidateRequest="false" in the Page directive for that page only.But it gives the same error.I don't want to set ValidateRequest="false" for the entire website i.e. in web.config page.Please help me out.Here is my code

codebehind-:
public partial class My_Code_test_ftb : System.Web.UI.Page
{

SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["mycon"].ConnectionString);
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
BindData();
}
}

protected void BindData()
{
con.Open();
SqlCommand cmd = new SqlCommand("select RichTextData from RichTextBoxData", con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds);
//SqlDataReader reader = cmd.ExecuteReader();
//while (reader.Read())
//{
// FreeTextBox1.Text
//}

//gvdetails.DataSource = ds;
//gvdetails.DataBind();

foreach (DataRow row in ds.Tables[0].Rows)
{
for (int i = 0; i < ds.Tables[0].Columns.Count; i++)
FreeTextBox1.Text += Server.HtmlDecode(row[i].ToString()) + Server.HtmlDecode(Environment.NewLine);
FreeTextBox1.Text += Server.HtmlDecode(Environment.NewLine);
}

}

protected void btnSubmit_Click(object sender, EventArgs e)
{
String encodestr = Server.HtmlEncode(FreeTextBox1.Text.ToString());
con.Open();
SqlCommand cmd = new SqlCommand("insert into RichTextBoxData(RichTextData) values(@Richtextbox)", con);
cmd.Parameters.AddWithValue("@Richtextbox", encodestr);
cmd.ExecuteNonQuery();
con.Close();
FreeTextBox1.Text = "";
BindData();
}

frontend-:

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
<title>Richtextbox Sample</title>
<script type="text/javascript">
function validate() {
var doc = document.getElementById('FreeTextBox1');
if (doc.value.length == 0) {
alert('Please Enter data in Richtextbox');
return false;
}
}
</script>
</head>
<body>
<form id="form1" runat="server">
<div>
<table>
<tr>
<td>
<FTB:FreeTextBox ID="FreeTextBox1" runat="server">
</FTB:FreeTextBox>
</td>
<%--<td valign="top">
<asp:GridView runat="server" ID="gvdetails" AutoGenerateColumns="False"
BackColor="#CCCCCC" BorderColor="#999999" BorderStyle="Solid" BorderWidth="3px"
CellPadding="4" CellSpacing="2" ForeColor="Black">
<Columns>
<asp:TemplateField HeaderText="RichtextBoxData">
<ItemTemplate>
<asp:Label ID="lbltxt" runat="server" Text='<%#Bind("RichtextData") %>'/>
</ItemTemplate>
</asp:TemplateField>
</Columns>
<FooterStyle BackColor="#CCCCCC" />
<HeaderStyle BackColor="Black" Font-Bold="True" ForeColor="White" />
<PagerStyle BackColor="#CCCCCC" ForeColor="Black" HorizontalAlign="Left" />
<RowStyle B




Responses

Posted by: Sheonarayan on: 1/25/2014 [Administrator] HonoraryPlatinum | Points: 50

Up
0
Down

Resolved
Apart from setting ValidateRequest="false", you will also need to write below in the web.config under <system.web> </system.web>

  <httpRuntime requestValidationMode="2.0" />

Thanks

Regards,
Sheo Narayan
http://www.dotnetfunda.com

Coolbharat, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Coolbharat on: 1/27/2014 [Member] Starter | Points: 25

Up
0
Down
Thanks Sir for this valuable respone.

Coolbharat, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response