Click here to Skip to main content
15,172,754 members
Please Sign up or sign in to vote.
1.44/5 (2 votes)
See more:
A potentially dangerous Request.Form value was detected from the client (txtAnsDesc="<br>"). 
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.

My Code is given below
ASP.NET
<%@ Page Language="C#" AutoEventWireup="true" ValidateRequest="false" Debug="true" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<%@Import Namespace="System.Data"%>
<%@Import Namespace="System.Data.Sql"%>
<%@Import Namespace="System.Data.SqlClient"%>
<script  runat="server" language="c#">

    protected void Button2_Click(object sender, EventArgs e)
    {

    }

    protected void Button1_Click(object sender, EventArgs e)
    {
    SqlDataAdapter da;
        DataSet ds;
        SqlConnection CON = new SqlConnection(System.Web.Configuration.WebConfigurationManager.ConnectionStrings["ApplicationServices"].ConnectionString);
        SqlTransaction tr = null;
        CON.Open();

        ds = new DataSet();
        string sql = "select * from answer";
        da = new SqlDataAdapter(sql, CON);
        da.Fill(ds, "answer");
        int r = 0;
        DataRow[] rs;
        rs = ds.Tables["answer"].Select("ansid='" + txtAnsID.Text.Trim() + "'");
        r = rs.Length;
        if (r > 0)
        {
            System.Web.UI.WebControls.Label lbl1 = new System.Web.UI.WebControls.Label();
            lbl1.ForeColor = System.Drawing.Color.Yellow;
            lbl1.BackColor = System.Drawing.Color.Blue;
            lbl1.Text = "This Answer ID " + txtAnsID.Text.Trim() + " Already Exist";
            ph1.Controls.Add(lbl1);
        }
        else
        {

            tr = CON.BeginTransaction();
            try
            {
                SqlCommand cmd = new SqlCommand("insert into answer (sid,aid,cid,qid,ansid,ansdesc,class) values (@sid,@aid,@cid,@qid,@ansid,@ansdesc,@class)");
                cmd.Transaction = tr;
                cmd.Parameters.AddWithValue("@sid", ddSid.SelectedItem.Text.Trim());
                cmd.Parameters.AddWithValue("@aid", ddAid.SelectedItem.Text.Trim());
                cmd.Parameters.AddWithValue("@cid", ddCid.SelectedItem.Text.Trim());
                cmd.Parameters.AddWithValue("@qid", ddQid.SelectedItem.Text.Trim());
                cmd.Parameters.AddWithValue("@ansid", txtAnsID.Text.Trim());
                cmd.Parameters.AddWithValue("@qname", txtAnsDesc.Text.Trim());
                cmd.Parameters.AddWithValue("@class", ddClass.SelectedItem.Text.Trim());
                cmd.Connection = CON;
                cmd.ExecuteNonQuery();
                tr.Commit();

                try
                {
                    System.Web.UI.WebControls.Label lbl1 = new System.Web.UI.WebControls.Label();
                    lbl1.ForeColor = System.Drawing.Color.Yellow;
                    lbl1.BackColor = System.Drawing.Color.Blue;
                    lbl1.Text = "The Answer is entred SUCCESSFULLY";
                    ph1.Controls.Add(lbl1);
                }
                catch (Exception ex)
                {
                    //Response.Write(ex.Message);
                }
            }
            catch (Exception ex)
            {

                //Response.Write("" + ex);
                //tr.Rollback();
            }
            finally
            {
                CON.Close();
            }
        }
    
    }

    protected void Page_Load(object sender, EventArgs e)
    {
    
    }
</script>
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"  runat="server">
    <title></title>
    <style type="text/css">
        .style1
        {
            width: 100%;
            border: 50px solid #008000;
        }
        .style2
        {
            width: 100%;
            border: 25px solid #FF00FF;
        }
        #ta1
        {
            width: 947px;
            height: 386px;
        }
        .style3
        {
        }
        .style4
        {
            height: 23px;
        }
        .style5
        {
            height: 23px;
        }
    </style>
</head>
<body>
<script src="nicEdit.js" type="text/javascript"></script>

<script type="text/javascript">
    bkLib.onDomLoaded(function () {
        //new nicEditor().panelInstance('area1');

        //new nicEditor({fullPanel : true}).panelInstance('area2');

        //new nicEditor({iconsPath : '../nicEditorIcons.gif'}).panelInstance('area3');
        //new nicEditor({buttonList : ['fontSize','bold','italic','underline','strikeThrough','subscript','superscript','html','image']}).panelInstance('area4');
        new nicEditor({ maxHeight: 400 }).panelInstance('txtAnsDesc');
    });
</script>

    <form id="form1"  runat="server">
    <div align="center">
    
        <table class="style1">
            <tr>
                <td>
                     </td>
            </tr>
            <tr>
                <td>
                     </td>
            </tr>
            <tr>
                <td>
                     </td>
            </tr>
            <tr>
                <td>
                    <table class="style2">
                        <tr>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td class="style3">
                                 </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                        </tr>
                        <tr>
                            <td>
                                 </td>
                            <td>
                                Subject ID</td>
                            <td class="style3">
                                Author ID</td>
                            <td>
                                Chapter ID</td>
                            <td>
                                Question ID</td>
                            <td>
                                Class</td>
                            <td>
                                 </td>
                        </tr>
                        <tr>
                            <td>
                                 </td>
                            <td>
                                <asp:DropDownList ID="ddSid" runat="server" AutoPostBack="True" 
                                    DataSourceID="SqlDataSource1" DataTextField="sid" DataValueField="sid">
                                </asp:DropDownList>
                                <asp:SqlDataSource ID="SqlDataSource1" runat="server" 
                                    ConnectionString="<%$ ConnectionStrings:ApplicationServices %>" 
                                    SelectCommand="SELECT * FROM [subject]"></asp:SqlDataSource>
                            </td>
                            <td class="style3">
                                <asp:DropDownList ID="ddAid" runat="server" AutoPostBack="True" 
                                    DataSourceID="SqlDataSource2" DataTextField="aid" DataValueField="aid">
                                </asp:DropDownList>
                                <asp:SqlDataSource ID="SqlDataSource2" runat="server" 
                                    ConnectionString="<%$ ConnectionStrings:ApplicationServices %>" 
                                    SelectCommand="SELECT * FROM [author] WHERE ([sid] = @sid)">
                                    <SelectParameters>
                                        <asp:ControlParameter ControlID="ddSid" DefaultValue="-99" Name="sid" 
                                            PropertyName="SelectedValue" Type="String" />
                                    </SelectParameters>
                                </asp:SqlDataSource>
                            </td>
                            <td>
                                <asp:DropDownList ID="ddCid" runat="server" AutoPostBack="True" 
                                    DataSourceID="SqlDataSource3" DataTextField="cid" DataValueField="cid">
                                </asp:DropDownList>
                                <asp:SqlDataSource ID="SqlDataSource3" runat="server" 
                                    ConnectionString="<%$ ConnectionStrings:ApplicationServices %>" 
                                    SelectCommand="SELECT * FROM [chapter] WHERE (([sid] = @sid) AND ([aid] = @aid))">
                                    <SelectParameters>
                                        <asp:ControlParameter ControlID="ddSid" DefaultValue="-99" Name="sid" 
                                            PropertyName="SelectedValue" Type="String" />
                                        <asp:ControlParameter ControlID="ddAid" DefaultValue="-99" Name="aid" 
                                            PropertyName="SelectedValue" Type="String" />
                                    </SelectParameters>
                                </asp:SqlDataSource>
                            </td>
                            <td>
                                <asp:DropDownList ID="ddQid" runat="server" AutoPostBack="True" 
                                    DataSourceID="SqlDataSource4" DataTextField="qid" DataValueField="qid">
                                </asp:DropDownList>
                                <asp:SqlDataSource ID="SqlDataSource4" runat="server" 
                                    ConnectionString="<%$ ConnectionStrings:ApplicationServices %>" 
                                    SelectCommand="SELECT * FROM [question] WHERE (([sid] = @sid) AND ([aid] = @aid) AND ([cid] = @cid))">
                                    <SelectParameters>
                                        <asp:ControlParameter ControlID="ddSid" DefaultValue="-99" Name="sid" 
                                            PropertyName="SelectedValue" Type="String" />
                                        <asp:ControlParameter ControlID="ddAid" DefaultValue="-99" Name="aid" 
                                            PropertyName="SelectedValue" Type="String" />
                                        <asp:ControlParameter ControlID="ddCid" DefaultValue="-99" Name="cid" 
                                            PropertyName="SelectedValue" Type="String" />
                                    </SelectParameters>
                                </asp:SqlDataSource>
                            </td>
                            <td>
                                <asp:DropDownList ID="ddClass" runat="server" AutoPostBack="True" 
                                    DataSourceID="SqlDataSource5" DataTextField="class_name" 
                                    DataValueField="class_name">
                                </asp:DropDownList>
                                <asp:SqlDataSource ID="SqlDataSource5" runat="server" 
                                    ConnectionString="<%$ ConnectionStrings:ApplicationServices %>" 
                                    SelectCommand="SELECT * FROM [class]"></asp:SqlDataSource>
                            </td>
                            <td>
                                 </td>
                        </tr>
                        <tr>
                            <td class="style4">
                                </td>
                            <td class="style4">
                                </td>
                            <td class="style5">
                                </td>
                            <td class="style4">
                                </td>
                            <td class="style4">
                                </td>
                            <td class="style4">
                                </td>
                            <td class="style4">
                                </td>
                        </tr>
                        <tr>
                            <td class="style4">
                                 </td>
                            <td class="style4">
                                 </td>
                            <td class="style5" colspan="3">
                                <asp:PlaceHolder ID="ph1" runat="server"></asp:PlaceHolder>
                            </td>
                            <td class="style4">
                                 </td>
                            <td class="style4">
                                 </td>
                        </tr>
                        <tr>
                            <td class="style4">
                                </td>
                            <td class="style4">
                                </td>
                            <td class="style4">
                                </td>
                            <td class="style4">
                                </td>
                            <td class="style4">
                                </td>
                            <td class="style4">
                                </td>
                            <td class="style4">
                                </td>
                        </tr>
                        <tr>
                            <td>
                                 </td>
                            <td>
                                Answer ID</td>
                            <td class="style3">
                                <asp:TextBox ID="txtAnsID" runat="server" Width="151px"></asp:TextBox>
                            </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                        </tr>
                        <tr>
                            <td>
                                 </td>
                            <td align="left" colspan="6">
                                <asp:TextBox ID="txtAnsDesc" runat="server" Height="120px" TextMode="MultiLine" 
                                    Width="937px"></asp:TextBox>
                            </td>
                        </tr>
                        <tr>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td class="style3">
                                 </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                        </tr>
                        <tr>
                            <td>
                                </td>
                            <td class="style3" colspan="3">
                                <asp:Button ID="Button1" runat="server" Text="Submit" 
                                    Width="156px" onclick="Button1_Click" />
         
                                <asp:Button ID="Button2" runat="server" Text="Search" Width="156px" 
                                    onclick="Button2_Click" />
         
                                <asp:Button ID="Button3" runat="server" Text="Update" Width="156px" />
                                <asp:Button ID="Button4" runat="server" Text="Delete" Width="156px" />
        
                                <asp:Button ID="Button5" runat="server" Text="Clear" Width="156px" />
                            </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                        </tr>
                        <tr>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td class="style3">
                                  </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                        </tr>
                    </table>
                </td>
            </tr>
            <tr>
                <td>
                     </td>
            </tr>
            <tr>
                <td>
                     </td>
            </tr>
            <tr>
                <td>
                     </td>
            </tr>
        </table>
    
    </div>
    </form>
</body>
</html>
Posted
Updated 23-Feb-21 13:32pm
v2

You already have a pointer to the answer: For more information, see http://go.microsoft.com/fwlink/?LinkId=153133[^].
   
Comments
Sumate Mephokkij 27-Aug-19 3:52am
   
Thanks you to answer , that's working great.
Hi,

It appears your text input in txtAnsDesc has invalid characters - "<" and ">" - you will need to HtmlEncode() this input in order to encode those characters so that the form can submit successfully, as this input without encoding is blocked as a potential cross-site scripting attack.

So, if you change your input to Server.HtmlEncode(txtAnsDesc) you will no longer have the error.

Hope this helps.
   
Comments
Kats2512 9-May-18 7:10am
   
Question that was asked and answered over 6 years ago!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900