The server tag is not well formed.(databinder.eval)

Question

0.00/5 (No votes)

See more:

I'm using following piece of HTML mark-up to Insert Name which includes Apostrophe in the Database.

HTML

Text='<%# DataBinder.Eval(Container.DataItem, "Name").ToString().Replace("'","''") %>'

But I m getting the error "server tag is not well formed". Tried a lot but could not figure out what is the problem!

Any help will be appreciated.

Posted 2-Feb-16 6:27am

Hapisha

Add a Solution

Comments

ZurdoDev 2-Feb-16 12:41pm

Try .Replace("''", "''''")
or
.Replace("\'","\'\'")

1 solution

Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard Deeming · Answer 1 · 2016-02-02T08:49:00

You should be able to use:

aspx

Text='<%# Eval("Name", "{0}").Replace("&apos;","&apos;&apos;") %>'

HOWEVER, your comment about inserting the name into the database suggests that you are writing code which is vulnerable to SQL Injection[^]. If you use a properly parameterized query, there will be no need to replace or escape any "special" characters in your values.

SQLi is a very serious security vulnerability, which is extremely easy to exploit. You need to fix this vulnerability in your code ASAP.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]
SQL injection attack mechanics | Pluralsight [^]

The server tag is not well formed.(databinder.eval)

1 solution

Solution 1

Add your solution here

Preview 0

The server tag is not well formed.(databinder.eval)

1 solution

Solution 1

Add your solution here

Preview 0

Existing Members

...or Join us