locked
Best way to insert HTML into database RRS feed

  • Question

  • User-2051275383 posted

    Hey guys,

    I am coding a basic web application and would like to know the best way to insert HTML? At the moment this is what my page looks like:

    @{
         var Name="";
         var Details="";
    
         if(IsPost){
             
             Validation.RequireField("formName", "You must enter a Subject Name");
             Validation.RequireField("formDetails", "You must enter Subject Details");
    
             SubjectName=Request["formName"];
             SubjectDetails=Request["formDetails"];
             
         
         if(Validation.IsValid()){ 
    
             var SQLINSERT = "INSERT INTO TABLE (name, details) VALUES (@0, @1)";
             var db = Database.Open("DATABASE");
             
             db.Execute(SQLINSERT, Name, Details);
            
            Response.Redirect("~/Admin");
           }
         }
      }
    
    @Html.ValidationSummary()
         
    <h2>My Form</h2>
     <form action="" method="post">
             <p>Name:<input type="text" name="formaName" /></p>
             <p>Details:<textarea name="formDetails" /></textarea></p>
    
               <p><input type="submit" value="Add" /></p>
         </form>
    

    When I use this - I get an error spat out:

    Server Error in '/' Application.


    A potentially dangerous Request.Form value was detected from the client


    I understand why its happening however I need advise as to how I make my page allow the code and not compromise SQL security?

    Thursday, May 9, 2013 6:22 AM

Answers

All replies