Best way to insert HTML into database RRS feed

  • Question

  • User-2051275383 posted

    Hey guys,

    I am coding a basic web application and would like to know the best way to insert HTML? At the moment this is what my page looks like:

         var Name="";
         var Details="";
             Validation.RequireField("formName", "You must enter a Subject Name");
             Validation.RequireField("formDetails", "You must enter Subject Details");
             var SQLINSERT = "INSERT INTO TABLE (name, details) VALUES (@0, @1)";
             var db = Database.Open("DATABASE");
             db.Execute(SQLINSERT, Name, Details);
    <h2>My Form</h2>
     <form action="" method="post">
             <p>Name:<input type="text" name="formaName" /></p>
             <p>Details:<textarea name="formDetails" /></textarea></p>
               <p><input type="submit" value="Add" /></p>

    When I use this - I get an error spat out:

    Server Error in '/' Application.

    A potentially dangerous Request.Form value was detected from the client

    I understand why its happening however I need advise as to how I make my page allow the code and not compromise SQL security?

    Thursday, May 9, 2013 6:22 AM


All replies