Solved

ASP.NET and HTMLAREA or FreeTextBox

Posted on 2004-10-11
4
2,501 Views
Last Modified: 2013-11-25
I am using a form to insert and update info in a MS SQL Server 2000 database. When adding rich text editing controls (either htmlArea or free text box), I get the following error:

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (x_student_performance="... test and <U>welding</U> equip...").

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  

Stack Trace:


[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (x_student_performance="... test and <U>welding</U> equip...").]
   System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +230
   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +99
   System.Web.HttpRequest.get_Form() +113
   System.Web.UI.Page.GetCollectionBasedOnMethod() +69
   System.Web.UI.Page.DeterminePostBackMode() +47
   System.Web.UI.Page.ProcessRequestMain() +2106
   System.Web.UI.Page.ProcessRequest() +218
   System.Web.UI.Page.ProcessRequest(HttpContext context) +18
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +179
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87


Here is the code for the page:

<%@ Page Trace="false" Language="VB" %>
<%@ OutputCache Location="None" %>
<%@ Import Namespace="System.ComponentModel" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<%@ Register TagPrefix="FTB" Namespace="FreeTextBoxControls" Assembly="FreeTextBox" %>

<html>
<head>
      <title></title>
      <style type="text/css">
      <!--
      INPUT, TEXTAREA, SELECT {font-size: medium;}
      .aspnetmaker {font-size: medium;}
      .ewTableOrderIndicator {font-family: Webdings;}
      -->
      </style>
<meta name="generator" content="ASP.NET Maker v1.1.0.2" />
</head>
<body leftmargin="0" topmargin="0" marginheight="0" marginwidth="0">
<script language="Javascript1.2"><!-- // load htmlarea
_editor_url = "";           // URL to htmlarea files
_editor_field = "";
var win_ie_ver = parseFloat(navigator.appVersion.split("MSIE")[1]);
if (navigator.userAgent.indexOf('Mac')    >= 0) { win_ie_ver = 0; }
if (navigator.userAgent.indexOf('Windows CE') >= 0) { win_ie_ver = 0; }
if (navigator.userAgent.indexOf('Opera')   >= 0) { win_ie_ver = 0; }
if (win_ie_ver >= 5.5) {
 document.write('<scr' + 'ipt src="' +_editor_url+ 'editor.js"');
 document.write(' language="Javascript1.2"></scr' + 'ipt>');    
} else { document.write('<scr'+'ipt>function editor_generate() { return false; }</scr'+'ipt>'); }
var MyBgColor ='#FFFFFF';
var MyBgImg ='';
// --></script>
<script>
function updateAttributes(){
document.myform.bgcolor.value=MyBgColor;
document.myform.background.value=MyBgImg;
}
</script>
<%@ Register TagPrefix="ew" TagName="db" Src="ewdb.ascx" %>
<ew:db id="ewdb" runat="server" />
<%@ Register TagPrefix="ew" TagName="header" Src="ewheader.ascx" %>
<ew:header id="ewheader" runat="server" />
<%@ Register TagPrefix="ewv" NameSpace="EW.Validators" Assembly="ewvalidators" %>
<script language="JavaScript" src="ew.js"></script>
<span class="aspnetmaker">Edit TABLE: syllabus 4</span><br />
<form
      method="post" runat="server">
<asp:Hyperlink id="lnkList" Text="Back to List" NavigateUrl="syllabus4list.aspx" CssClass="aspnetmaker" runat="server" />
<asp:Label id="lblReturnUrl" Visible="False" Text="syllabus4list.aspx" CssClass="aspnetmaker" runat="server" />
<br />
<asp:ValidationSummary id="xevs_syllabus4" CssClass="aspnetmaker" runat="server"
      HeaderText="The following errors occur:"
      ShowSummary="False"
      Display="None"
      ShowMessageBox="True"
      ForeColor="#FF0000" />
<asp:Label id="lblMessage" forecolor="#FF0000" CssClass="aspnetmaker" runat="server" />
<asp:Label id="lblSql" CssClass="aspnetmaker" runat="server" /><br />
<table border="0" cellspacing="1" cellpadding="4" bgcolor="#CCCCCC">
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">syllabus id</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_syllabus_id" Rows="30" MaxLength="20" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">colleague id</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_colleague_id" Rows="30" MaxLength="7" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">coursealias</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_coursealias" Rows="30" MaxLength="8" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">dept id</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_dept_id" Rows="30" MaxLength="5" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">student performance</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker">
<FTB:FreeTextBox id="x_student_performance" ToolbarLayout="ParagraphMenu, FontFacesMenu, FontSizesMenu, FontForeColorsMenu, FontForeColorPicker, FontBackColorsMenu, FontBackColorPicker,| Bold, Italic, Underline, Strikethrough, Superscript, Subscript, InsertImageFromGallery, CreateLink, Unlink, RemoveFormat, JustifyLeft, JustifyRight, JustifyCenter, JustifyFull, BulletedList, NumberedList, Indent, Outdent, Cut, Copy, Paste,| Delete, Undo, Redo, Print, Save, ieSpellCheck, StyleMenu, SymbolsMenu, InsertHtmlMenu, InsertRule, InsertDate, InsertTime, WordCount, ieSpellCheck, NetSpell, InsertTable, InsertTableRowBelow, InsertTableRowAbove, DeleteTableRow, InsertTableColumnBelow, InsertTableColumnAbove, DeleteTableColumn" runat="Server" />
</span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">instructor attendance</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_instructor_attendance" TextMode="MultiLine" Rows="4" Columns="35" CssClass="aspnetmaker" runat="server" />
            <script language='javascript1.2'>
editor_generate('x_instructor_attendance');
WriteMenuItems('x_instructor_attendance');
</script>

            </span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">office hours</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_office_hours" TextMode="MultiLine" Rows="4" Columns="35" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">instructor website</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_instructor_website" TextMode="MultiLine" Rows="4" Columns="35" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">grading criteria</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_grading_criteria" TextMode="MultiLine" Rows="4" Columns="35" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">makeup policy</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_makeup_policy" TextMode="MultiLine" Rows="4" Columns="35" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">required exams</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_required_exams" TextMode="MultiLine" Rows="4" Columns="35" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">final exams</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_final_exams" TextMode="MultiLine" Rows="4" Columns="35" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">objectives</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_objectives" TextMode="MultiLine" Rows="4" Columns="35" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">outline</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_outline" TextMode="MultiLine" Rows="4" Columns="35" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">behavior</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_behavior" TextMode="MultiLine" Rows="4" Columns="35" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">textbooks</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_textbooks" TextMode="MultiLine" Rows="4" Columns="35" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">supplies</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_supplies" TextMode="MultiLine" Rows="4" Columns="35" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">reference works</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_reference_works" TextMode="MultiLine" Rows="4" Columns="35" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">manuals</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_manuals" TextMode="MultiLine" Rows="4" Columns="35" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">websites</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_websites" TextMode="MultiLine" Rows="4" Columns="35" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">program manager</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_program_manager" Rows="30" MaxLength="7" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">dept sec</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_dept_sec" Rows="30" MaxLength="7" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">other</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_other" Rows="30" MaxLength="7" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
      <tr>
            <td bgcolor="#336699"><span class="aspnetmaker" style="color: #FFFFFF;">class type</span></td>
            <td bgcolor="#F5F5F5"><span class="aspnetmaker"><asp:TextBox id="x_class_type" Rows="30" MaxLength="50" CssClass="aspnetmaker" runat="server" /></span></td>
      </tr>
</table>
<br />
<input type="hidden" id="key" runat="server" />
<asp:Button id="btnEdit" Text="EDIT" OnClick="btnEdit_Click" CssClass="aspnetmaker" runat="server" />
</form>
<%@ Register TagPrefix="ew" TagName="footer" Src="ewfooter.ascx" %>
<ew:footer id="ewfooter" runat="server" />
</body>
</html>
<script language="VB" runat="server">
      Dim sKey As String

      ' User Data Related
      Dim sUserID As String

      '*********************
      '  Page Load Handler
      '*********************

      Private Sub Page_Load(ByVal s As System.Object, ByVal e As System.EventArgs)

            ' Load User ID
            LoadUserID()
            If Page.IsPostBack Then
                  Page.Validate()
                  If (Not Page.IsValid) Then
                        Dim sMsg As String
                        Dim oValidator As IValidator
                        For Each oValidator In Validators
                              If oValidator.IsValid = False Then
                                    sMsg += "<br />" & oValidator.ErrorMessage
                              End If
                        Next
                        lblMessage.Text = sMsg
                        Exit Sub
                  End If
                  sKey = key.Value ' Load Key
            Else
                  sKey = Request.QueryString("key")
                  If sKey = "" Then ' Check if Valid Key String
                        Response.Redirect (lblReturnUrl.Text)
                  End If
                  If LoadData(sKey) Then ' Load Data
                        key.Value = sKey
                  Else
                        Session("msg") = "No records found"
                        Response.Redirect (lblReturnUrl.Text)
                  End If
            End If
      End Sub

      '******************
      '  Update Handler
      '******************

      Private Sub btnEdit_Click(ByVal s As System.Object, ByVal e As System.EventArgs)
            If Page.IsValid Then
                  If EditData() Then
                        Response.Redirect (lblReturnUrl.Text)
                  End If
            End If
      End Sub

      '*********************
      '  Load Data Routine
      '*********************

      Private Function LoadData(ByVal sKey As String) As Boolean
            Dim sTmp As String, bRead As Boolean

            ' Get Connection String
            Dim sConnStr As String  = ewDB.ewConnStr

            ' Construct SQL statement
            Dim sSelect As String
            Dim sKeyWrk As String
            sKeyWrk = "'" & sKey & "'"
            sSelect = "SELECT * FROM [syllabus4] WHERE [syllabus_id] = " & sKeyWrk
            If sUserID <> "-1" Then ' Non System Admin
                  sSelect += " AND ([colleague_id] = '" & sUserID & "')"
            End If
            lblSql.Text = sSelect

            ' Create a new Connection Object using the Connection String
            Dim oConn As New SqlConnection(sConnStr)

            ' Open the Connection to the Database
            oConn.Open()

            ' Create DataReader Object and Read Data
            Dim drWrk As SqlDataReader
            drWrk = ewDB.ewDataReader(oConn, sSelect)
            If IsNothing(drWrk) Then
                  lblMessage.Text = session("dberrmsg")
                  lblSql.Visible = True
                  oConn.Close() ' Close Connection
                  Return False  ' Error Return and Stop Execution
            Else
                  lblSql.Visible = False
            End If
            bRead = drWrk.Read()
            If bRead Then

                  ' Field syllabus_id
                  If Not IsDBNull(drWrk("syllabus_id")) Then
                        x_syllabus_id.Text = drWrk("syllabus_id")
                  End If

                  ' Field colleague_id
                  If Not IsDBNull(drWrk("colleague_id")) Then
                        x_colleague_id.Text = drWrk("colleague_id")
                  End If
                  If sUserID <> "-1" Then 'non system admin
                        x_colleague_id.Enabled = False
                  End If

                  ' Field coursealias
                  If Not IsDBNull(drWrk("coursealias")) Then
                        x_coursealias.Text = drWrk("coursealias")
                  End If

                  ' Field dept_id
                  If Not IsDBNull(drWrk("dept_id")) Then
                        x_dept_id.Text = drWrk("dept_id")
                  End If

                  ' Field student_performance
                  If Not IsDBNull(drWrk("student_performance")) Then
                        x_student_performance.Text = drWrk("student_performance")
                  End If

                  ' Field instructor_attendance
                  If Not IsDBNull(drWrk("instructor_attendance")) Then
                        x_instructor_attendance.Text = drWrk("instructor_attendance")
                  End If

                  ' Field office_hours
                  If Not IsDBNull(drWrk("office_hours")) Then
                        x_office_hours.Text = drWrk("office_hours")
                  End If

                  ' Field instructor_website
                  If Not IsDBNull(drWrk("instructor_website")) Then
                        x_instructor_website.Text = drWrk("instructor_website")
                  End If

                  ' Field grading_criteria
                  If Not IsDBNull(drWrk("grading_criteria")) Then
                        x_grading_criteria.Text = drWrk("grading_criteria")
                  End If

                  ' Field makeup_policy
                  If Not IsDBNull(drWrk("makeup_policy")) Then
                        x_makeup_policy.Text = drWrk("makeup_policy")
                  End If

                  ' Field required_exams
                  If Not IsDBNull(drWrk("required_exams")) Then
                        x_required_exams.Text = drWrk("required_exams")
                  End If

                  ' Field final_exams
                  If Not IsDBNull(drWrk("final_exams")) Then
                        x_final_exams.Text = drWrk("final_exams")
                  End If

                  ' Field objectives
                  If Not IsDBNull(drWrk("objectives")) Then
                        x_objectives.Text = drWrk("objectives")
                  End If

                  ' Field outline
                  If Not IsDBNull(drWrk("outline")) Then
                        x_outline.Text = drWrk("outline")
                  End If

                  ' Field behavior
                  If Not IsDBNull(drWrk("behavior")) Then
                        x_behavior.Text = drWrk("behavior")
                  End If

                  ' Field textbooks
                  If Not IsDBNull(drWrk("textbooks")) Then
                        x_textbooks.Text = drWrk("textbooks")
                  End If

                  ' Field supplies
                  If Not IsDBNull(drWrk("supplies")) Then
                        x_supplies.Text = drWrk("supplies")
                  End If

                  ' Field reference_works
                  If Not IsDBNull(drWrk("reference_works")) Then
                        x_reference_works.Text = drWrk("reference_works")
                  End If

                  ' Field manuals
                  If Not IsDBNull(drWrk("manuals")) Then
                        x_manuals.Text = drWrk("manuals")
                  End If

                  ' Field websites
                  If Not IsDBNull(drWrk("websites")) Then
                        x_websites.Text = drWrk("websites")
                  End If

                  ' Field program_manager
                  If Not IsDBNull(drWrk("program_manager")) Then
                        x_program_manager.Text = drWrk("program_manager")
                  End If

                  ' Field dept_sec
                  If Not IsDBNull(drWrk("dept_sec")) Then
                        x_dept_sec.Text = drWrk("dept_sec")
                  End If

                  ' Field other
                  If Not IsDBNull(drWrk("other")) Then
                        x_other.Text = drWrk("other")
                  End If

                  ' Field class_type
                  If Not IsDBNull(drWrk("class_type")) Then
                        x_class_type.Text = drWrk("class_type")
                  End If
            End If
            drWrk.Close() ' Close DataReader
            oConn.Close() ' Close Connection
            If bRead Then
                  Return True ' Record Found, Normal Return
            Else
                  Return False ' No Record Found
            End If
      End Function

      '***********************
      '  Update Data Routine
      '***********************

      Private Function EditData() As Boolean
            Dim oConn As SqlConnection
            Dim oCmd As SqlCommand
            Dim sTmp As String

            ' Get Connection String
            Dim sConnStr As String  = ewDB.ewConnStr

            ' Construct SQL statement
            Dim sSQL As String
            sSQL = "UPDATE [databasename] SET "
            sSQL += "[syllabus_id] = @syllabus_id, "
            sSQL += "[colleague_id] = @colleague_id, "
            sSQL += "[coursealias] = @coursealias, "
            sSQL += "[dept_id] = @dept_id, "
            sSQL += "[student_performance] = @student_performance, "
            sSQL += "[instructor_attendance] = @instructor_attendance, "
            sSQL += "[office_hours] = @office_hours, "
            sSQL += "[instructor_website] = @instructor_website, "
            sSQL += "[grading_criteria] = @grading_criteria, "
            sSQL += "[makeup_policy] = @makeup_policy, "
            sSQL += "[required_exams] = @required_exams, "
            sSQL += "[final_exams] = @final_exams, "
            sSQL += "[objectives] = @objectives, "
            sSQL += "[outline] = @outline, "
            sSQL += "[behavior] = @behavior, "
            sSQL += "[textbooks] = @textbooks, "
            sSQL += "[supplies] = @supplies, "
            sSQL += "[reference_works] = @reference_works, "
            sSQL += "[manuals] = @manuals, "
            sSQL += "[websites] = @websites, "
            sSQL += "[program_manager] = @program_manager, "
            sSQL += "[dept_sec] = @dept_sec, "
            sSQL += "[other] = @other, "
            sSQL += "[class_type] = @class_type, "
            sSQL = Mid(sSQL,1,Len(sSQL)-2)
            Dim sKeyWrk As String
            sKeyWrk = "'" & sKey & "'"
            sSQL += " WHERE [syllabus_id] = " & sKeyWrk
            Try
                  oConn = New SqlConnection(sConnStr)
                  oCmd = New SqlCommand(sSQL, oConn)

                  ' Field syllabus_id
                  sTmp = x_syllabus_id.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@syllabus_id",SqldbType.VarChar,20).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@syllabus_id",SqldbType.VarChar,20).Value = sTmp
                  End If

                  ' Field colleague_id
                  sTmp = x_colleague_id.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@colleague_id",SqldbType.VarChar,7).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@colleague_id",SqldbType.VarChar,7).Value = sTmp
                  End If

                  ' Field coursealias
                  sTmp = x_coursealias.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@coursealias",SqldbType.VarChar,8).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@coursealias",SqldbType.VarChar,8).Value = sTmp
                  End If

                  ' Field dept_id
                  sTmp = x_dept_id.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@dept_id",SqldbType.VarChar,5).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@dept_id",SqldbType.VarChar,5).Value = sTmp
                  End If

                  ' Field student_performance
                  sTmp = x_student_performance.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@student_performance",SqldbType.Text,0).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@student_performance",SqldbType.Text,0).Value = sTmp
                  End If

                  ' Field instructor_attendance
                  sTmp = x_instructor_attendance.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@instructor_attendance",SqldbType.Text,0).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@instructor_attendance",SqldbType.Text,0).Value = sTmp
                  End If

                  ' Field office_hours
                  sTmp = x_office_hours.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@office_hours",SqldbType.Text,0).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@office_hours",SqldbType.Text,0).Value = sTmp
                  End If

                  ' Field instructor_website
                  sTmp = x_instructor_website.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@instructor_website",SqldbType.Text,0).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@instructor_website",SqldbType.Text,0).Value = sTmp
                  End If

                  ' Field grading_criteria
                  sTmp = x_grading_criteria.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@grading_criteria",SqldbType.Text,0).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@grading_criteria",SqldbType.Text,0).Value = sTmp
                  End If

                  ' Field makeup_policy
                  sTmp = x_makeup_policy.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@makeup_policy",SqldbType.Text,0).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@makeup_policy",SqldbType.Text,0).Value = sTmp
                  End If

                  ' Field required_exams
                  sTmp = x_required_exams.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@required_exams",SqldbType.Text,0).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@required_exams",SqldbType.Text,0).Value = sTmp
                  End If

                  ' Field final_exams
                  sTmp = x_final_exams.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@final_exams",SqldbType.Text,0).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@final_exams",SqldbType.Text,0).Value = sTmp
                  End If

                  ' Field objectives
                  sTmp = x_objectives.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@objectives",SqldbType.Text,0).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@objectives",SqldbType.Text,0).Value = sTmp
                  End If

                  ' Field outline
                  sTmp = x_outline.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@outline",SqldbType.Text,0).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@outline",SqldbType.Text,0).Value = sTmp
                  End If

                  ' Field behavior
                  sTmp = x_behavior.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@behavior",SqldbType.Text,0).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@behavior",SqldbType.Text,0).Value = sTmp
                  End If

                  ' Field textbooks
                  sTmp = x_textbooks.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@textbooks",SqldbType.Text,0).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@textbooks",SqldbType.Text,0).Value = sTmp
                  End If

                  ' Field supplies
                  sTmp = x_supplies.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@supplies",SqldbType.Text,0).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@supplies",SqldbType.Text,0).Value = sTmp
                  End If

                  ' Field reference_works
                  sTmp = x_reference_works.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@reference_works",SqldbType.Text,0).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@reference_works",SqldbType.Text,0).Value = sTmp
                  End If

                  ' Field manuals
                  sTmp = x_manuals.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@manuals",SqldbType.Text,0).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@manuals",SqldbType.Text,0).Value = sTmp
                  End If

                  ' Field websites
                  sTmp = x_websites.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@websites",SqldbType.Text,0).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@websites",SqldbType.Text,0).Value = sTmp
                  End If

                  ' Field program_manager
                  sTmp = x_program_manager.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@program_manager",SqldbType.VarChar,7).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@program_manager",SqldbType.VarChar,7).Value = sTmp
                  End If

                  ' Field dept_sec
                  sTmp = x_dept_sec.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@dept_sec",SqldbType.VarChar,7).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@dept_sec",SqldbType.VarChar,7).Value = sTmp
                  End If

                  ' Field other
                  sTmp = x_other.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@other",SqldbType.VarChar,7).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@other",SqldbType.VarChar,7).Value = sTmp
                  End If

                  ' Field class_type
                  sTmp = x_class_type.Text
                  If Trim(sTmp) = "" Then
                        oCmd.Parameters.Add("@class_type",SqldbType.VarChar,50).Value = DBNull.Value
                  Else
                        oCmd.Parameters.Add("@class_type",SqldbType.VarChar,50).Value = sTmp
                  End If

                  ' Perform the Update
                  oConn.Open()
                  oCmd.ExecuteNonQuery()
                  oConn.Close()

                  ' Update Successful
                  Session("msg") = "Record is updated: Key = " & sKey
                  Return True
            Catch oErr As SqlException
                  lblMessage.Text = ewDB.ewDataErrorMessage(oErr)
                  If lblMessage.Text = "" Then
                        lblMessage.Text = "Update Record Error!"
                  End If
                  Return False ' Error Return
            End Try
      End Function

      '************************
      '  Load User ID Routine
      '************************

      Private Sub LoadUserID()
            Dim sWrk As String = Page.User.Identity.Name
            Dim sArrWrk As String() = Split(sWrk,",")

            ' Get User ID saved in User Name
            If ubound(sArrWrk) >= 1 Then
                  sUserID = sArrWrk(1)
            Else
                  sUserID = "" ' Not Found
            End If
      End Sub
</script>




 
0
Comment
Question by:trf000
  • 2
4 Comments
 
LVL 1

Accepted Solution

by:
MikeK70 earned 200 total points
ID: 12284962
If you are posting HTML code in a form, ASP.NET will raise this exception. You can prevent this by adding ValidateRequest="false” in your <%@ Page %> directive.

You will then have to make sure yourself though, that no malicious code (e.g. javascript) can be inserted and displayed in your app.
0
 

Author Comment

by:trf000
ID: 12288622
d'oh. thanks... i feel rather stupid right now. This is my first .net app. I appreciate the help.
0
 
LVL 1

Expert Comment

by:MikeK70
ID: 12295140
No need to feel stupid, happened to me in the beginning as well... Glad I could help.
0
 
LVL 10

Expert Comment

by:Monica P
ID: 38914081
hi

How to set the maximum length in the Freetextbox control
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Accessibility and Usability are two concepts that seem to be closely related.  But, too many people seem to have a distorted perception of them. During last five years, those two words have come to the day-to-day work of almost every web develope…
Read about why website design really matters in today's demanding market.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now