[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 435
  • Last Modified:

HttpUtility.UrlDecode Help

I have a content page that I administer to add content to pages for my web site.  I am using the HttpUtility.UrlDecode so that I can enter html into the textbox to add styles.  This is working fine, but I have not added to the admin page a datagrid so that I can edit these fields.  Now I'm getting the Potential Danger error message.  I'm not sure why this works for the insert function and not the update function.  In the update function I am dynamically creating a textbox for the fields to be edited so I must not be applying this to the variable correctly.  Here's my code:

Sub SubmitContent(s As Object, e As EventArgs)
      objCmd = New OleDbCommand("INSERT INTO Content(content, ministryID) VALUES (@content, @ministryID)", objConn)
                objCmd.Parameters.Add("@content", HttpUtility.UrlDecode(txtcontent.Text))
      objCmd.Parameters.Add("@ministryID", ddlMinistry.SelectedItem.Value)  
End Sub

Sub dg_Update(s As Object, e As DataGridCommandEventArgs)
      Dim intcontentID As Integer
      Dim strcontent As String
      intcontentID = dgcontent.DataKeys(e.Item.ItemIndex)
      strcontent = CType(e.Item.FindControl("txtcontent"), TextBox).Text      
      strCmd = "UPDATE Content SET content=@content WHERE contentID=@contentID"
      objCmd = New OleDbCommand(strCmd, objConn)
      objCmd.Parameters.Add("@content", HttpUtility.UrlDecode(strcontent))
      objCmd.Parameters.Add("@contentID", intcontentID)
      dgcontent.EditItemIndex = -1
End Sub


<script type="text/javascript">
function URLEncode(arg)
      // The Javascript escape and unescape functions do not correspond
      // with what browsers actually do...
      var SAFECHARS = "0123456789" +                              // Numeric
                              "ABCDEFGHIJKLMNOPQRSTUVWXYZ" +      // Alphabetic
                              "abcdefghijklmnopqrstuvwxyz" +
                              "-_.!~*'()";                              // RFC2396 Mark characters
      var HEX = "0123456789ABCDEF";

      var plaintext = arg;//document.URLForm.F1.value;
      var encoded = "";
      for (var i = 0; i < plaintext.length; i++ ) {
            var ch = plaintext.charAt(i);
          if (ch == " ") {
                encoded += "+";                        // x-www-urlencoded, rather than %20
            } else if (SAFECHARS.indexOf(ch) != -1) {
                encoded += ch;
            } else {
                var charCode = ch.charCodeAt(0);
                  if (charCode > 255) {
                      alert( "Unicode Character '"
                        + ch
                        + "' cannot be encoded using standard URL encoding.\n" +
                                  "(URL encoding only supports 8-bit characters.)\n" +
                                      "A space (+) will be substituted." );
                        encoded += "+";
                  } else {
                        encoded += "%";
                        encoded += HEX.charAt((charCode >> 4) & 0xF);
                        encoded += HEX.charAt(charCode & 0xF);
      } // for

      //document.URLForm.F2.value = encoded;
      return encoded;//false;
1 Solution
Did you know you can turn off the "Potential dangerious ...." error message by adding ValidateRequest="False" to the <%@ Page %> Directive?
azyet24Author Commented:
No I didn't, thanks!

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now