Avatar of HawaiiDragon
HawaiiDragon
 asked on

inserting data to a sql table and getting Potentially dangerous Request error

This is a new error to me!!!
A potentially dangerous Request.Form value was detected from the client (txtbody=" <div>              T...").
So I have this dll that sends email messages out and when I try to pass my string into it I get this error. It goes out as an html message and I have never seen this before due to the fact that I have never passed a string into it before. Can someone out there tell me what the bleep I am doing wrong?
public void preprecieveemailstuff()
        {

           

            ParkSendEmail recievestuff = new ParkSendEmail();
            recievestuff.bolHTML = true;
            recievestuff.strSubject = txtsub.Text;
            recievestuff.strFromEmail = txtfromemail.Text;
            recievestuff.strToEmail = txtfromemail.Text + ";" + txtccemail.Text + ";" + txtbcc.Text;
           
            string tottaler = tbotheramount.Text + tbneeds.Text.ToString();
           

            /// start the translation
            /// 

            string strBaseEmail = txtbody.Text;
            strBaseEmail = strBaseEmail.Replace("#FirstName#", tbfname.Text);
           strBaseEmail =strBaseEmail.Replace("#LastName#", tblname.Text);
            strBaseEmail =strBaseEmail.Replace("#Address#", tbaddress.Text);
            strBaseEmail =strBaseEmail.Replace("#city#", tbcity.Text);
            strBaseEmail =strBaseEmail.Replace("#state#", tbstate.Text);
            strBaseEmail =strBaseEmail.Replace("#zip#", tbzip.Text);
            strBaseEmail =strBaseEmail.Replace("#homephone#", tbphone.Text);
            strBaseEmail =strBaseEmail.Replace("#email#", tbemail.Text);
            strBaseEmail =strBaseEmail.Replace("#yeargrad#", tbgradyear.Text);
            strBaseEmail =strBaseEmail.Replace("#ParkID#", tbparkid.Text);
            strBaseEmail =strBaseEmail.Replace("#total#", tottaler );
           
            if (cbnotifiyparkwill.Checked == true)
            {
                strBaseEmail = strBaseEmail.Replace("#Will#", "<p>Included in the will.</p>");
            }
            else
            {
                strBaseEmail = strBaseEmail.Replace("#Will#","");
            }

            if (cbneeds.Checked == true)
            {
             strBaseEmail =strBaseEmail.Replace( "#NeedsGreatest#", "Where Parks needs are the greatest." );
            
            }

            else
            {
             strBaseEmail =strBaseEmail.Replace("#NeedsGreatest#","" );
            }
               
            if (tbneeds.Text != "")
            {
            strBaseEmail =strBaseEmail.Replace("#NeedsAmmount#", tbneeds.Text );
            }
            else
            {
             strBaseEmail =strBaseEmail.Replace("#NeedsAmmount#", "");
            }
            
            if (tbotherspecify.Text != "")
            {
             strBaseEmail =strBaseEmail.Replace("#otherspecifics#", tbotherspecify.Text);
            }
            else
            {
            strBaseEmail =strBaseEmail.Replace("#otherspecifics#", "" );
            }

           if (tbotheramount.Text != "")
           {
           strBaseEmail =strBaseEmail.Replace("#otherammount#",tbotheramount.Text );
           }
           else
           {
           strBaseEmail =strBaseEmail.Replace("#otherammount#", "");
           }
           
            if (cbsecurites.Checked == true)
            {
            strBaseEmail =strBaseEmail.Replace("#securities#", "I would like to provide a gift of securities" );
            }
            else
            {
            strBaseEmail =strBaseEmail.Replace("#securities#","" );
            }

            if (cblifetimeincome.Checked == true)
            {
            strBaseEmail =strBaseEmail.Replace("#lifetimeincome#","I would like to provide a gift of a lifetime income." );
            }
            else
            {
             strBaseEmail =strBaseEmail.Replace("#lifetimeincome#","" );
            }
            
            if (cbmajorgiftopp.Checked == true)
            {
             strBaseEmail =strBaseEmail.Replace("#majorgift#", "I would like to provide a Major Gift and my area of intrest is" );
             strBaseEmail =strBaseEmail.Replace("#areaofintrest#", tbintrest.Text );
            }
            else
            {
             strBaseEmail =strBaseEmail.Replace("#majorgift#","" ); 
                strBaseEmail =strBaseEmail.Replace("#areaofintrest#","" );
            }
            
          if (cbplates.Checked == true)
          {
          strBaseEmail =strBaseEmail.Replace("#plates#", "I want a license plate form");
          }
            else
          {
           strBaseEmail =strBaseEmail.Replace("#plates#", "");
          }
            
           
           if (cbmatchingGifts.Checked == true)
           {
            strBaseEmail =strBaseEmail.Replace("#MGC#", "I/my spouce works for a matching gift company." );
            strBaseEmail =strBaseEmail.Replace("#MGCName# ", TBMGC.Text );
           }
            else
           {
            strBaseEmail =strBaseEmail.Replace("#MGC#","" );
            strBaseEmail =strBaseEmail.Replace("#MGCName#","" );
           }
            
            if (cbinmemory.Checked == true)
            {
              strBaseEmail =strBaseEmail.Replace("#inmemory#", "In gift is in memory of " );
             strBaseEmail =strBaseEmail.Replace("#inmemorydetail#", tbmemorydetail.Text );
            }

            else
            {
              strBaseEmail =strBaseEmail.Replace("#inmemory#","" );
            strBaseEmail =strBaseEmail.Replace("#inmemorydetail#","" );  
            }

            if (cbhonorof.Checked == true)
            {
            strBaseEmail =strBaseEmail.Replace("#inhonor#","This gift is in honor of " );
            strBaseEmail =strBaseEmail.Replace("#inhonordetails#", tbhonordetail.Text);  
            }

            else

            {
             strBaseEmail =strBaseEmail.Replace("#inhonor#","" );
            strBaseEmail =strBaseEmail.Replace("#inhonordetails#","" );
            }

            if (cbpiece.Checked == true)
            {
            strBaseEmail =strBaseEmail.Replace("#PieceofPark#", "I'll be a 'Piece of Park' with a payroll deduction of $25 per month for 1 year ($300)");
            strBaseEmail =strBaseEmail.Replace("#startingdatechoice#", rbldatesdeduction.SelectedValue);
            strBaseEmail =strBaseEmail.Replace("#startingdatedetails#", tbempdate.Text);
            }
            
          else
            {
             strBaseEmail =strBaseEmail.Replace("#PieceofPark#","" );
            strBaseEmail =strBaseEmail.Replace("#startingdatechoice#", "");
            strBaseEmail =strBaseEmail.Replace("#startingdatedetails#","" );
            }
          
           if (cbfactors.Checked == true)
           {
             strBaseEmail =strBaseEmail.Replace("#explainfactors#", "I would like explain the factors behind my donation.");
            strBaseEmail =strBaseEmail.Replace("#explainchoice#", dltfactors.Text);
            strBaseEmail =strBaseEmail.Replace("#explanationdetails#", tbdonationfactors.Text);
           
           }
           
            else
           {            
             strBaseEmail =strBaseEmail.Replace("#explainfactors#", "");
            strBaseEmail =strBaseEmail.Replace("#explainchoice#", "");
            strBaseEmail =strBaseEmail.Replace("#explanationdetails#", "");
           }
           strBaseEmail = strBaseEmail.Replace("#Reason#", ddlreason.Text);
           recievestuff.strBodyEmail = strBaseEmail;
           recievestuff.intPriority = 35;
           recievestuff.strProgramSending = "WWWGiving";
           recievestuff.funSendEmail();

Open in new window

C#

Avatar of undefined
Last Comment
HawaiiDragon

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Gorkem Yuksel

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
HawaiiDragon

ASKER
super fast solution!!!
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck