c# - Opening angle bracket "<" in user input causes a 404 error -

-

the .net app working on encounters error when user enters opening angle brackets "<" input. occurs when want sort of html input such <a href="www.google.com">google</a>

i've tried exact same input without "<" , works should. input being read asp:textbox , added parameter sql insert statement. using try catch block catch sqlexception's, particular problem not caught when change catch statement catch(exception err). know "<" used less operated in sql however, shouldn't problem because input parameter right? why "<" , not ">" in input since both characters valid sql operators? here actual code snippet. 

try {     sql_command.connection = sql_connection;     sql_command.commandtext = "insert tabl1 ([id], [fname], [lname], [bio]) values (@id, @first, @last, @bio)";     sqlparameter id, first, last, bio;     id = new sqlparameter("@id", id_text.text);     first = new sqlparameter("@first", firstname_text.text);     last = new sqlparameter("@last", lastname_text.text);     bio = new sqlparameter("@bio", bio_text.text);     sql_command.parameters.add(id)     sql_command.parameters.add(last)     sql_command.parameters.add(first)     sql_command.parameters.add(bio)     sql_command.executenonquery(); } catch (exception err) {     response.write(err); }

the schema table is:

id int not null fname nvarchar(255) lname nvarchar(255) bio nvarchar(max)

the error message getting result of asp net protecting site against cross site scripting attack. opening of angle bracket looks suspicious, because may injecting malicious javascript or html onto page. question has been answered before @ link: a potentially dangerous request.form value detected client

hope helps !


Comments

Post a Comment

Popular posts from this blog

c++ - OpenCV Error: Assertion failed <scn == 3 ::scn == 4> in unknown function, -

-
i read alot other solution still confused should mine... #include <opencv2/objdetect/objdetect.hpp> #include <opencv2/highgui/highgui.hpp> #include <opencv2/imgproc/imgproc.hpp> #include <iostream> #include <stdio.h> using namespace std; using namespace cv; int main(int argc, const char** argv) { //create cascade classifier object used face detection cascadeclassifier face_cascade; //use haarcascade_frontalface_alt.xml library face_cascade.load("haarcascade_frontalface_alt.xml"); //setup video capture device , link first capture device videocapture capturedevice; capturedevice.open(0); //setup image files used in capture process mat captureframe; mat grayscaleframe; //create window present results namedwindow("outputcapture", 1); //create loop capture , find faces while (true) { //capture new image frame capturedevice >> captureframe; ...
Read more

php - render data via PDO::FETCH_FUNC vs loop -

-
i've been using 2 methods render data. the first one: function name($id,$name){ return '<div id="'.$id.'">'.$name.'</div>'; } echo implode($pdo->query("select id,name user")->fetchall(pdo::fetch_func,'name')); the second one: $users = $pdo->query("select id,name user")->fetchall(pdo::fetch_obj); foreach($users $user){ echo name($user->id,$user->name); } i don't understand how pdo::fetch_func works. tried figure out. however, not well-documented. could please explain fetch mode? , also, 1 performs better? thank you. both methods wrong , have learn how use templates , how separate business logic presentation logic. $users = $pdo->query("select id,name user")->fetchall(pdo::fetch_obj); tpl::assign('users', $users); is code business logic part. then in template <?php foreach $users $row): ?> <div id="<?=$...
Read more

The canvas has been tainted by cross-origin data in chrome only -

-
uncaught securityerror: failed execute 'getimagedata' on 'canvasrenderingcontext2d': canvas has been tainted cross-origin data i getting above error in chrome. code(following) works fine in mozilla. have not corss domain issue. why above error in chrome? var wheel_canvas, wheel_context, can_w, can_h, wheel_grd; var large_radius = 160; var small_radius = 120; var wheel_canvas = document.getelementbyid('wheel_canvas'); var wheel_context = wheel_canvas.getcontext('2d'); var can_w = $(wheel_canvas).width(); var can_h = $(wheel_canvas).height(); var centerx = can_w / 2, centery = can_h / 2; var wheel_grd = null; test('#ff0000'); function test(hex) { $('#clrpicker').css({'left': 210, 'top': 210 }); inverted = hexbw(hex); $('#color_val_show').val(hex); current_color_hex_val_selected = hex; $('#color_val_show').css({'color':inverted,'background':hex}); fillgradient...
Read more