数据库中有HTML标签,所以在点击更新按钮时,会报“从客户端(cphAdmin_dvBookList_ftbToc="出版者的话<br>专家指导委员会<br>中文版序<...")中检测到有潜在危险的 Request.Form 值”这样的错误。我该怎么办?
后台代码为
public partial class Admin_BookDetail:PageBase
{
protected void Page_Load(object sender, EventArgs e)
{
if(Request.Params["id"]==null)
{
this.dvBookList.DefaultMode = DetailsViewMode.Insert;
}
}
protected void dvBookList_DataBound(object sender, EventArgs e)
{
if (dvBookList.CurrentMode == DetailsViewMode.Edit)
{
DropDownList ddlPublisher = this.dvBookList.FindControl("ddlPublisher") as DropDownList;
HiddenField hfPublisher = this.dvBookList.FindControl("hfPublisherId") as HiddenField;
ddlPublisher.SelectedValue = hfPublisher.Value.Trim();
}
}
protected void dvBookList_ItemInserted(object sender, DetailsViewInsertedEventArgs e)
{
Response.Redirect("ListOfBooks.aspx");
}
protected void dvBookList_ItemInserting(object sender, DetailsViewInsertEventArgs e)
{
DropDownList ddlPublisher = this.dvBookList.FindControl("ddlPublisher") as DropDownList;
TextBox txtISBN = this.dvBookList.FindControl("txtISBN") as TextBox;
this.odsBooks.InsertParameters.Add("PublisherId", ddlPublisher.SelectedValue);
this.odsBooks.InsertParameters.Add("Isbn", txtISBN.Text.Trim());
FileUpload fulBook = this.dvBookList.FindControl("fulBook") as FileUpload;
string FileName = fulBook.FileName;
if (FileName.Trim().Trim().Length != 0)
{
string strpath = Server.MapPath("~/images/BookCovers/" + txtISBN.Text.Trim() + ".jpg");
fulBook.PostedFile.SaveAs(strpath);
}
}
protected void dvBookList_ItemUpdated(object sender, DetailsViewUpdatedEventArgs e)
{
FileUpload fulBook = dvBookList.FindControl("fulBook") as FileUpload;
Image imgBook = dvBookList.FindControl("imgBook") as Image;
string FileName = fulBook.FileName;
if(FileName.Trim().Length!=0)
{
string strpath = Server.MapPath(imgBook.ImageUrl);
fulBook.PostedFile.SaveAs(strpath);
}
}
protected void dvBookList_ItemUpdating(object sender, DetailsViewUpdateEventArgs e)
{
DropDownList ddlPublisher = dvBookList.FindControl("ddlPublisher") as DropDownList;
odsBooks.UpdateParameters.Add("PublisherId",ddlPublisher.SelectedValue);
}
我用的是VS2010.就是在点击更新按钮时,就报错,希望各位高手帮我解决一下。
后台代码为
public partial class Admin_BookDetail:PageBase
{
protected void Page_Load(object sender, EventArgs e)
{
if(Request.Params["id"]==null)
{
this.dvBookList.DefaultMode = DetailsViewMode.Insert;
}
}
protected void dvBookList_DataBound(object sender, EventArgs e)
{
if (dvBookList.CurrentMode == DetailsViewMode.Edit)
{
DropDownList ddlPublisher = this.dvBookList.FindControl("ddlPublisher") as DropDownList;
HiddenField hfPublisher = this.dvBookList.FindControl("hfPublisherId") as HiddenField;
ddlPublisher.SelectedValue = hfPublisher.Value.Trim();
}
}
protected void dvBookList_ItemInserted(object sender, DetailsViewInsertedEventArgs e)
{
Response.Redirect("ListOfBooks.aspx");
}
protected void dvBookList_ItemInserting(object sender, DetailsViewInsertEventArgs e)
{
DropDownList ddlPublisher = this.dvBookList.FindControl("ddlPublisher") as DropDownList;
TextBox txtISBN = this.dvBookList.FindControl("txtISBN") as TextBox;
this.odsBooks.InsertParameters.Add("PublisherId", ddlPublisher.SelectedValue);
this.odsBooks.InsertParameters.Add("Isbn", txtISBN.Text.Trim());
FileUpload fulBook = this.dvBookList.FindControl("fulBook") as FileUpload;
string FileName = fulBook.FileName;
if (FileName.Trim().Trim().Length != 0)
{
string strpath = Server.MapPath("~/images/BookCovers/" + txtISBN.Text.Trim() + ".jpg");
fulBook.PostedFile.SaveAs(strpath);
}
}
protected void dvBookList_ItemUpdated(object sender, DetailsViewUpdatedEventArgs e)
{
FileUpload fulBook = dvBookList.FindControl("fulBook") as FileUpload;
Image imgBook = dvBookList.FindControl("imgBook") as Image;
string FileName = fulBook.FileName;
if(FileName.Trim().Length!=0)
{
string strpath = Server.MapPath(imgBook.ImageUrl);
fulBook.PostedFile.SaveAs(strpath);
}
}
protected void dvBookList_ItemUpdating(object sender, DetailsViewUpdateEventArgs e)
{
DropDownList ddlPublisher = dvBookList.FindControl("ddlPublisher") as DropDownList;
odsBooks.UpdateParameters.Add("PublisherId",ddlPublisher.SelectedValue);
}
我用的是VS2010.就是在点击更新按钮时,就报错,希望各位高手帮我解决一下。
解决办法:方法一、修改.aspx文件在.aspx文件中加入validateRequest="false",形如:<%@ Page validateRequest="false" language="c#" Codebehind="WriteNews.aspx.cs" AutoEventWireup="false" Inherits="News.WriteNews" %>方法二、配置web.config文件
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web> <!-- WriteNews.aspx使用内容编辑框时必须添加该语句,否则无法 Request值
-->
<pages validateRequest="false"/> </system.web>
</configuration>推荐使用方法一。
在.aspx文件头中加入这句:
<%@ Page validateRequest="false" %>
解决方案二:
修改web.config文件:
<configuration>
<system.web>
<pages validateRequest="false" />
</system.web>
</configuration>
因为validateRequest默认值为true。只要设为false即可。
或者
过滤HTML
这个需要HTML转换 /// <summary>
/// 插入SQL时替换字符
/// </summary>
/// <param name="str"></param>
/// <returns></returns>
public static string Encode(string str)
{
str = str.Replace("'", "''");
str = str.Replace("\"", """);
str = str.Replace("<", "<");
str = str.Replace(">", ">");
str = str.Replace("\n", "<br>");
str = str.Replace("“", "“");
str = str.Replace("”", "”");
return str;
} /// <summary>
/// 取SQL值时还原字符
/// </summary>
/// <param name="str"></param>
/// <returns></returns>
public static string Decode(string str)
{
str = str.Replace("”", "”");
str = str.Replace("“", "“");
str = str.Replace("<br>", "\n");
str = str.Replace(">", ">");
str = str.Replace("<", "<");
str = str.Replace(""", "\"");
str = str.Replace("''", "'");
return str;
}用这个来替换或者替换HTML标签。 /// <summary>
/// 去除HTML标记
/// </summary>
/// <param name="Htmlstring"></param>
/// <returns></returns>
public static string NoHTML(string Htmlstring) //替换HTML标记
{ //删除脚本
Htmlstring = Regex.Replace(Htmlstring, @"<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase);
//删除HTML
Htmlstring = Regex.Replace(Htmlstring, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"([\r\n])[\s]+", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"-->", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"<!--.*", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(quot|#34);", "\"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(amp|#38);", "&", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(lt|#60);", "<", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(gt|#62);", ">", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(nbsp|#160);", " ", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(iexcl|#161);", "\xa1", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(cent|#162);", "\xa2", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(pound|#163);", "\xa3", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(copy|#169);", "\xa9", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&#(\d+);", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"<img[^>]*>;", "", RegexOptions.IgnoreCase);
Htmlstring.Replace("<", "");
Htmlstring.Replace(">", "");
Htmlstring.Replace("\r\n", "");
Htmlstring = HttpContext.Current.Server.HtmlEncode(Htmlstring).Trim();
return Htmlstring;
}