Janardan Pandey Ответов: 2

Потенциально опасная просьба.Значение формы было обнаружено от клиента (txtAnsDesc="").

A potentially dangerous Request.Form value was detected from the client (txtAnsDesc="<br>"). 
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.

Мой код приведен ниже

<%@ Page Language="C#" AutoEventWireup="true" ValidateRequest="false" Debug="true" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<%@Import Namespace="System.Data"%>
<%@Import Namespace="System.Data.Sql"%>
<%@Import Namespace="System.Data.SqlClient"%>
<script  runat="server" language="c#">

    protected void Button2_Click(object sender, EventArgs e)
    {

    }

    protected void Button1_Click(object sender, EventArgs e)
    {
    SqlDataAdapter da;
        DataSet ds;
        SqlConnection CON = new SqlConnection(System.Web.Configuration.WebConfigurationManager.ConnectionStrings["ApplicationServices"].ConnectionString);
        SqlTransaction tr = null;
        CON.Open();

        ds = new DataSet();
        string sql = "select * from answer";
        da = new SqlDataAdapter(sql, CON);
        da.Fill(ds, "answer");
        int r = 0;
        DataRow[] rs;
        rs = ds.Tables["answer"].Select("ansid='" + txtAnsID.Text.Trim() + "'");
        r = rs.Length;
        if (r > 0)
        {
            System.Web.UI.WebControls.Label lbl1 = new System.Web.UI.WebControls.Label();
            lbl1.ForeColor = System.Drawing.Color.Yellow;
            lbl1.BackColor = System.Drawing.Color.Blue;
            lbl1.Text = "This Answer ID " + txtAnsID.Text.Trim() + " Already Exist";
            ph1.Controls.Add(lbl1);
        }
        else
        {

            tr = CON.BeginTransaction();
            try
            {
                SqlCommand cmd = new SqlCommand("insert into answer (sid,aid,cid,qid,ansid,ansdesc,class) values (@sid,@aid,@cid,@qid,@ansid,@ansdesc,@class)");
                cmd.Transaction = tr;
                cmd.Parameters.AddWithValue("@sid", ddSid.SelectedItem.Text.Trim());
                cmd.Parameters.AddWithValue("@aid", ddAid.SelectedItem.Text.Trim());
                cmd.Parameters.AddWithValue("@cid", ddCid.SelectedItem.Text.Trim());
                cmd.Parameters.AddWithValue("@qid", ddQid.SelectedItem.Text.Trim());
                cmd.Parameters.AddWithValue("@ansid", txtAnsID.Text.Trim());
                cmd.Parameters.AddWithValue("@qname", txtAnsDesc.Text.Trim());
                cmd.Parameters.AddWithValue("@class", ddClass.SelectedItem.Text.Trim());
                cmd.Connection = CON;
                cmd.ExecuteNonQuery();
                tr.Commit();

                try
                {
                    System.Web.UI.WebControls.Label lbl1 = new System.Web.UI.WebControls.Label();
                    lbl1.ForeColor = System.Drawing.Color.Yellow;
                    lbl1.BackColor = System.Drawing.Color.Blue;
                    lbl1.Text = "The Answer is entred SUCCESSFULLY";
                    ph1.Controls.Add(lbl1);
                }
                catch (Exception ex)
                {
                    //Response.Write(ex.Message);
                }
            }
            catch (Exception ex)
            {

                //Response.Write("" + ex);
                //tr.Rollback();
            }
            finally
            {
                CON.Close();
            }
        }
    
    }

    protected void Page_Load(object sender, EventArgs e)
    {
    
    }
</script>
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"  runat="server">
    <title></title>
    <style type="text/css">
        .style1
        {
            width: 100%;
            border: 50px solid #008000;
        }
        .style2
        {
            width: 100%;
            border: 25px solid #FF00FF;
        }
        #ta1
        {
            width: 947px;
            height: 386px;
        }
        .style3
        {
        }
        .style4
        {
            height: 23px;
        }
        .style5
        {
            height: 23px;
        }
    </style>
</head>
<body>
<script src="nicEdit.js" type="text/javascript"></script>

<script type="text/javascript">
    bkLib.onDomLoaded(function () {
        //new nicEditor().panelInstance('area1');

        //new nicEditor({fullPanel : true}).panelInstance('area2');

        //new nicEditor({iconsPath : '../nicEditorIcons.gif'}).panelInstance('area3');
        //new nicEditor({buttonList : ['fontSize','bold','italic','underline','strikeThrough','subscript','superscript','html','image']}).panelInstance('area4');
        new nicEditor({ maxHeight: 400 }).panelInstance('txtAnsDesc');
    });
</script>

    <form id="form1"  runat="server">
    <div align="center">
    
        <table class="style1">
            <tr>
                <td>
                     </td>
            </tr>
            <tr>
                <td>
                     </td>
            </tr>
            <tr>
                <td>
                     </td>
            </tr>
            <tr>
                <td>
                    <table class="style2">
                        <tr>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td class="style3">
                                 </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                        </tr>
                        <tr>
                            <td>
                                 </td>
                            <td>
                                Subject ID</td>
                            <td class="style3">
                                Author ID</td>
                            <td>
                                Chapter ID</td>
                            <td>
                                Question ID</td>
                            <td>
                                Class</td>
                            <td>
                                 </td>
                        </tr>
                        <tr>
                            <td>
                                 </td>
                            <td>
                                <asp:DropDownList ID="ddSid" runat="server" AutoPostBack="True" 

                                    DataSourceID="SqlDataSource1" DataTextField="sid" DataValueField="sid">
                                </asp:DropDownList>
                                <asp:SqlDataSource ID="SqlDataSource1" runat="server" 

                                    ConnectionString="<%$ ConnectionStrings:ApplicationServices %>" 

                                    SelectCommand="SELECT * FROM [subject]"></asp:SqlDataSource>
                            </td>
                            <td class="style3">
                                <asp:DropDownList ID="ddAid" runat="server" AutoPostBack="True" 

                                    DataSourceID="SqlDataSource2" DataTextField="aid" DataValueField="aid">
                                </asp:DropDownList>
                                <asp:SqlDataSource ID="SqlDataSource2" runat="server" 

                                    ConnectionString="<%$ ConnectionStrings:ApplicationServices %>" 

                                    SelectCommand="SELECT * FROM [author] WHERE ([sid] = @sid)">
                                    <SelectParameters>
                                        <asp:ControlParameter ControlID="ddSid" DefaultValue="-99" Name="sid" 

                                            PropertyName="SelectedValue" Type="String" />
                                    </SelectParameters>
                                </asp:SqlDataSource>
                            </td>
                            <td>
                                <asp:DropDownList ID="ddCid" runat="server" AutoPostBack="True" 

                                    DataSourceID="SqlDataSource3" DataTextField="cid" DataValueField="cid">
                                </asp:DropDownList>
                                <asp:SqlDataSource ID="SqlDataSource3" runat="server" 

                                    ConnectionString="<%$ ConnectionStrings:ApplicationServices %>" 

                                    SelectCommand="SELECT * FROM [chapter] WHERE (([sid] = @sid) AND ([aid] = @aid))">
                                    <SelectParameters>
                                        <asp:ControlParameter ControlID="ddSid" DefaultValue="-99" Name="sid" 

                                            PropertyName="SelectedValue" Type="String" />
                                        <asp:ControlParameter ControlID="ddAid" DefaultValue="-99" Name="aid" 

                                            PropertyName="SelectedValue" Type="String" />
                                    </SelectParameters>
                                </asp:SqlDataSource>
                            </td>
                            <td>
                                <asp:DropDownList ID="ddQid" runat="server" AutoPostBack="True" 

                                    DataSourceID="SqlDataSource4" DataTextField="qid" DataValueField="qid">
                                </asp:DropDownList>
                                <asp:SqlDataSource ID="SqlDataSource4" runat="server" 

                                    ConnectionString="<%$ ConnectionStrings:ApplicationServices %>" 

                                    SelectCommand="SELECT * FROM [question] WHERE (([sid] = @sid) AND ([aid] = @aid) AND ([cid] = @cid))">
                                    <SelectParameters>
                                        <asp:ControlParameter ControlID="ddSid" DefaultValue="-99" Name="sid" 

                                            PropertyName="SelectedValue" Type="String" />
                                        <asp:ControlParameter ControlID="ddAid" DefaultValue="-99" Name="aid" 

                                            PropertyName="SelectedValue" Type="String" />
                                        <asp:ControlParameter ControlID="ddCid" DefaultValue="-99" Name="cid" 

                                            PropertyName="SelectedValue" Type="String" />
                                    </SelectParameters>
                                </asp:SqlDataSource>
                            </td>
                            <td>
                                <asp:DropDownList ID="ddClass" runat="server" AutoPostBack="True" 

                                    DataSourceID="SqlDataSource5" DataTextField="class_name" 

                                    DataValueField="class_name">
                                </asp:DropDownList>
                                <asp:SqlDataSource ID="SqlDataSource5" runat="server" 

                                    ConnectionString="<%$ ConnectionStrings:ApplicationServices %>" 

                                    SelectCommand="SELECT * FROM [class]"></asp:SqlDataSource>
                            </td>
                            <td>
                                 </td>
                        </tr>
                        <tr>
                            <td class="style4">
                                </td>
                            <td class="style4">
                                </td>
                            <td class="style5">
                                </td>
                            <td class="style4">
                                </td>
                            <td class="style4">
                                </td>
                            <td class="style4">
                                </td>
                            <td class="style4">
                                </td>
                        </tr>
                        <tr>
                            <td class="style4">
                                 </td>
                            <td class="style4">
                                 </td>
                            <td class="style5" colspan="3">
                                <asp:PlaceHolder ID="ph1" runat="server"></asp:PlaceHolder>
                            </td>
                            <td class="style4">
                                 </td>
                            <td class="style4">
                                 </td>
                        </tr>
                        <tr>
                            <td class="style4">
                                </td>
                            <td class="style4">
                                </td>
                            <td class="style4">
                                </td>
                            <td class="style4">
                                </td>
                            <td class="style4">
                                </td>
                            <td class="style4">
                                </td>
                            <td class="style4">
                                </td>
                        </tr>
                        <tr>
                            <td>
                                 </td>
                            <td>
                                Answer ID</td>
                            <td class="style3">
                                <asp:TextBox ID="txtAnsID" runat="server" Width="151px"></asp:TextBox>
                            </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                        </tr>
                        <tr>
                            <td>
                                 </td>
                            <td align="left" colspan="6">
                                <asp:TextBox ID="txtAnsDesc" runat="server" Height="120px" TextMode="MultiLine" 

                                    Width="937px"></asp:TextBox>
                            </td>
                        </tr>
                        <tr>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td class="style3">
                                 </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                        </tr>
                        <tr>
                            <td>
                                </td>
                            <td class="style3" colspan="3">
                                <asp:Button ID="Button1" runat="server" Text="Submit" 

                                    Width="156px" onclick="Button1_Click" />
         
                                <asp:Button ID="Button2" runat="server" Text="Search" Width="156px" 

                                    onclick="Button2_Click" />
         
                                <asp:Button ID="Button3" runat="server" Text="Update" Width="156px" />
                                <asp:Button ID="Button4" runat="server" Text="Delete" Width="156px" />
        
                                <asp:Button ID="Button5" runat="server" Text="Clear" Width="156px" />
                            </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                        </tr>
                        <tr>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td class="style3">
                                  </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                            <td>
                                 </td>
                        </tr>
                    </table>
                </td>
            </tr>
            <tr>
                <td>
                     </td>
            </tr>
            <tr>
                <td>
                     </td>
            </tr>
            <tr>
                <td>
                     </td>
            </tr>
        </table>
    
    </div>
    </form>
</body>
</html>

С# Источник

Потенциально опасная просьба.Значение формы было обнаружено от клиента (txtAnsDesc="").

2 Ответов

Richard MacCutchan

Sumate Mephokkij

Member 13817348

Kats2512

Категории

Недавние ответы

Изменение источника данных (базы данных) программно

Проблема при попытке вставить данные: ошибка при преобразовании типа данных nvarchar в числовой.

Может ли кто-нибудь, пожалуйста, сказать мне, как я практичен в жизненном цикле страницы .NET

C# get и set ? любая помощь ценится!

Как получить список ip-адресов пользователей, подключенных к моему Wi-Fi