Jeremy Wadsworth
Login
My Contribution to the ASP.NET Community


Welcome   
Welcome to my personal website. Here you will find blog posts related to web development as well as personal related interests. If you're here for the source code to my Personal Web Site Kit, please register and you'll receive an email when your account has been approved.

Latest Blog Entries
 Thursday, February 08, 2007


A potentially dangerous Request.Form value was detected from the client    

You might receive this error if your allowing users to enter text into a textbox, then saving the text to the database, and trying to display it on a page. This error might occur if characters or text deemed unsafe by the asp.net request validation feature, are entered by the user. You can easily solve this issue by html encoding input from the user.

So in your code, you would do something like this before saving the text to the database.

Dim strText As String = Server.HtmlEncode(MyTextBox.Text.Trim)
SaveToDB(strText)

When you want to display the saved text on a web page you would use something like the following.

Dim strText as String = Some code to retrieve the text from the database
MyLabel.Text = Server.HtmlDecode(strText)

This short blog post is meant to be a quick read for this issue. You can read a great article on this subject at http://www.asp.net/faq/requestvalidation.aspx


jeremy at 4:52 PM | (15) Comments | Add a comment | Permalink




Commments
Frank Peterson said...

Excellent article. It really helped me out. Thanks.
Saturday, April 14, 2007 12:30 PM
Vinay Mistry said...

This blog is very use full to me I am thank full to whom by this blog is created..... Thaks Vinay Mistry
Friday, September 14, 2007 5:38 AM
Chandru said...

Hi, Nice article..This helped me a lot .. Thank U very much... --Chandru
Tuesday, November 06, 2007 4:41 PM
prasad said...

another solution is to use the literal control instead of a label control. Explained here. http://digdotnet.blogspot.com/2008/03/literal-control-vs-label-control.html
Friday, March 21, 2008 7:59 AM
jeremy said...

Prasad, Thanks for that tip. I'll have to play with the literal control a bit. I've never really explored that control.
Saturday, March 22, 2008 9:36 AM
Srikanth Reddy said...

Another solution would be to set ValidateRequest="false" in the @Page directive. Srikanth
Wednesday, April 30, 2008 5:27 AM
ryan said...

hi jeremy, i just wanna confirm. Base on your example, are you assuming that the validateRequest is already false?
Thursday, May 15, 2008 9:29 PM
Prabakaran said...

yes , this really super in my requirement. Thank you.
Tuesday, July 08, 2008 3:45 AM
suresh said...

Really Helpful Post!!
Monday, September 15, 2008 2:11 AM
jamal said...

the best thing is to keep validateRequest =true be aware of security if u put it to false u have then to validate with javascript before postback that the textbox doesn t contains characters like '<'
Friday, January 23, 2009 7:41 AM
diplomski radovi said...

This is not working when you have & # in your text.
Friday, December 04, 2009 2:06 PM
maturski.net said...

It don't work when you have this in source code together: &#195;„&#194;‚&#195;‚&#194;„&#196;‚ When they are separated it is working & # , but when you have this &# together. It happens BOOM. CRASH.
Friday, December 04, 2009 2:13 PM
giochi dei casinò virtuali said...

I think this blog really have great article..and information..This really help me lot..SO thanks for it..I hope you can continue this kind of good work in future also...
Wednesday, March 17, 2010 3:14 AM
Tiffany jewellery said...

When they are separated it is working & # , but when you have this &# together. It happens BOOM. CRASH.
Friday, July 16, 2010 9:03 PM
mbt shoes clearance said...

very good, look forward to view your other articles.
Thursday, August 19, 2010 4:20 AM
  Leave a comment

Enter Your Name:
 
Enter your website
Security code from image below:  
Need Custom Controls Work or Training?
   


Join WebHost4Life.com






If you would like to help support this project, please click the button below to make a small donation.
Started 2005 by Jeremy Wadsworth