Getting error when storing in sql server

This is the error, i got in ASP.net, C#.net, Sq server 2005:

Mon, 12/01/2008 - 12:02

alibaba4chor

Joined: 01/12/2008

Posts: 5

Re: Getting error when storing in sql server

It's SOURCE(HTML) code is as following:

Mon, 12/01/2008 - 21:42

clines

Joined: 28/11/2008

Posts: 10

Re: Getting error when storing in sql server

At last i can potentially help someone else.

Your issue is a microsoft issue not FCKEditors. You will need to post process the request variable from FCKEditor to replace any apostophes with double apostrophes eg fcktxt = replace(request("fcktxt"),"'","''") before saving to SQL server.

Hope that helps

Mon, 12/01/2008 - 22:40

a.m.

Joined: 20/04/2008

Posts: 256

Re: Getting error when storing in sql server

clines wrote:Your issue is a microsoft issue not FCKEditors.

Tue, 12/02/2008 - 02:20

alibaba4chor

Joined: 01/12/2008

Posts: 5

Re: Getting error when storing in sql server

Thanks for ur quick responce.

BUt, will u pls. tell me the code.?

how can i do it.?

I'm using following code to sotre it.:

string hdescription = Server.HtmlEncode(FCKeditorhospital.Value);

Thanks again.

Tue, 12/02/2008 - 02:27

alibaba4chor

Joined: 01/12/2008

Posts: 5

Re: Getting error when storing in sql server

this is the code i'm using:

string hname = txthname.Text;
string hdescription = Server.HtmlEncode(FCKeditorhospital.Value);
string hgmap = txtgmap.Text;
string hparking = txthparking.Text;

string insert = "Insert into Hospital(Hname, Hdescription, Hgmap, Hparking) values('" + hname +"', '" + hdescription +"', '" + hgmap +"', '" + hparking +"')";

Tue, 12/02/2008 - 14:11

a.m.

Joined: 20/04/2008

Posts: 256

Re: Getting error when storing in sql server

You should apply HTML encoding right before outputting text to the page, not when inserting it into the database.

As for SQL injection, use parameter binding instead of string concatenation.