VB Access Database Record Update

  •  06-14-2009, 4:36 AM

    VB Access Database Record Update

    I am trying to update a field in an Access Database. There is no problem loading the field into the editor. I can add text ok. When I try HTML code I get a Server Error (shown below).
    I have attached the Editor file (also below)
    What do I need to do to correct the problem?



    Server Error in '/cutesoft' Application.
    --------------------------------------------------------------------------------

    A potentially dangerous Request.Form value was detected from the client (Header="<span style="color: ...").
    Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

    Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (Header="<span style="color: ...").

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. 

    Stack Trace:


    [HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (Header="<span style="color: ...").]
       System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +240
       System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +99
       System.Web.HttpRequest.get_Form() +121
       System.Web.UI.Page.GetCollectionBasedOnMethod() +70
       System.Web.UI.Page.DeterminePostBackMode() +128
       System.Web.UI.Page.ProcessRequestMain() +2112
       System.Web.UI.Page.ProcessRequest() +218
       System.Web.UI.Page.ProcessRequest(HttpContext context) +18
       System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +179
       System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87

     


    --------------------------------------------------------------------------------
    Version Information: Microsoft .NET Framework Version:1.1.4322.2407; ASP.NET Version:1.1.4322.2407
     
     
     
     
    Below is the aspx file:

    <%@ Page Language="vb" Debug="true"%>
    <%@ Import Namespace="System.Data" %>
    <%@ Import Namespace="System.Data.OleDb" %>
    <%@ Register TagPrefix="cutesoft" TagName="banner" Src="banner.ascx" %>
    <%@ Register TagPrefix="cutesoft" TagName="leftmenu" Src="leftmenu.ascx" %>
    <%@ Register TagPrefix="CE" Namespace="CuteEditor" Assembly="CuteEditor" %>
    <html>
    <head>
      <title>ASP and ASP.NET WYSIWYG Editor - Database Example</title>
      <link rel="stylesheet" href="../example.css" type="text/css" />
     </head>
     <body bgcolor="#7bbe94">
            <form runat="server">
       <cutesoft:banner id="banner1" runat="server" /> 
       <table border="0" cellpadding="0" cellspacing="0">
        <tr>
         <td width=8 nowrap></td>
          <cutesoft:leftmenu id="leftmenu1" runat="server" />    
         </td>
         <td valign="top" width="700"><br>
          <asp:Datagrid runat="server"
           Id="MyDataGrid"
           cellpadding="2"
           cellspacing="0"
           Headerstyle-BackColor="#eeeeee"
               Headerstyle-Font-Bold="True"
           BackColor="#f5f5f5"
           BorderWidth="1"
           Width=700
           Font-Name="Arial"
           Font-Size="12px"
           BorderColor="#999999"
           AutogenerateColumns="False"
           OnItemCommand="UpdateItem"
           >
           <Columns>
             <asp:BoundColumn DataField="Header" Visible="False" />
             <asp:BoundColumn  ItemStyle-Width="50px" DataField="Header" HeaderText="ID" />
             <asp:BoundColumn  ItemStyle-Width="650px" DataField="Header" HeaderText="Webpage Header" />
             <asp:ButtonColumn ItemStyle-Width="50px" ButtonType="LinkButton"  CommandName="Edit" HeaderText="Edit" Text="Edit" />
           </Columns>
          </asp:datagrid>
          <br>
          <CE:Editor id="Editor1" EditorWysiwygModeCss="../example.css" Autoconfigure="Simple" TextMode="MultiLine" Height="520" runat="server" ></CE:Editor><br />
          <asp:Button id="btnUpdate" onclick="Submit" Runat="server" Text="Clear Webpage Header"></asp:Button>
          <asp:Literal ID="Literal1" Runat="server" />
          <br><br>
          <input type="hidden" name="Header" runat="server" id="Header">
         </td>
        <tr>
       </table>   
      </form>
     </body>
    </html>

    <script runat="server">
    Public ReadOnly Property page1() As String
    Get
    Return Request.QueryString("page1").ToString()
    End Get
    End Property
    Public ReadOnly Property link() As String
    Get
    Return Request.QueryString("link").ToString()
    End Get
    End Property

    Sub Page_Load(Source as Object, E as EventArgs)
      if not Page.IsPostBack then
       BindData
      end if
     End Sub
     
     Sub BindData()
      Dim sql as string = "Select Header from content"
      Dim conn As OleDbConnection = CreateConnection()
      Dim objDR as OleDbDataReader
      Dim Cmd as New OleDbCommand(sql, conn)
      objDR=Cmd.ExecuteReader(system.data.CommandBehavior.CloseConnection)
      MyDataGrid.DataSource = objDR
      MyDataGrid.DataBind()
     End Sub
      
     Sub UpdateItem(s As Object, e As DataGridCommandEventArgs )
      Dim conn As OleDbConnection = CreateConnection()
      
      'Check if the CommandName==Delete
      If e.CommandName = "Delete" Then
       Dim com As OleDbCommand = New OleDbCommand("DELETE FROM content", conn)
       com.Parameters.Add("id", e.Item.Cells(0).Text)
       com.ExecuteNonQuery()
       conn.Close()  
      else If (e.CommandName = "Edit") then
       Dim com As OleDbCommand = New OleDbCommand("SELECT Header FROM content", conn)
       com.Parameters.Add("id", e.Item.Cells(0).Text) 
                Dim result As OleDbDataReader = com.ExecuteReader()
                If result.Read() Then
        'set the editor text
        Editor1.Text = result.GetString(0)
                    Header.Value = e.Item.Cells(0).Text
        btnUpdate.Text="Update"
                Else
        Editor1.Text = ""
        Header.Value = ""
        btnUpdate.Text="Clear Webpage Header"
                End If
       result.Close()
      End If
      BindData
     End Sub
     
     Sub Submit(s As Object, e As System.EventArgs )
      Dim conn As OleDbConnection = CreateConnection()
            Dim com As OleDbCommand = Nothing

      If Not Header.Value = String.Empty Then
       com = New OleDbCommand("UPDATE content SET Header = @content", conn)
       com.Parameters.Add("content", Editor1.Text)

      Else
       com = New OleDbCommand("UPDATE content SET Header = 'empty'", conn)
       com.Parameters.Add("content", Editor1.Text)
      End If
      com.ExecuteNonQuery()
      conn.Close()
      BindData
      Me.Response.Redirect(Me.Request.Url.PathAndQuery)
     End Sub

     Function CreateConnection() As OleDbConnection
            Dim conn As OleDbConnection = New OleDbConnection
            conn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + Context.Server.MapPath("../../" + page1 & "/" + link &"/database160.mdb") + ";"
      conn.Open()
            Return conn
            End Function
    </script>

View Complete Thread