asp.net mvc - I have website in asp .net currently online but its database become corrupted every time after new enteries -


in website online local directory become corrupt when put on server. table in database got html tag dont change enteries become name suresh

or different html tags

is sql injection?? website runs smoothly on localhost when put online enteries become corrupted after time of updation.

 protected void b1_click(object sender, eventargs e)     {         //byte[] bytes = null;         sqlconnection con = new sqlconnection(configurationmanager.connectionstrings["constr"].tostring());         con.open();         sqlcommand cmd = new sqlcommand("insert dbocontent values(@image_name, @image_path, @firm_name, @phno, @address, @work_detail, @email, @website, @location, @city, @contact_person, @mob_no, @reciept_no, @opening_hours, @estblish, @deal, @status, @deal_duration, @deal_name, @deal_description, @category, @sub_category1, @sub_category2, @sub_category3, @phno2)", con);             if (fileupload2.hasfile)         {             string extension = path.getextension(fileupload2.filename);             if (extension.tolower() != ".gif" && extension.tolower() != ".png" && extension.tolower() != ".jpg" && extension.tolower() != ".jpeg") { scriptmanager.registerstartupscript(this, this.gettype(), "popup", "alert('invalid image format');", true); }             else { string pathname = "uploadimages/" + path.getfilename(fileupload2.postedfile.filename); string filename = path.getfilename(fileupload2.postedfile.filename); cmd.parameters.addwithvalue("@image_name", filename); cmd.parameters.addwithvalue("@image_path", pathname); fileupload2.saveas(server.mappath("~/uploadimages/" + fileupload2.filename)); }         }          else { scriptmanager.registerstartupscript(this, this.gettype(), "popup", "alert('pls select file upload');", true); }              cmd.parameters.addwithvalue("@firm_name", txtfirmname.text);             cmd.parameters.addwithvalue("@phno", txtphone.text);             cmd.parameters.addwithvalue("@address", txtaddress.text);             cmd.parameters.addwithvalue("@work_detail", txtworkdetail.text);             cmd.parameters.addwithvalue("@email", txtemail.text);            cmd.parameters.addwithvalue("@website", txtwebsite.text);            cmd.parameters.addwithvalue("@location", txtlocation.text);            cmd.parameters.addwithvalue("@city", dropdownlist2.selecteditem.text);            cmd.parameters.addwithvalue("@contact_person", txtcontact_person.text);            cmd.parameters.addwithvalue("@mob_no", txtmob.text);            cmd.parameters.addwithvalue("@reciept_no", txtreciept.text);            cmd.parameters.addwithvalue("@opening_hours", txtopeningtime.text);            cmd.parameters.addwithvalue("@estblish", txtestblish.text);             // cmd.parameters.addwithvalue("@sub_sub_category", ddlsubsubcat.selecteditem.text);              cmd.parameters.addwithvalue("@deal", dropdownlist1.selecteditem.text);         if (dropdownlist1.selecteditem.text == "yes")         {             cmd.parameters.addwithvalue("@status", txtstatus.text);             cmd.parameters.addwithvalue("@deal_duration", txtdealtime.text);             cmd.parameters.addwithvalue("@deal_name", txtdealname.text);             cmd.parameters.addwithvalue("@deal_description", txtdes.text);         }         else         {             cmd.parameters.addwithvalue("@status", "");             cmd.parameters.addwithvalue("@deal_duration", "");             cmd.parameters.addwithvalue("@deal_name", "");             cmd.parameters.addwithvalue("@deal_description", "");          }         cmd.parameters.addwithvalue("@category", ddlcategory.selecteditem.text);         cmd.parameters.addwithvalue("@sub_category1", ddlsubsubcat1.selecteditem.text);         cmd.parameters.addwithvalue("@sub_category2", ddlsubsubcat2.selecteditem.text);         cmd.parameters.addwithvalue("@sub_category3", ddlsubsubcat3.selecteditem.text);         cmd.parameters.addwithvalue("@phno2", txtphno2.text);             string[] querystring3 = new string[22];         querystring3[0] = txtfirmname.text;         querystring3[1] = txtphone.text;         querystring3[2] = txtaddress.text;         querystring3[3] = txtworkdetail.text;         querystring3[4] = txtemail.text;         querystring3[5] = txtwebsite.text;         querystring3[6] = txtlocation.text;         querystring3[7] = dropdownlist2.selecteditem.text;         querystring3[8] = txtcontact_person.text;         querystring3[9] = txtmob.text;         querystring3[10] = txtreciept.text;         querystring3[11] = txtopeningtime.text;         querystring3[12] = txtestblish.text;         querystring3[13] = txtstatus.text;         querystring3[14] = txtdealtime.text;         querystring3[15] = txtdealname.text;         querystring3[16] = txtdes.text;         querystring3[17] = ddlcategory.selecteditem.text;         querystring3[18] = ddlsubsubcat1.selecteditem.text;         querystring3[19] = ddlsubsubcat2.selecteditem.text;         querystring3[20] = ddlsubsubcat3.selecteditem.text;         querystring3[21] = txtphno2.text;       //  querystring3[19] = txtfirmname.text;          if (!string.isnullorempty(querystring3[0]))         {             list<string> y = querystring3.tolist<string>();             y.removeall(p => string.isnullorempty(p));             querystring3 = y.toarray();              if (checksqlinjection(querystring3))             {                 response.redirect("~/error.htm");             }             else             {                 cmd.executenonquery();                 // c.parameters.addwithvalue("@category", txtcategory.text);             }          }         response.redirect(request.url.tostring(), false);          reset();          con.close();      }

// front end

<%@ page title="" language="c#" masterpagefile="~/admin panel/masterpage2.master" autoeventwireup="true" codefile="content.aspx.cs" inherits="admin_panel_default2" %>  <asp:content id="content1" contentplaceholderid="head" runat="server">     <div class="cantant_right_text"> <%--<form id="form1" runat="server">--%>  <h1>add new user</h1><br />  <table class="tabl">       <tr>         <td>             <asp:label runat="server" id="lbcategory" text="category"></asp:label>         </td>         <td>             <asp:dropdownlist id="ddlcategory" runat="server" height="35px" width="253px"></asp:dropdownlist>         </td>         <td>          </td>     </tr> <tr>         <td>             <asp:label runat="server" id="label4" text="select sub category 1"></asp:label>         </td>         <td>             <asp:dropdownlist runat="server" id="ddlsubsubcat1" height="30px" width="253px"                  ></asp:dropdownlist>         </td>         <td>          </td>      </tr>     <tr>         <td>             <asp:label runat="server" id="label1" text="select sub category 2"></asp:label>         </td>         <td>             <asp:dropdownlist runat="server" id="ddlsubsubcat2" height="30px" width="253px"                  ></asp:dropdownlist>         </td>         <td>          </td>      </tr>     <tr>         <td>             <asp:label runat="server" id="label3" text="select sub category 3"></asp:label>         </td>         <td>             <asp:dropdownlist runat="server" id="ddlsubsubcat3" height="30px" width="253px"                  ></asp:dropdownlist>         </td>         <td>          </td>      </tr>        <tr>         <td>             <asp:label runat="server" id="lbfirmname" text="firm name"></asp:label>         </td>         <td>             <asp:textbox runat="server" id="txtfirmname" placeholder="enter firm name"></asp:textbox>         </td>         <td>          <%--   <asp:regularexpressionvalidator id="regularexpressionvalidator1" controltovalidate="txtfirmname" validationexpression="^[0-9a-za-z]+$" runat="server" errormessage="no special keys" backcolor="red"></asp:regularexpressionvalidator></td>--%>         <td>          </td>      </tr>     <tr>         <td>             <asp:label runat="server" id="lbphone" text="phone number"></asp:label>          </td>         <td>             <asp:textbox runat="server" id="txtphone" placeholder="enter phone number"></asp:textbox>          <%--   <asp:regularexpressionvalidator id="regularexpressionvalidator3" controltovalidate="txtphone" validationexpression="^[0-9]+$" runat="server" errormessage="only numeric keys" backcolor="red"></asp:regularexpressionvalidator>--%>         </td>         <td>          </td>     </tr>     <tr>         <td>             <asp:label runat="server" id="lbaddress" text="address"></asp:label>         </td>         <td>             <asp:textbox runat="server" id="txtaddress" placeholder="enter address"></asp:textbox>         </td>         <td>          </td>     </tr>     <tr>         <td>             <asp:label runat="server" id="lbworkdetail" text="work detail"></asp:label>         </td>         <td>             <asp:textbox runat="server" id="txtworkdetail" placeholder="enter work detail"></asp:textbox>         </td>         <td>          </td>     </tr>     <tr>         <td>             <asp:label runat="server" id="lbemail" text="email"></asp:label>          </td>         <td>             <asp:textbox runat="server" id="txtemail" placeholder="enter email"></asp:textbox>           <%--  <asp:regularexpressionvalidator id="regularexpressionvalidator4" controltovalidate="txtemail" validationexpression="^[\w-\.]{1,}\@([\da-za-z-]{1,}\.){1,}[\da-za-z-]{2,6}$" runat="server" errormessage="email not valid" backcolor="red"></asp:regularexpressionvalidator>--%>         </td>         <td>          </td>     </tr>     <tr>         <td>             <asp:label runat="server" id="lbwebsite" text="website name"></asp:label>         </td>         <td>             <asp:textbox runat="server" id="txtwebsite" placeholder="enter website name"></asp:textbox>         </td>         <td>          </td>     </tr>     <tr>         <td>             <asp:label runat="server" id="lblocation" text="location"></asp:label>         </td>         <td>             <asp:textbox runat="server" id="txtlocation" placeholder=" enter location"></asp:textbox>         </td>         <td>          </td>     </tr>     <tr>         <td>             <asp:label runat="server" id="lbcity" text="city"></asp:label>         </td>         <td>             <asp:dropdownlist id="dropdownlist2" runat="server" height="33px" width="254px">             </asp:dropdownlist>         </td>         <td>          </td>     </tr>     <tr>         <td>             <asp:label runat="server" id="lbcontact_person" text="contact person"></asp:label>            </td>         <td>             <asp:textbox runat="server" id="txtcontact_person" placeholder="enter contact person"></asp:textbox>             <%-- <asp:regularexpressionvalidator id="regularexpressionvalidator5" controltovalidate="txtcontact_person" validationexpression="^[a-za-z]+$" runat="server" errormessage="only alphabets" backcolor="red"></asp:regularexpressionvalidator>--%>         </td>         <td>          </td>     </tr>     <tr>         <td>             <asp:label runat="server" id="lbmob_no" text="mobile number"></asp:label>         </td>         <td>             <asp:textbox runat="server" id="txtmob" placeholder="enter mobile number"></asp:textbox>            <%--  <asp:regularexpressionvalidator id="regularexpressionvalidator6" controltovalidate="txtmob" validationexpression="^[0-9]+$" runat="server" errormessage="only numeric keys" backcolor="red"></asp:regularexpressionvalidator>--%>         </td>         <td>          </td>     </tr>     <tr>         <td>             <asp:label runat="server" id="lbreciept" text="reciept number"></asp:label>         </td>         <td>             <asp:textbox runat="server" id="txtreciept" placeholder="enter reciept number"></asp:textbox>         </td>         <td>          </td>     </tr>     <tr>         <td>             <asp:label runat="server" id="lbopeningtime" text="opening hours"></asp:label>         </td>         <td>             <asp:textbox runat="server" id="txtopeningtime" placeholder="enter opening hours"></asp:textbox>         </td>         <td>          </td>     </tr>      <tr>         <td>             <asp:label runat="server" id="lbestblish" text="estblish in"></asp:label>         </td>         <td>             <asp:textbox runat="server" id="txtestblish" placeholder="enter estblish year"></asp:textbox>            <%--  <asp:regularexpressionvalidator id="regularexpressionvalidator7" controltovalidate="txtestblish" validationexpression="^[0-9]+$" runat="server" errormessage="only numeric keys" backcolor="red"></asp:regularexpressionvalidator>--%>         </td>         <td>          </td>     </tr>      <tr>         <td>             <asp:label runat="server" id="lbdeal" text="deal"></asp:label>         </td>         <td>             <asp:dropdownlist id="dropdownlist1" runat="server" height="26px" width="253px"                  onselectedindexchanged="dropdownlist1_selectedindexchanged"                  autopostback="true">                 <asp:listitem>yes</asp:listitem>                 <asp:listitem>no</asp:listitem>             </asp:dropdownlist>         </td>         <td>          </td>     </tr>     <%--<tr>         <td>             <asp:label runat="server" id="label14" text="firm name"></asp:label>         </td>         <td>             <asp:textbox runat="server" id="textbox14" placeholder="enter firm name"></asp:textbox>         </td>         <td>          </td>     </tr>--%>       <tr>         <td>             <asp:label runat="server" id="lbstatus" text="status"></asp:label>         </td>         <td>             <asp:textbox runat="server" id="txtstatus" placeholder="enter status"></asp:textbox>         </td>         <td>          </td>     </tr>      <tr>         <td>             <asp:label runat="server" id="lbdealtime" text="deal duration"></asp:label>         </td>         <td>             <asp:textbox runat="server" id="txtdealtime" placeholder="enter duration"></asp:textbox>         </td>         <td>          </td>     </tr>     <tr>         <td>             <asp:label runat="server" id="lbdealname" text="deal name"></asp:label>         </td>         <td>             <asp:textbox runat="server" id="txtdealname" placeholder="enter deal name"></asp:textbox>         </td>         <td>          </td>     </tr>      <tr>         <td>             <asp:label runat="server" id="lbdealdescription" text="deal description"></asp:label>         </td>         <td>             <asp:textbox runat="server" id="txtdes" placeholder="enter description"></asp:textbox>         </td>         <td>          </td>     </tr>      <tr>         <td>             <asp:label runat="server" id="lb2" text="phone number 2"></asp:label>         </td>         <td>             <asp:textbox runat="server" id="txtphno2" placeholder="enter phone number 2"></asp:textbox>             <%--<asp:regularexpressionvalidator id="regularexpressionvalidator8" controltovalidate="txtphno2" validationexpression="^[0-9]+$" runat="server" errormessage="only numeric keys" backcolor="red"></asp:regularexpressionvalidator>--%>         </td>         <td>          </td>     </tr>       <tr>         <td>             <asp:label id="label2" runat="server" text="upload"></asp:label>         </td>         <td>             <asp:fileupload id="fileupload2" runat="server" />         </td>         <td>         </td>     </tr>     <tr>         <td>          </td>          <td>             <asp:button runat="server" id="b1" text="submit"                   style="margin-top:15px; width:255px; height:40px; color:white; background-color:#04579f; font-size:20px;"                   onclick="b1_click"/>         </td>     </tr>     </table>  </div>  </asp:content>

based on comment above, here code should or similar to.

    using system;     using system.net;     using system.net.webutility;      public void savehtml(string htmltext)     {         string encodedhtmltext = htmlencode(htmltext);          using (sqlcommand sqlcmd = new sqlcommand("sp_savehtmltext", sqlconn))         {             sqlcmd.commandtype = commandtype.storedprocedure;             sqlcmd.commandtimeout = 3600;              sqlparameter eht = new sqlparameter("htmltext", encodedhtmltext);              sqlcmd.parameters.add(eht);              sqlconn.open();              sqlcmd.executenonquery();         }         sqlconn.close();     }      public string gethtml(int htmlid)     {         string decodedhtmltext = string.empty;          using (sqlcommand sqlcmd = new sqlcommand("sp_gethtmltext", sqlconn))         {             sqlcmd.commandtype = commandtype.storedprocedure;             sqlcmd.commandtimeout = 3600;              sqlparameter eht = new sqlparameter("htmlid", htmlid);              sqlcmd.parameters.add(eht);              sqlconn.open();              using (sqldatareader dr = sqlcmd.executereader())             {                 if (dr.hasrows)                 {                     while (dr.read())                     {                         decodedhtmltext = htmldecode(dr["htmlstring"].tostring());                     }                 }             }         }         sqlconn.close();          return decodedhtmltext;    }

notes:

  • sp_savehtmltext , sp_gethtmltext name of stored procedures.
  • the while loop in gethtml assumes there 1 record returned when calling sp_gethtmltext.
  • also assumed column in table saving either varchar or nvarchar.
  • since tags asp.net-mvc, i'm assuming you're using c#.
  • please see: dotnetperls - htmlencode , so - storing html in sql.

Comments

Post a Comment

Popular posts from this blog

Email notification in google apps script -

https://support.google.com/docs/answer/91588?hl=en i have sheet the cells filled in data pulled via apps script, website. pull in exact same data, not. on old sheets version use able emails when data "changes" different value. new sheets, email when new data pasted cells, though exact same data......and, can't set @ ranges anymore, entire document. there easy way watch cells when data changes, , email myself? this looks lot you're trying do. for checking whether value has changed after edit, this gives necessary information it. hence, know whether new value same 1 or not. implementing "workaround" talked in second link, able compare , send email myself if value changed. initiate onedit trigger goes off onedit function uses these lines after checks in place have passed. var email = "xyz@whatever.com"; mailapp.sendemail(email, "triggermail", "a change has occurred in sheet"); note: sends "notification...
Read more

c++ - Difference between pre and post decrement in recursive function argument -

i have following sample code used pre-decrement void function(int c) { if(c == 0) { return; } else { cout << "dp" << c << endl; function(--c); cout << c << endl; return; } } this function give output input 4 : dp3 dp2 dp1 dp0 0 1 2 3 but when use post decrement void function(int c) { if(c == 0) { return; } else { cout << "dp" << c << endl; function(c--); cout << c << endl; return; } } output goes in infinite loop dp4 can explain me in detail why happens ? this happens because function(c--) called same value of c , when finishes c decremented. recursively called, hence called same value no chance of return , hit stack overflow error. assume this, int x = 1, y = 0; y = x++ result y == 1 , x == 2. if y = ++x , bot x , y 2.
Read more

javascript - IE11 incompatibility with jQuery's 'readonly'? -

the code i'm running has no issues in firefox, or chrome. user typing 1 textbox, tabs next , can continue typing that. when run webpage on ie11, user tabs next textbox , can't type in. textbox has double-clicked before user can insert anything. i've googled , seems ie give problems when using older jquery (i.e. prefers 'prop' 'attr' ). in code below jquery's readonly keyword being used in way ie11 no longer recognise/accept? i assume issue readonly , removeclass('ignore') working expected. //when focus on textbox 1 $("#field1").focus(function() { //remove readonly property textbox 1 $('#field1').prop('readonly', false).removeclass('ignore'); //add readonly property other textboxes $('#field2, #field3, #field4') .prop('readonly', 'readonly').addclass('ignore').val(''); }); i'm using jquery 2.1.3 ...
Read more