更新产品时出错 [英] Error while updating a product
问题描述
大家好,
我正在做一个电子商务项目。在后端管理面板中我插入了很多产品。当我点击编辑按钮时,值会加载到文本框。在该页面中我有一个按钮更新并继续。当我点击它时,它应该转到另一个名为ProductAttributes.aspx的更新页面。但是当我点击该按钮后发生错误。
从客户端检测到一个潜在危险的Request.Form值(FreeTextBoxDesc =
Hello everyone,
I am doing a e-commerce project.In the back end admin panel i have inserted many products.When i click on edit button values will load to textboxes.In that page i have one button "Update & Continue".When i click on that it should go to another updating page called "ProductAttributes.aspx".But when i click on that button following error is occuring.
"A potentially dangerous Request.Form value was detected from the client (FreeTextBoxDesc="
说明:请求验证检测到潜在危险的客户端输入值,并且请求的处理已中止。此值可能表示试图破坏应用程序的安全性,例如跨站点脚本攻击。要允许页面覆盖应用程序请求验证设置,请将httpRuntime配置部分中的requestValidationMode属性设置为requestValidationMode =2.0。 ple:< httpruntime requestvalidationmode =2.0>。设置此值后,您可以通过在Page指令或< pages>中设置validateRequest =false来禁用请求验证。配置部分。但是,强烈建议您的应用程序在这种情况下明确检查所有输入
此页面后面的代码是
"Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpruntime requestvalidationmode="2.0">. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case"
My code behind for this page is
protected void btnAddProduct_Click1(object sender, EventArgs e)
{
if (IsFormValid())
{
try
{
IProductManagement productManagement = new ProductManagementImpl(_dataProvider, new SQLParameterBaseHelper());
Product product = new Product();
product.ProductId = Convert.ToInt64(hfProductId.Value);
product.ProductCode = txtProductCode.Text.Trim();
product.ProductName = txtProductName.Text.Trim();
//product.ProductDescription = free.Text;
product.ProductDescription = FreeTextBoxDesc.Text;
任何人都可以帮我解决这个错误。
提前谢谢。
Can any one help me to resove this error.
Thanks in advance.
推荐答案
使用Server.HtmlEncode ..
这里是链接 http://www.asp.net/whitepapers/request-validation [ ^ ]
Use Server.HtmlEncode ..
here is the link http://www.asp.net/whitepapers/request-validation[^]
这篇关于更新产品时出错的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
