将CKEditor数据保存到ASP.Net中的数据库 [英] Saving CKEditor data to database in ASP.Net

问题描述

嘿伙计们，请帮忙...



i我在ASP.Net网站上使用CKEditor，我想将CKEditor的值存储到数据库中。 />


但存储时出错。





这是我的aspx代码：

 <％@    页   标题  =    语言  =  C＃    MasterPageFile   = 〜/ Admin.master    AutoEventWireup   =  true    CodeFile   =  new_article.aspx.cs   继承  =  post_article    validateRequest   =  false   ％>  
 <％@    注册   程序集  =  CKEditor.NET   命名空间  =  CKEditor.NET    TagPrefix   =  CKEditor   ％>  
 
 <   asp：内容    ID   =  Content1    ContentPlaceHolderID   =  head    Runat   = 服务器 >  
 <   script     src   =  // ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery .min.js >  < /  脚本 >  
 <   script     type   =  text / javascript    src   = 〜/ ckeditor / ckeditor.js >  <   /  脚本 >  
 <   script     type   =   text / javascript    src   = 〜/ ckeditor / adapters / jquery.js >  <   /   script  >  
 
 <   / asp：Content  >  
 
 <   asp：内容    ID   =  Content2    ContentPlaceHolderID   =  ContentPlaceHolder1    Runat   = 服务器 >  
 <   div     class   = < span class =code-keyword> content >  
 <   asp：TextBox     ID   =  txtTitle    CssClass   =  txtTitle    runat   =   server   占位符 < span class =code-keyword> = 在此输入标题... >  <   / asp：TextBox  >  
 
 <   p    样式  = 宽度：80％ ;保证金：10px; >  
 <   CKEditor：CKEditorControl     ID   =  txtPost     高度  =  200    BasePath   = 〜/ ckeditor /      runat   =  server   工具栏  = 基本    ClientIDMode   = 继承 >  
 <   / CKEditor：CKEditorControl  >  
 < span class =code-keyword><   / p  >  
 
 <   asp：按钮    ID   =  btnPost < span class =code-attribute>   CssClass   =  btn    runat   =  server   文字  = 发布    OnClick   =  btnPost_Click    /  >  
 
 <   asp：Label     ID   =  lblStatus    runat   =   server   文字  =  > ;  <   / asp：Label  > ;  
 <   / div  >  
 
 
 <   / asp：Content  >  

这是我的代码背后：



<前lang =c＃> 受保护 void btnPost_Click（ object sender，EventArgs e）
{

string str = HttpUtility.HtmlEncode（txtPost.Text）;

// 执行用户定义的检查
if （txtTitle.Text == || txtPost .Text == ）
{
lblStatus.Text = 标题或帖子内容丢失！;
}
else
{
string insertSQL = INSERT INTO user_posts（;
insertSQL + = post_title，post_data，post_date，user_id）;
insertSQL + = VALUES（;
insertSQL + = @ post_title，@ post_data，GETDATE（），@ user_id）;

SqlConnection con = new SqlConnection（ @ Data Source =（LocalDB）\ v11.0; AttachDbFileName = | DataDirectory | \Database.mdf; Integrated Security = True; MultipleActiveResultSets = True）;
SqlCommand cmd = new SqlCommand（insertSQL，con）;

// 添加参数
cmd.Parameters.AddWithValue（ @ post_title，txtTitle.Text）;
cmd.Parameters.AddWithValue（ @ post_data，str）;
cmd.Parameters.AddWithValue（ @ user_id， 1）;

// 插入
int 已添加= 0 ;

尝试
{
con.Open（）;
added = cmd.ExecuteNonQuery（）;
lblStatus.Text = 文章成功发布！;
}

catch （异常错误）
{
lblStatus.Text = err.Message;
}
}


}

在这里我试过：

  string  str = txtPost.Text 

将数据存储在数据库中，



但是在数据库的post_data列中只发布了以下文本：

CKEditor.NET.CKEditorControl



i编码数据，如代码所示。

  string  str = HttpUtility.HtmlEncode（txtPost.Text）; 

但仍然在数据库的post_data列中仅发布以下文本：

CKEditor.NET.CKEditorControl



尝试了所有数据库字段，如varchar（MAX），nvarchar（MAX），text（），但都是徒劳的。错误总是一样的，请指导我。





i尝试使用txtPost.Value，但值不是CKEditor的成员命名空间。





这是我的数据库结构：

  CREATE   TABLE  [dbo]。[user_posts]（
 [post_id]  INT   IDENTITY （ 1 ， 1 ） NOT   NULL ，
 [post_title]  VARCHAR （ 50 ） NOT   NULL ，
 [post_data]  VARCHAR （MAX） NOT   NULL ，
 [post_date]  DATE   NOT   NULL ，
 [user_id]  INT   NOT   NULL ，
  PRIMARY   KEY   CLUSTERED （[post_id]  ASC ），
  FOREIGN   KEY （[user_id]） REFERENCES  [dbo]。[user_details]（[user_id]）
）; 

解决方案

嘿，伙计们自己纠正了。感谢Harshil的回复。





我犯了一些愚蠢的错误。现在一切正常。





我必须删除httpencode函数，因为它创建了问题。



现在我只使用txtPost.Text。







但我认为现在我对XSS攻击持开放态度，因此必须为此搜索一些解决方案。

Hey guys, help please...

i am using CKEditor in ASP.Net Website, i want to store the value of CKEditor to the database.

but it's giving errors while storing.


Here is my aspx code:

<%@ Page Title="" Language="C#" MasterPageFile="~/Admin.master" AutoEventWireup="true" CodeFile="new_article.aspx.cs" Inherits="post_article" validateRequest="false" %>
<%@ Register Assembly="CKEditor.NET" Namespace="CKEditor.NET" TagPrefix="CKEditor" %>

<asp:Content ID="Content1" ContentPlaceHolderID="head" Runat="Server">
   <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
<script type="text/javascript" src="~/ckeditor/ckeditor.js"></script>
<script type="text/javascript" src="~/ckeditor/adapters/jquery.js"></script>
   
</asp:Content>

<asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server">
    <div class="content">
       <asp:TextBox ID="txtTitle" CssClass="txtTitle" runat="server" placeholder="Enter title here..."></asp:TextBox>
        
        <p style="width:80%; margin:10px;">
            <CKEditor:CKEditorControl ID="txtPost"  Height="200" BasePath="~/ckeditor/"  runat="server" Toolbar="Basic" ClientIDMode="Inherit">
           </CKEditor:CKEditorControl>
        </p>

        <asp:Button ID="btnPost" CssClass="btn" runat="server" Text="Post" OnClick="btnPost_Click" />

        <asp:Label ID="lblStatus" runat="server" Text=""></asp:Label>
    </div>

        
</asp:Content>

here is my code behind:

protected void btnPost_Click(object sender, EventArgs e)
    {

        string str = HttpUtility.HtmlEncode(txtPost.Text);
        
        //perform user defined checks
        if (txtTitle.Text == "" || txtPost.Text == "")
        {
            lblStatus.Text = "Title or Post Content is Missing !";
        }
        else
        {
            string insertSQL = "INSERT INTO user_posts (";
            insertSQL += "post_title, post_data, post_date, user_id) ";
            insertSQL += "VALUES (";
            insertSQL += "@post_title, @post_data, GETDATE(), @user_id) ";

            SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\v11.0;AttachDbFileName=|DataDirectory|\Database.mdf;Integrated Security=True;MultipleActiveResultSets=True");
            SqlCommand cmd = new SqlCommand(insertSQL, con);

            //Add Parameters
            cmd.Parameters.AddWithValue("@post_title", txtTitle.Text);
            cmd.Parameters.AddWithValue("@post_data", str);
            cmd.Parameters.AddWithValue("@user_id", "1");

            //Insertion
            int added = 0;

            try
            {
                con.Open();
                added = cmd.ExecuteNonQuery();
                lblStatus.Text = "Article Posted Successfully !";
            }

            catch (Exception err)
            {
                lblStatus.Text = err.Message;
            }
        }


    }

here i tried:

string str = txtPost.Text

to store the data in database,

but In the post_data column of the database only the following text is posted:
CKEditor.NET.CKEditorControl

i encoded the data, as shown in code.

string str = HttpUtility.HtmlEncode(txtPost.Text);

but still In the post_data column of the database only the following text is posted:
CKEditor.NET.CKEditorControl

Tried all the database fields like varchar(MAX), nvarchar(MAX), text() but all in vain. the error is same always, please guide me for this.


i tried using txtPost.Value, but value is not a member of CKEditor namespace.


here is my DB structure:

CREATE TABLE [dbo].[user_posts] (
    [post_id]    INT           IDENTITY (1, 1) NOT NULL,
    [post_title] VARCHAR (50)  NOT NULL,
    [post_data]  VARCHAR (MAX) NOT NULL,
    [post_date]  DATE          NOT NULL,
    [user_id]    INT           NOT NULL,
    PRIMARY KEY CLUSTERED ([post_id] ASC),
    FOREIGN KEY ([user_id]) REFERENCES [dbo].[user_details] ([user_id])
);

解决方案

hey guys corrected it myself. thanks for the reply Harshil.


i was making some silly mistakes. now everything is working.


i had to remove the httpencode function, as it was creating the problem.

Now i am using txtPost.Text only.



but i think now i am open to XSS attacks, so will have to search some solution for that.

这篇关于将CKEditor数据保存到ASP.Net中的数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！