如何保存的HTML数据库字段 [英] how to save html to a database field

问题描述

我有href=\"http://www.leigeber.com/2010/02/javascript-wysiwyg-editor/\" rel=\"nofollow\">微小的编辑的网页，我的用户可以在

i have an tiny editor web page where my users can use this editor and i am saving the html into my database.

我有保存这个网站到我的数据库的问题。例如，如果有一个名称的'，或者如果有其他HTML字符。＆LT;，>等，我的code似乎炸毁在插入

i am having issues saving this html to my database. for example if there is a name with a "'" or if there are other html character "<,",">" etc, my code seems to blow up on the insert.

有关于采取任意的HTML标记，并它充分坚持到一个数据库字段，而不必担心任何特定字符的最佳做法。

Is there any best practices about taking any arbitrary html and have it persist fully to a db field without worrying about any specific characters.

推荐答案

我想知道，如果你正在构建的完整的查询。相反，使用参数化查询，这样可以消除您的数据的问题。

I'm wondering if you are building the full query. Instead use a parameterized query and that should eliminate your data problems.

string sqlIns = "INSERT INTO table (name, information, other) VALUES (@name, @information, @other)";

SqlCommand cmdIns = new SqlCommand(sqlIns, db.Connection);
cmdIns.Parameters.Add("@name", info);
cmdIns.Parameters.Add("@information", info1);
cmdIns.Parameters.Add("@other", info2);
cmdIns.ExecuteNonQuery();

这篇关于如何保存的HTML数据库字段的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！