如何保存的HTML数据库字段 [英] how to save html to a database field
问题描述
我有href=\"http://www.leigeber.com/2010/02/javascript-wysiwyg-editor/\" rel=\"nofollow\">微小的编辑的网页,我的用户可以在
i have an tiny editor web page where my users can use this editor and i am saving the html into my database.
我有保存这个网站到我的数据库的问题。例如,如果有一个名称的',或者如果有其他HTML字符。<,>等,我的code似乎炸毁在插入
i am having issues saving this html to my database. for example if there is a name with a "'" or if there are other html character "<,",">" etc, my code seems to blow up on the insert.
有关于采取任意的HTML标记,并它充分坚持到一个数据库字段,而不必担心任何特定字符的最佳做法。
Is there any best practices about taking any arbitrary html and have it persist fully to a db field without worrying about any specific characters.
推荐答案
我想知道,如果你正在构建的完整的查询。相反,使用参数化查询,这样可以消除您的数据的问题。
I'm wondering if you are building the full query. Instead use a parameterized query and that should eliminate your data problems.
string sqlIns = "INSERT INTO table (name, information, other) VALUES (@name, @information, @other)";
SqlCommand cmdIns = new SqlCommand(sqlIns, db.Connection);
cmdIns.Parameters.Add("@name", info);
cmdIns.Parameters.Add("@information", info1);
cmdIns.Parameters.Add("@other", info2);
cmdIns.ExecuteNonQuery();
这篇关于如何保存的HTML数据库字段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!