idea:
-------
If you insert html code into a txtbox yoou get an 'annoying' error page with:
potential dangerous request.form blabla..
I want to catch that error and show it on my own page.
I have tried this but it doens't seem to work
anybody any other ideas? (i just hate that standard error page of asp.net)
Or do i have to server.htmlencode everything so i wouldn't get the error?
Try
Dim Head As String = Request.Form("Head")
Dim Message As String = Request.Form("Message")
Dim Category As String = Request.Form("Category")
query = "INSERT INTO tblnews (Category, Head, Message, User, Date) VALUES ('" & Category & "','" & Head & "','" & Message & "','" & usern & "','" & written & "')"
scmd.CommandText = query
scmd.Connection = myConnection
scmd.ExecuteNonQuery()
Catch ex As Exception
Session("error") = "Error" & Err.Erl
Response.Redirect("error.aspx")
End TryOriginally posted by darktown
idea:
-------
If you insert html code into a txtbox yoou get an 'annoying' error page with:
potential dangerous request.form blabla..
I want to catch that error and show it on my own page.
I have tried this but it doens't seem to work
anybody any other ideas? (i just hate that standard error page of asp.net)
Or do i have to server.htmlencode everything so i wouldn't get the error?
Try
Dim Head As String = Request.Form("Head")
Dim Message As String = Request.Form("Message")
Dim Category As String = Request.Form("Category")
query = "INSERT INTO tblnews (Category, Head, Message, User, Date) VALUES ('" & Category & "','" & Head & "','" & Message & "','" & usern & "','" & written & "')"
scmd.CommandText = query
scmd.Connection = myConnection
scmd.ExecuteNonQuery()
Catch ex As Exception
Session("error") = "Error" & Err.Erl
Response.Redirect("error.aspx")
End Try
I have several issues with your code. You should not be using Request anything for values in your code. Rather place Web Form Controls on the form, then call the value with the correct property. Your not checking any of your values.
If you wany a error page use the Web.Config to create custom pages for each different error number. there are docs how to do this. Also you can handle the error in the global.asax file that will allow you to globally handle errors with writing to a log or somethinng.Again thx for the tip.
As you might know i was always used to work with PHP so i just did like i was used to to it.
but why not use request.form(" ") ??
It's there for a reason.
basically for input i ALWAYS use <input type="" id="">
and in the next page i use : dim x as string =request.form("")
I do my 'checks' on x and if it's correct i do the insert if not i return an errormsg tot the user.Originally posted by darktown
but why not use request.form(" ") ??
It's there for a reason.
Because if you use the correct controls they have the integrated malicous code checking in them. They are not going to be the same as the old asp form variables either. When you have an array of items in the request you might end up with issues...
for each string s in Request.Form("Var")
Response.Write(s);
Next
Meaning there might be multiple values in the request for the item. The control has been tested. Is faster than accessing the collection, and events are routed by the name of the item that caused it.
There are few reasons not to use it. Or create a composite or Web User Form to handle most of the items.
The common thing with creating Web User Forms is exposing the Form Items as properties, then using them in the Web Form that your placing the control on. Plus its also able to be used on multiple pages without copying the same code everywhere.<!-- m --><a class="postlink" href="http://msdn.microsoft.com/workshop/webcontrols/overview/overview.asp">http://msdn.microsoft.com/workshop/webc ... erview.asp</a><!-- m -->
This is one of the few reasons why you should not use it. But i have been looking to my webstatistics and most people use win xp with ie6 ; 32 bit colors, 1024 x 768
I am going to re-write it with webcontrols and see what it gives. I'll keep you informed on the forum if i have some problems.
Thx for reading & answering.This are not Web Controls, those are Internet Explorer Web Controls. Notice the name. Web Controls output plain HTML or higher depending on the browser. Those controls are only supported for IE.Originally posted by afterburn
If you wany a error page use the Web.Config to create custom pages for each different error number. there are docs how to do this. Also you can handle the error in the global.asax file that will allow you to globally handle errors with writing to a log or somethinng.
ok? this works now.
I am going to try a simple webform and let you know more about it.
-------
If you insert html code into a txtbox yoou get an 'annoying' error page with:
potential dangerous request.form blabla..
I want to catch that error and show it on my own page.
I have tried this but it doens't seem to work
anybody any other ideas? (i just hate that standard error page of asp.net)
Or do i have to server.htmlencode everything so i wouldn't get the error?
Try
Dim Head As String = Request.Form("Head")
Dim Message As String = Request.Form("Message")
Dim Category As String = Request.Form("Category")
query = "INSERT INTO tblnews (Category, Head, Message, User, Date) VALUES ('" & Category & "','" & Head & "','" & Message & "','" & usern & "','" & written & "')"
scmd.CommandText = query
scmd.Connection = myConnection
scmd.ExecuteNonQuery()
Catch ex As Exception
Session("error") = "Error" & Err.Erl
Response.Redirect("error.aspx")
End TryOriginally posted by darktown
idea:
-------
If you insert html code into a txtbox yoou get an 'annoying' error page with:
potential dangerous request.form blabla..
I want to catch that error and show it on my own page.
I have tried this but it doens't seem to work
anybody any other ideas? (i just hate that standard error page of asp.net)
Or do i have to server.htmlencode everything so i wouldn't get the error?
Try
Dim Head As String = Request.Form("Head")
Dim Message As String = Request.Form("Message")
Dim Category As String = Request.Form("Category")
query = "INSERT INTO tblnews (Category, Head, Message, User, Date) VALUES ('" & Category & "','" & Head & "','" & Message & "','" & usern & "','" & written & "')"
scmd.CommandText = query
scmd.Connection = myConnection
scmd.ExecuteNonQuery()
Catch ex As Exception
Session("error") = "Error" & Err.Erl
Response.Redirect("error.aspx")
End Try
I have several issues with your code. You should not be using Request anything for values in your code. Rather place Web Form Controls on the form, then call the value with the correct property. Your not checking any of your values.
If you wany a error page use the Web.Config to create custom pages for each different error number. there are docs how to do this. Also you can handle the error in the global.asax file that will allow you to globally handle errors with writing to a log or somethinng.Again thx for the tip.
As you might know i was always used to work with PHP so i just did like i was used to to it.
but why not use request.form(" ") ??
It's there for a reason.
basically for input i ALWAYS use <input type="" id="">
and in the next page i use : dim x as string =request.form("")
I do my 'checks' on x and if it's correct i do the insert if not i return an errormsg tot the user.Originally posted by darktown
but why not use request.form(" ") ??
It's there for a reason.
Because if you use the correct controls they have the integrated malicous code checking in them. They are not going to be the same as the old asp form variables either. When you have an array of items in the request you might end up with issues...
for each string s in Request.Form("Var")
Response.Write(s);
Next
Meaning there might be multiple values in the request for the item. The control has been tested. Is faster than accessing the collection, and events are routed by the name of the item that caused it.
There are few reasons not to use it. Or create a composite or Web User Form to handle most of the items.
The common thing with creating Web User Forms is exposing the Form Items as properties, then using them in the Web Form that your placing the control on. Plus its also able to be used on multiple pages without copying the same code everywhere.<!-- m --><a class="postlink" href="http://msdn.microsoft.com/workshop/webcontrols/overview/overview.asp">http://msdn.microsoft.com/workshop/webc ... erview.asp</a><!-- m -->
This is one of the few reasons why you should not use it. But i have been looking to my webstatistics and most people use win xp with ie6 ; 32 bit colors, 1024 x 768
I am going to re-write it with webcontrols and see what it gives. I'll keep you informed on the forum if i have some problems.
Thx for reading & answering.This are not Web Controls, those are Internet Explorer Web Controls. Notice the name. Web Controls output plain HTML or higher depending on the browser. Those controls are only supported for IE.Originally posted by afterburn
If you wany a error page use the Web.Config to create custom pages for each different error number. there are docs how to do this. Also you can handle the error in the global.asax file that will allow you to globally handle errors with writing to a log or somethinng.
ok? this works now.
I am going to try a simple webform and let you know more about it.