How to save the value of FCKeditor to database?

I use the FCKeditor control as my editor, I hope to save the content to database, but when I click the
button1, I get the following error, why?
I guess because there are some Script string included in FCKeditor1.Value and ASP.Net think it is
dangerous, now I don't know how to handle it, could you help me?

A potentially dangerous Request.Form value was detected from the client (FCKeditor1="<p>This is a
sample<...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of
the request has been aborted. This value may indicate an attempt to compromise the security of your
application, such as a cross-site scripting attack. You can disable request validation by setting
validateRequest=false in the Page directive or in the configuration section. However, it is strongly
recommended that your application explicitly check all inputs in this case.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form
value was detected from the client (FCKeditor1="<p>This is a sample<...").

<%@ Page Language="C#" %>

<%@ Register Assembly="FredCK.FCKeditorV2" Namespace="FredCK.FCKeditorV2"
TagPrefix="FCKeditorV2" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

protected void Button1_Click(object sender, EventArgs e)

{
string s = FCKeditor1.Value;
}
</script>

<html xmlns="http://www.w3.org/1999/xhtml" >

<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<FCKeditorV2:FCKeditor ID="FCKeditor1" runat="server" BasePath="~/FCKeditor/">
</FCKeditorV2:FCKeditor>
<asp:Button ID="Button1" runat="server" OnClick="Button1_Click" Text="Button" /></div>
</form>
</body>
</html>

You'll need to add validateRequest=false to the page directive. By default, .NET will
throw an exception if a value entered in a form field looks like a script block. You
should use Server.HtmlEncode when storing the value in the database and
Server.HtmlDecode when retrieving the value from the database. Also, I would use a
regular expression on any other fields on the form to strip them of any code that
resembles a script block.

HTH,
Ryan

I use FCKeditor as HTML editor, and save the html document to database, I hope to display the html
document using a control,
but When I use FCKeditor to display the html document, I find that FCKeditor control hasn't ReadOnly
property and Toolbar can't be
hidden completely, I try to use Textbox control to display html document, but only html code can be
displayed in textbox control!

If you want to set the FCKeditor control to readonly so it just displays HTML
formatted and doesn't allow editing, then it makes more sense to use a Label
control. On the other hand, if this is for something like a chat application and you'd
like a TextBox like area to display text, then I know how to do it with FreeTextBox. If
you're willing to give FTB a try, I'll dig out the code.

HTH,
Ryan

hi

u have to use Literal control in asp.net for display the Fckeditor content on page ,

u cant display data from in textbox or lable .

concta me on chat, i will show u in detail , jsp_3053@yahoo.co.in

regards

There a small problem if you insert/update database by using Parameter. Instead of using enum DbType,
you should use OleDbType to save FCK's value to database.

I tried many times with DbType.String but always receive the exception "Invalid character value for cast
specification".

Anyone know why ?

Filed under: OleDbType, FCKeditor, DbType

hello
i use datagridview control for editing and saving from fckeditor control

for dispalay you must use this :

<asp:TemplateField HeaderText="caption" SortExpression="Text">

<EditItemTemplate>
<FCKeditorV2:FCKeditor EnableXHTML="true" Value='<%# Bind("Text") %>'
BasePath="~/FCKeditor/" ID="FCKeditor3" runat="server">
</FCKeditorV2:FCKeditor>
</EditItemTemplate>

for saving you use

private string getCaptionText

get

return
(((UltimateEditor)(DetailsView1.Rows[1].Cells[1].Controls[1])).EditorHtml.Replace(Request.Url.GetLeftP
art(UriPartial.Authority),""));

and replace it in Insert command

You should put it at the top of any page you use FTB or FCKeditor as follows:

<%@ Page Language="VB" AutoEventWireup="false"

CodeFile="gridviewdemo.aspx.vb" Inherits="gridviewdemo"
ValidateRequest="false" %>

Hi All,

I'm having this same problem.

I was getting the same editor to do with the dangerous code. I added the ValidateRequest and now I get:

Line 6015: }
Line 6016: if ((description == null)) {
Line 6017: throw new
System.ArgumentNullException("description");
Line 6018: }
Line 6019: else {
My control:
<ItemTemplate>
<FCKeditorV2:FCKeditor ID="FCKeditor1"
runat="server" BasePath="~/FCK_editor/" Height="200px"
Visible='<%# Eval("description") %>'
Width="100%" >
</FCKeditorV2:FCKeditor>
</ItemTemplate>

I'm trying to insert a record into a table, which I created a

tableAdapter with an additional insert query. I then created a Object
data source and a details view for the fields.
Thanks for any help!
Sam