SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    get back to rowing khu19's Avatar
    Join Date
    Jan 2003
    Location
    New York / Boston
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    How to store HTML data in SQL 2000

    When I try to store an article with html tags within it, I get an error from .NET saying it's a security risk. How can I correctly sore HTML data in a MS SQL 2000 database using ASP.NET?

  2. #2
    ☆★☆★ silver trophy vgarcia's Avatar
    Join Date
    Jan 2002
    Location
    in transition
    Posts
    21,235
    Mentioned
    1 Post(s)
    Tagged
    1 Thread(s)
    I don't recommend it, for these reasons:
    • What if you need this data in some other application later? You'd have to go through the extra step of stripping the HTML.
    • Possible security risk because I can put a link like this:
      HTML Code:
      <a href="http://a.competitor.site/stealcreditcards/">Page 2</a>
      into your article if your DB isn't secure enough.
    • Putting HTML into the database completely flattens an N-tier architecture.

    Why not create another system, similar to the vB code used on this site. Example: _word_ would make it italic, *word* would make the word bold, automatically parse urls and generate links, etc. You really don't need to store HTML code in the DB if the type of HTML coding you need is simple enough (i.e. formatting stuff).

  3. #3
    get back to rowing khu19's Avatar
    Join Date
    Jan 2003
    Location
    New York / Boston
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the quick reply. New to SQL and just wanted some opinions. I think I'll do the vBcode "system", appreciate it.

  4. #4
    The doctor is in... silver trophy MarcusJT's Avatar
    Join Date
    Jan 2002
    Location
    London
    Posts
    3,509
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by vgarcia
    • Possible security risk because I can put a link like this:
      HTML Code:
      <a href="http://a.competitor.site/stealcreditcards/">Page 2</a>
      into your article if your DB isn't secure enough.
    Surely leaving your DB wide open is the risk, not the HTML!!?
    MarcusJT
    - former ASP web developer / former SPF "ASP Guru"
    - *very* old blog with some useful ASP code

    - Please think, Google, and search these forums before posting!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •