How to store HTML data in SQL 2000

[khu19]

When I try to store an article with html tags within it, I get an error from .NET saying it's a security risk. How can I correctly sore HTML data in a MS SQL 2000 database using ASP.NET?

[vgarcia]

I don't recommend it, for these reasons:

• What if you need this data in some other application later? You'd have to go through the extra step of stripping the HTML.
• Possible security risk because I can put a link like this:
  HTML Code:

  <a href="http://a.competitor.site/stealcreditcards/">Page 2</a>

  into your article if your DB isn't secure enough.
• Putting HTML into the database completely flattens an N-tier architecture.

Why not create another system, similar to the vB code used on this site. Example: _word_ would make it italic, *word* would make the word bold, automatically parse urls and generate links, etc. You really don't need to store HTML code in the DB if the type of HTML coding you need is simple enough (i.e. formatting stuff).

[khu19]

Thanks for the quick reply. New to SQL and just wanted some opinions. I think I'll do the vBcode "system", appreciate it.

[MarcusJT]

• Possible security risk because I can put a link like this:
  HTML Code:

  <a href="http://a.competitor.site/stealcreditcards/">Page 2</a>

  into your article if your DB isn't secure enough.

Surely leaving your DB wide open is the risk, not the HTML!!?