Inserting html code into a table using MSSQL Manager

BluJag

BluJag

Perch
When inserting data into one of my tables using the MSSQL Manager tool from within my CP I get this error message.

Server Error in '/MSSQL' Application.
--------------------------------------------------------------------------------

A potentially dangerous Request.Form value was detected from the client (Value_2="...atabase. <p>[firstname] [surn...").
Description: Request Validation has detected a potentially dangerous client input value, and processing.

The reason is that I'm inserting an html template. Is there any way to stop this happening so that I can insert the data?
 
Just to clarify above post. The snag has to be sorted out at the server end, by making the necessary changes to the page directive then saving the .aspx page back to the server again. There's no way for the client to do this, only the person who owns the .aspx page - someone at Jodo presumably.

Normally I use Access 2003 to enter data directly into the tables, but at the time I was in a hotel in Hong Kong and couldn't connect via Access 2003 (firewall probs I think).
 
You'll probably want to use Enterprise Manager to put the data in. It seems that the web tool blocks certain html statements to avoid dangerous injections. I had this happen to me too recently. The other way would be to create a simple script that connects to the database and updates that value for you.
 
Yeh you're right jonyah - it's only a problem from certain hotels when I can't connect to the Jodo SQL server via Access, Enterprise Manager or Query Analyzer. I'll have to make time to write a simple script as you suggest.

Cheers
 
here, I've got one. I wrote this a few years ago and can ensure that it works as needed. You can run any query from the query box, or you can navigate the tables and modify the data via forms, all contained in a single script. You can download that script here:

http://www.aspdriven.net/dbviewer.zip
 
oh, with that sciprt, you must have a primary key (auto-increment) for the update via a form to work. Otherwise that feature will be disabled.
 
Hey jonyah - fantastic! I've uploaded it to jodo and it's running a treat! I can't thank you enough, it's terrific. Makes life so much easier when I'm out in the boondocks.

Huge thankyou - I owe you a (crate of) beer! :]
 
Just make sure you keep the files protected, please. (rename them from asp/aspx to 1asp or something, you don't want someone script injecting you.)
 
ya this is a file I usually have protected by some sort of session login, but I removed that before posting it.
 
You must log in or register to reply here.
Back
Top