A potentially dangerous Request.Form value was detected from the client (txtAnsDesc="<br>").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.
My Code is given below
<%@ Page Language="C#" AutoEventWireup="true" ValidateRequest="false" Debug="true" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<%@Import Namespace="System.Data"%>
<%@Import Namespace="System.Data.Sql"%>
<%@Import Namespace="System.Data.SqlClient"%>
<script runat="server" language="c#">
protected void Button2_Click(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
SqlDataAdapter da;
DataSet ds;
SqlConnection CON = new SqlConnection(System.Web.Configuration.WebConfigurationManager.ConnectionStrings["ApplicationServices"].ConnectionString);
SqlTransaction tr = null;
CON.Open();
ds = new DataSet();
string sql = "select * from answer";
da = new SqlDataAdapter(sql, CON);
da.Fill(ds, "answer");
int r = 0;
DataRow[] rs;
rs = ds.Tables["answer"].Select("ansid='" + txtAnsID.Text.Trim() + "'");
r = rs.Length;
if (r > 0)
{
System.Web.UI.WebControls.Label lbl1 = new System.Web.UI.WebControls.Label();
lbl1.ForeColor = System.Drawing.Color.Yellow;
lbl1.BackColor = System.Drawing.Color.Blue;
lbl1.Text = "This Answer ID " + txtAnsID.Text.Trim() + " Already Exist";
ph1.Controls.Add(lbl1);
}
else
{
tr = CON.BeginTransaction();
try
{
SqlCommand cmd = new SqlCommand("insert into answer (sid,aid,cid,qid,ansid,ansdesc,class) values (@sid,@aid,@cid,@qid,@ansid,@ansdesc,@class)");
cmd.Transaction = tr;
cmd.Parameters.AddWithValue("@sid", ddSid.SelectedItem.Text.Trim());
cmd.Parameters.AddWithValue("@aid", ddAid.SelectedItem.Text.Trim());
cmd.Parameters.AddWithValue("@cid", ddCid.SelectedItem.Text.Trim());
cmd.Parameters.AddWithValue("@qid", ddQid.SelectedItem.Text.Trim());
cmd.Parameters.AddWithValue("@ansid", txtAnsID.Text.Trim());
cmd.Parameters.AddWithValue("@qname", txtAnsDesc.Text.Trim());
cmd.Parameters.AddWithValue("@class", ddClass.SelectedItem.Text.Trim());
cmd.Connection = CON;
cmd.ExecuteNonQuery();
tr.Commit();
try
{
System.Web.UI.WebControls.Label lbl1 = new System.Web.UI.WebControls.Label();
lbl1.ForeColor = System.Drawing.Color.Yellow;
lbl1.BackColor = System.Drawing.Color.Blue;
lbl1.Text = "The Answer is entred SUCCESSFULLY";
ph1.Controls.Add(lbl1);
}
catch (Exception ex)
{
}
}
catch (Exception ex)
{
}
finally
{
CON.Close();
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
<title></title>
<style type="text/css">
.style1
{
width: 100%;
border: 50px solid #008000;
}
.style2
{
width: 100%;
border: 25px solid #FF00FF;
}
#ta1
{
width: 947px;
height: 386px;
}
.style3
{
}
.style4
{
height: 23px;
}
.style5
{
height: 23px;
}
</style>
</head>
<body>
<script src="nicEdit.js" type="text/javascript"></script>
<script type="text/javascript">
bkLib.onDomLoaded(function () {
new nicEditor({ maxHeight: 400 }).panelInstance('txtAnsDesc');
});
</script>
<form id="form1" runat="server">
<div align="center">
<table class="style1">
<tr>
<td>
</td>
</tr>
<tr>
<td>
</td>
</tr>
<tr>
<td>
</td>
</tr>
<tr>
<td>
<table class="style2">
<tr>
<td>
</td>
<td>
</td>
<td class="style3">
</td>
<td>
</td>
<td>
</td>
<td>
</td>
<td>
</td>
</tr>
<tr>
<td>
</td>
<td>
Subject ID</td>
<td class="style3">
Author ID</td>
<td>
Chapter ID</td>
<td>
Question ID</td>
<td>
Class</td>
<td>
</td>
</tr>
<tr>
<td>
</td>
<td>
<asp:DropDownList ID="ddSid" runat="server" AutoPostBack="True"
DataSourceID="SqlDataSource1" DataTextField="sid" DataValueField="sid">
</asp:DropDownList>
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:ApplicationServices %>"
SelectCommand="SELECT * FROM [subject]"></asp:SqlDataSource>
</td>
<td class="style3">
<asp:DropDownList ID="ddAid" runat="server" AutoPostBack="True"
DataSourceID="SqlDataSource2" DataTextField="aid" DataValueField="aid">
</asp:DropDownList>
<asp:SqlDataSource ID="SqlDataSource2" runat="server"
ConnectionString="<%$ ConnectionStrings:ApplicationServices %>"
SelectCommand="SELECT * FROM [author] WHERE ([sid] = @sid)">
<SelectParameters>
<asp:ControlParameter ControlID="ddSid" DefaultValue="-99" Name="sid"
PropertyName="SelectedValue" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
</td>
<td>
<asp:DropDownList ID="ddCid" runat="server" AutoPostBack="True"
DataSourceID="SqlDataSource3" DataTextField="cid" DataValueField="cid">
</asp:DropDownList>
<asp:SqlDataSource ID="SqlDataSource3" runat="server"
ConnectionString="<%$ ConnectionStrings:ApplicationServices %>"
SelectCommand="SELECT * FROM [chapter] WHERE (([sid] = @sid) AND ([aid] = @aid))">
<SelectParameters>
<asp:ControlParameter ControlID="ddSid" DefaultValue="-99" Name="sid"
PropertyName="SelectedValue" Type="String" />
<asp:ControlParameter ControlID="ddAid" DefaultValue="-99" Name="aid"
PropertyName="SelectedValue" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
</td>
<td>
<asp:DropDownList ID="ddQid" runat="server" AutoPostBack="True"
DataSourceID="SqlDataSource4" DataTextField="qid" DataValueField="qid">
</asp:DropDownList>
<asp:SqlDataSource ID="SqlDataSource4" runat="server"
ConnectionString="<%$ ConnectionStrings:ApplicationServices %>"
SelectCommand="SELECT * FROM [question] WHERE (([sid] = @sid) AND ([aid] = @aid) AND ([cid] = @cid))">
<SelectParameters>
<asp:ControlParameter ControlID="ddSid" DefaultValue="-99" Name="sid"
PropertyName="SelectedValue" Type="String" />
<asp:ControlParameter ControlID="ddAid" DefaultValue="-99" Name="aid"
PropertyName="SelectedValue" Type="String" />
<asp:ControlParameter ControlID="ddCid" DefaultValue="-99" Name="cid"
PropertyName="SelectedValue" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
</td>
<td>
<asp:DropDownList ID="ddClass" runat="server" AutoPostBack="True"
DataSourceID="SqlDataSource5" DataTextField="class_name"
DataValueField="class_name">
</asp:DropDownList>
<asp:SqlDataSource ID="SqlDataSource5" runat="server"
ConnectionString="<%$ ConnectionStrings:ApplicationServices %>"
SelectCommand="SELECT * FROM [class]"></asp:SqlDataSource>
</td>
<td>
</td>
</tr>
<tr>
<td class="style4">
</td>
<td class="style4">
</td>
<td class="style5">
</td>
<td class="style4">
</td>
<td class="style4">
</td>
<td class="style4">
</td>
<td class="style4">
</td>
</tr>
<tr>
<td class="style4">
</td>
<td class="style4">
</td>
<td class="style5" colspan="3">
<asp:PlaceHolder ID="ph1" runat="server"></asp:PlaceHolder>
</td>
<td class="style4">
</td>
<td class="style4">
</td>
</tr>
<tr>
<td class="style4">
</td>
<td class="style4">
</td>
<td class="style4">
</td>
<td class="style4">
</td>
<td class="style4">
</td>
<td class="style4">
</td>
<td class="style4">
</td>
</tr>
<tr>
<td>
</td>
<td>
Answer ID</td>
<td class="style3">
<asp:TextBox ID="txtAnsID" runat="server" Width="151px"></asp:TextBox>
</td>
<td>
</td>
<td>
</td>
<td>
</td>
<td>
</td>
</tr>
<tr>
<td>
</td>
<td align="left" colspan="6">
<asp:TextBox ID="txtAnsDesc" runat="server" Height="120px" TextMode="MultiLine"
Width="937px"></asp:TextBox>
</td>
</tr>
<tr>
<td>
</td>
<td>
</td>
<td class="style3">
</td>
<td>
</td>
<td>
</td>
<td>
</td>
<td>
</td>
</tr>
<tr>
<td>
</td>
<td class="style3" colspan="3">
<asp:Button ID="Button1" runat="server" Text="Submit"
Width="156px" onclick="Button1_Click" />
<asp:Button ID="Button2" runat="server" Text="Search" Width="156px"
onclick="Button2_Click" />
<asp:Button ID="Button3" runat="server" Text="Update" Width="156px" />
<asp:Button ID="Button4" runat="server" Text="Delete" Width="156px" />
<asp:Button ID="Button5" runat="server" Text="Clear" Width="156px" />
</td>
<td>
</td>
<td>
</td>
</tr>
<tr>
<td>
</td>
<td>
</td>
<td class="style3">
</td>
<td>
</td>
<td>
</td>
<td>
</td>
<td>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
</td>
</tr>
<tr>
<td>
</td>
</tr>
<tr>
<td>
</td>
</tr>
</table>
</div>
</form>
</body>
</html>