Hi there,
I m doing work on a gridview and Im getting an error:
A potentially dangerous Request.Form value was detected from the client (ctl00$Content$ GridView1$ctl03 $TextBox1="<spa n class='txtColo. ..")
Im using an access database. and when ever I try to update this it doesnt work.
Problem lies in this section..
Please do have a look
TextBox1 which is bind with a value
Can any one help please :)
Thank you
Regards,
Ahmed
I m doing work on a gridview and Im getting an error:
A potentially dangerous Request.Form value was detected from the client (ctl00$Content$ GridView1$ctl03 $TextBox1="<spa n class='txtColo. ..")
Im using an access database. and when ever I try to update this it doesnt work.
Code:
<%@ Page Language="C#" MasterPageFile="Mysite.master" Title="Untitled Page" %>
<script runat = "server">
protected void Page_Load(object sender, EventArgs e)
{
Label7.Visible = false;
if (!IsPostBack)
{
this.DataBind();
}
}
protected void GridView1_SelectedIndexChanged(object sender, EventArgs e)
{
}
protected void Button1_Click1(object sender, EventArgs e)
{
Label7.Visible = false;
GridView1.FooterRow.Visible = false;
try
{
string page = ((DropDownList)GridView1.FooterRow.FindControl("DropDownList2")).SelectedItem.Value.ToString();
string val = ((TextBox)GridView1.FooterRow.FindControl("ValueBox")).Text;
string sBox = ((DropDownList)GridView1.FooterRow.FindControl("SectionBox")).Text;
if ((page != "Select") && (val != "") && (sBox != "Selet"))
{
int page1 = Convert.ToInt32(page);
int sbox1 = Convert.ToInt32(sBox);
DataSet2TableAdapters.Page_ContentTableAdapter pcAdap = new DataSet2TableAdapters.Page_ContentTableAdapter();
pcAdap.Insert(page1, sbox1, val);
DataBind();
}
else
{
GridView1.FooterRow.Visible = true;
Label7.Visible = true;
Label7.Text = "Error : Please select the specified fields and fill the value";
}
}
catch (Exception e1)
{
Label7.Text = "Error : " + e1;
}
}
protected void DropDownList1_SelectedIndexChanged(object sender, EventArgs e)
{
GridView1.FooterRow.Visible = true;
try
{
string ID = ((DropDownList)GridView1.HeaderRow.FindControl("DropDownList1")).Text;
int cID = Convert.ToInt32(ID);
if (cID != 0)
{
DataSet2TableAdapters.PageTableAdapter pAdapt = new DataSet2TableAdapters.PageTableAdapter();
//pAdapt.GetDataBydata(cID);
((DropDownList)GridView1.FooterRow.FindControl("DropDownList2")).DataSource = pAdapt.GetSelectedDataBy(cID);
((DropDownList)GridView1.FooterRow.FindControl("DropDownList2")).DataTextField = "Name";
((DropDownList)GridView1.FooterRow.FindControl("DropDownList2")).DataValueField = "ID";
((DropDownList)GridView1.FooterRow.FindControl("DropDownList2")).DataBind();
DataSet2TableAdapters.Page_DetailTableAdapter pdAdapt = new DataSet2TableAdapters.Page_DetailTableAdapter();
((DropDownList)GridView1.FooterRow.FindControl("SectionBox")).DataSource = pdAdapt.GetDataByPageType(cID);
((DropDownList)GridView1.FooterRow.FindControl("SectionBox")).DataTextField = "Section Name";
((DropDownList)GridView1.FooterRow.FindControl("SectionBox")).DataValueField = "ID";
((DropDownList)GridView1.FooterRow.FindControl("SectionBox")).DataBind();
}
else
{
GridView1.FooterRow.Visible = false;
}
}
catch (Exception e1)
{
GridView1.FooterRow.Visible = true;
Label7.Visible = true;
Label7.Text = "Error : " + e1;
}
}
protected void DropDownList2_SelectedIndexChanged(object sender, EventArgs e)
{
}
protected void Button2_Click(object sender, EventArgs e)
{
GridView1.FooterRow.Visible = false;
}
protected void LinkButton1_Click(object sender, EventArgs e)
{
}
protected void DropDownList3_SelectedIndexChanged(object sender, EventArgs e)
{
}
protected void GridView1_SelectedIndexChanged1(object sender, EventArgs e)
{
}
</script>
<asp:Content ID="Content2" ContentPlaceHolderID="Content" Runat="Server">
<asp:GridView ID="GridView1" runat="server" AllowPaging="True" AllowSorting="True"
AutoGenerateColumns="False" CellPadding="4" DataKeyNames="ID" DataSourceID="AccessDataSource1"
ForeColor="#333333" GridLines="None" OnSelectedIndexChanged="GridView1_SelectedIndexChanged1">
<FooterStyle BackColor="#507CD1" Font-Bold="True" ForeColor="White" />
<Columns>
<asp:TemplateField HeaderText="Page" SortExpression="Page">
<EditItemTemplate>
<asp:DropDownList ID="DropDownList3" runat="server" AppendDataBoundItems="True" DataSourceID="PageDataSource1"
DataTextField="Page Name" DataValueField="Page" Font-Size="Smaller" OnSelectedIndexChanged="DropDownList3_SelectedIndexChanged"
SelectedValue='<%# Bind("Page") %>'>
<asp:ListItem Value="0">Select</asp:ListItem>
</asp:DropDownList><asp:AccessDataSource ID="PageDataSource1" runat="server" DataFile="~/App_Data/database.mdb"
SelectCommand="SELECT Page.ID AS Page, Page.Name AS [Page Name] FROM (Page INNER JOIN [Page Type] ON Page.[Page Type] = [Page Type].ID) ">
</asp:AccessDataSource>
</EditItemTemplate>
<HeaderTemplate>
<asp:DropDownList ID="DropDownList1" runat="server" AppendDataBoundItems="True"
AutoPostBack="True" DataSourceID="PageDataSource1" DataTextField="Page Type"
DataValueField="ID" OnSelectedIndexChanged="DropDownList1_SelectedIndexChanged">
<asp:ListItem Value="0">Select</asp:ListItem>
</asp:DropDownList><br />
<br />
<asp:Label ID="Label6" runat="server" Text="Page"></asp:Label>
<asp:Label ID="Label5" runat="server" Text="Page Type"></asp:Label>
<asp:ObjectDataSource ID="PageDataSource1" runat="server" DeleteMethod="Delete" InsertMethod="Insert"
OldValuesParameterFormatString="original_{0}" SelectMethod="GetData" TypeName="DataSet2TableAdapters.Page_TypeTableAdapter"
UpdateMethod="Update">
<DeleteParameters>
<asp:Parameter Name="Original_ID" Type="Int32" />
<asp:Parameter Name="Original_Page_Type" Type="String" />
<asp:Parameter Name="Original_Description" Type="String" />
<asp:Parameter Name="Original_Page_Path" Type="String" />
<asp:Parameter Name="Original_Rank" Type="Int32" />
<asp:Parameter Name="Original_Show_Menu" Type="Boolean" />
<asp:Parameter Name="Original_Template" Type="Int32" />
</DeleteParameters>
<UpdateParameters>
<asp:Parameter Name="Page_Type" Type="String" />
<asp:Parameter Name="Description" Type="String" />
<asp:Parameter Name="Page_Path" Type="String" />
<asp:Parameter Name="Rank" Type="Int32" />
<asp:Parameter Name="Show_Menu" Type="Boolean" />
<asp:Parameter Name="Template" Type="Int32" />
<asp:Parameter Name="Original_ID" Type="Int32" />
<asp:Parameter Name="Original_Page_Type" Type="String" />
<asp:Parameter Name="Original_Description" Type="String" />
<asp:Parameter Name="Original_Page_Path" Type="String" />
<asp:Parameter Name="Original_Rank" Type="Int32" />
<asp:Parameter Name="Original_Show_Menu" Type="Boolean" />
<asp:Parameter Name="Original_Template" Type="Int32" />
</UpdateParameters>
<InsertParameters>
<asp:Parameter Name="Page_Type" Type="String" />
<asp:Parameter Name="Description" Type="String" />
<asp:Parameter Name="Page_Path" Type="String" />
<asp:Parameter Name="Rank" Type="Int32" />
<asp:Parameter Name="Show_Menu" Type="Boolean" />
<asp:Parameter Name="Template" Type="Int32" />
</InsertParameters>
</asp:ObjectDataSource>
</HeaderTemplate>
<FooterTemplate>
<asp:DropDownList ID="DropDownList2" runat="server" AppendDataBoundItems="True" OnSelectedIndexChanged="DropDownList2_SelectedIndexChanged"
Width="130px">
<asp:ListItem Value="0">Select</asp:ListItem>
</asp:DropDownList>
</FooterTemplate>
<ItemTemplate>
<asp:Label ID="Label1" runat="server" Text='<%# Bind("[Page Name]") %>'></asp:Label>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="Page Section" SortExpression="Page Section">
<EditItemTemplate>
<asp:DropDownList ID="DropDownList4" runat="server" DataSourceID="SectionDataSource2"
DataTextField="Section Name" DataValueField="Section ID" SelectedValue='<%# Bind("[Page Section]") %>'
Width="155px">
</asp:DropDownList><asp:AccessDataSource ID="SectionDataSource2" runat="server" DataFile="~/App_Data/database.mdb"
SelectCommand="SELECT DISTINCT [Page Detail].[Section Name], [Page Detail].ID AS [Section ID] FROM ([Page Content] INNER JOIN [Page Detail] ON [Page Content].[Page Section] = [Page Detail].ID)">
</asp:AccessDataSource>
</EditItemTemplate>
<FooterTemplate>
<asp:DropDownList ID="SectionBox" runat="server" AppendDataBoundItems="True">
<asp:ListItem Value="0">Select</asp:ListItem>
</asp:DropDownList>
</FooterTemplate>
<ItemTemplate>
<asp:Label ID="Label2" runat="server" Text='<%# Bind("[Section Name]") %>'></asp:Label>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="Value" SortExpression="Value">
Please do have a look
TextBox1 which is bind with a value
Code:
<EditItemTemplate>
<asp:TextBox ID="TextBox1" runat="server" Text='<%# Bind("Value") %>'
TextMode="MultiLine"></asp:TextBox>
</EditItemTemplate>
<FooterTemplate>
<asp:TextBox ID="ValueBox" runat="server" TextMode="MultiLine"></asp:TextBox>
</FooterTemplate>
<ItemTemplate>
<asp:TextBox ID="TextBox4" runat="server" BorderColor="Transparent"
BorderStyle="None" ForeColor="Transparent" MaxLength="256" ReadOnly="True"
Rows = "2" Text='<%# Bind("Value", "{0}") %>' TextMode="MultiLine" AutoCompleteType="Notes" Enabled="False" EnableTheming="False"></asp:TextBox>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="ID" InsertVisible="False" ShowHeader="False" SortExpression="ID"
Visible="False">
<EditItemTemplate>
<asp:Label ID="EditLabel1" runat="server" Text='<%# Eval("ID") %>'></asp:Label>
</EditItemTemplate>
<ItemTemplate>
<asp:Label ID="Label4" runat="server" Text='<%# Bind("ID") %>'></asp:Label>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField ShowHeader="False">
<EditItemTemplate>
<asp:LinkButton ID="LinkButton1" runat="server" CausesValidation="True" CommandName="Update"
Text="Update"></asp:LinkButton>
<asp:LinkButton ID="LinkButton2" runat="server" CausesValidation="False" CommandName="Cancel"
Text="Cancel"></asp:LinkButton>
</EditItemTemplate>
<FooterTemplate>
<asp:Button ID="Button1" runat="server" OnClick="Button1_Click1"
Text="Insert" />
<asp:Button ID="Button2" runat="server" OnClick="Button2_Click"
Text="Cancel" Width="53px" />
</FooterTemplate>
<ItemTemplate>
<asp:LinkButton ID="LinkButton1" runat="server" CausesValidation="False" CommandName="Edit"
OnClick="LinkButton1_Click" Text="Edit"></asp:LinkButton>
<asp:LinkButton ID="LinkButton2" runat="server" CausesValidation="False" CommandName="Delete"
Text="Delete"></asp:LinkButton>
</ItemTemplate>
</asp:TemplateField>
</Columns>
<RowStyle BackColor="#EFF3FB" />
<EditRowStyle BackColor="#2461BF" />
<SelectedRowStyle BackColor="#D1DDF1" Font-Bold="True" ForeColor="#333333" />
<PagerStyle BackColor="#2461BF" ForeColor="White" HorizontalAlign="Center" />
<HeaderStyle BackColor="#507CD1" Font-Bold="True" ForeColor="White" />
<AlternatingRowStyle BackColor="White" />
</asp:GridView>
<asp:Label ID="Label7" runat="server" Font-Bold="True" Font-Names="Courier New"
Text="Label"></asp:Label>
<asp:AccessDataSource ID="AccessDataSource1" runat="server" DataFile="~/App_Data/database.mdb"
DeleteCommand="DELETE FROM [Page Content] WHERE (ID = ?)" SelectCommand="SELECT PC.Page, PC.[Page Section], PC.[Value], PC.ID, P.Name AS [Page Name], PD.[Section Name] FROM (([Page Content] PC INNER JOIN Page P ON PC.Page = P.ID) INNER JOIN [Page Detail] PD ON PC.[Page Section] = PD.ID)"
UpdateCommand="UPDATE [Page Content] SET Page = ?, [Page Section] = ?, [Value] = ? WHERE (ID = ?)">
</asp:AccessDataSource>
</asp:Content>
Thank you
Regards,
Ahmed
Comment