I created a web page in which i used an editor(ajax) and a button. When we click on button it saves the content of the editor in the database.
After running the code if I write something like:
Sam's pen
(used a single quote)
it gives an error unclosed quotation mark in such cases, otherwise it works fine and the content of the editor is saved in the is saved in the databse without any error.
public partial class Edit : System.Web.UI.Page
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["iora"].ConnectionString);
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
SqlCommand cmd = new SqlCommand("insert into blah(matter) values('" + Editor1.Content + "')", con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
}
and this error also occurs in TinyMCE editor and OboutSuite Editor.
Is there a way to prevent this?
Please Help..
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
public partial class Edit : System.Web.UI.Page
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["iora"].ConnectionString);
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
SqlCommand cmd = new SqlCommand("insert into blah(matter) values('" + Editor1.Content + "')", con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
}
