问题
I have text box that allows the user to enter something which is stored in the database, and then another text box which retrieves this value from the database and displays it. Currently, I have something like this:
string text = Server.HTMLDecode(userEnteredText);
//code to put this text into the database
Textbox1.Text = Server.HTMLDecode(textFromDatabase);
The Server.HTMLDecode solves any problems encountered if a user enters the ' char.
However, I noticed if a user enters "'" into the textbox, then ASP gives a error again thinking the client is entering potentially dangerous text. Is there anyway around this? I notice on most sites that this is automatically turned into a apostrophe. Any idea how I do this to avoid user input problems?
回答1:
If you're sure you want this, then set this in your web.config:
<system.web>
<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false" />
</system.web>
来源:https://stackoverflow.com/questions/14207328/htmlencode-htmldecode-and-the-apostrophe-asp-net