sqlexception message display causes error on page_问答_开发者

sqlexception message display causes error on page

开发者 https://www.devze.com 2023-01-13 07:46 出处：网络

I have a aspx page with several input fields(couple of int\'s and strings) and 3rd party gridview. Data is validated, and stored procedure is called from code behind to save data in DB.

I have a aspx page with several input fields(couple of int's and strings) and 3rd party gridview. Data is validated, and stored procedure is called from code behind to save data in DB.

Gridview has capability to display error box to user which can be called from code behind. So when I catch exception I give it my error message(error message is something like:"Data can't be saved to database. Error:" & ex.message and call function that displays errorbox.

Normally this works great, but (Oh, do I hate this but's) when trying to display sqlexception, I get javascript/html error on page and no error box is displayed.

I have come to conclusion that ex.message contains some characters that canot be displayed by this javascript/html errorbox.

So, I tried to use System.Web.HttpUtility.HtmlEncode(ex.message), but it didn't work.

Just out of curiosity I also did System.Web.HttpUtility.UrlEncode(ex.message) and then I was able to display the error message, but of course it had "+" instead of white spaces

Example: Cannot+insert+duplicate+key+row+in+object+'dbo.TableName'+with+unique+index+'IX_Unique_Dan'.%0d%0aThe+statement+has+b开发者_开发知识库een+terminated.

Is there a built-in way to remove unwanted characters, eofs and similar? At the moment I'm using my function named CleanString which checks chars in string. It looks like this...

For Each c As Char In value.ToCharArray()
    If (Char.IsLetterOrDigit(c)) Then
        msg = msg & c
    ElseIf (c = ".") Then
        msg = msg & "."

        .
        .
        .

    Else
        msg = msg & " "
    End If
Next

Tnx, Benxy

maybe you need to escape quotes? replace every single quote with a backslashed single quote.

can you paste the exact browser error message with the javascript/html source lines where the error is happening.

It's unlikely to be a problem with the error message and HtmlEncode(), and more likely some other javascript running on your page that's causing the issue.

Provide the error message here and we can tell for sure.

Also, is this public-facing? You really shouldn't be displaying internal errors to the user, especially not when it comes from the database, you could be opening up a security hole.