Saving CKEditor data to database in ASP.Net

Question

0.00/5 (No votes)

See more:

Hey guys, help please...

i am using CKEditor in ASP.Net Website, i want to store the value of CKEditor to the database.

but it's giving errors while storing.

Here is my aspx code:

ASP.NET

<%@ Page Title="" Language="C#" MasterPageFile="~/Admin.master" AutoEventWireup="true" CodeFile="new_article.aspx.cs" Inherits="post_article" validateRequest="false" %>
<%@ Register Assembly="CKEditor.NET" Namespace="CKEditor.NET" TagPrefix="CKEditor" %>

<asp:Content ID="Content1" ContentPlaceHolderID="head" Runat="Server">
   <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
<script type="text/javascript" src="~/ckeditor/ckeditor.js"></script>
<script type="text/javascript" src="~/ckeditor/adapters/jquery.js"></script>
   
</asp:Content>

<asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server">
    <div class="content">
       <asp:TextBox ID="txtTitle" CssClass="txtTitle" runat="server" placeholder="Enter title here..."></asp:TextBox>
        
        <p style="width:80%; margin:10px;">
            <CKEditor:CKEditorControl ID="txtPost"  Height="200" BasePath="~/ckeditor/"  runat="server" Toolbar="Basic" ClientIDMode="Inherit">
           </CKEditor:CKEditorControl>
        </p>

        <asp:Button ID="btnPost" CssClass="btn" runat="server" Text="Post" OnClick="btnPost_Click" />

        <asp:Label ID="lblStatus" runat="server" Text=""></asp:Label>
    </div>

        
</asp:Content>

here is my code behind:

C#

protected void btnPost_Click(object sender, EventArgs e)
    {

        string str = HttpUtility.HtmlEncode(txtPost.Text);
        
        //perform user defined checks
        if (txtTitle.Text == "" || txtPost.Text == "")
        {
            lblStatus.Text = "Title or Post Content is Missing !";
        }
        else
        {
            string insertSQL = "INSERT INTO user_posts (";
            insertSQL += "post_title, post_data, post_date, user_id) ";
            insertSQL += "VALUES (";
            insertSQL += "@post_title, @post_data, GETDATE(), @user_id) ";

            SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\v11.0;AttachDbFileName=|DataDirectory|\Database.mdf;Integrated Security=True;MultipleActiveResultSets=True");
            SqlCommand cmd = new SqlCommand(insertSQL, con);

            //Add Parameters
            cmd.Parameters.AddWithValue("@post_title", txtTitle.Text);
            cmd.Parameters.AddWithValue("@post_data", str);
            cmd.Parameters.AddWithValue("@user_id", "1");

            //Insertion
            int added = 0;

            try
            {
                con.Open();
                added = cmd.ExecuteNonQuery();
                lblStatus.Text = "Article Posted Successfully !";
            }

            catch (Exception err)
            {
                lblStatus.Text = err.Message;
            }
        }


    }

here i tried:

C#

string str = txtPost.Text

to store the data in database,

but In the post_data column of the database only the following text is posted:
CKEditor.NET.CKEditorControl

i encoded the data, as shown in code.

C#

string str = HttpUtility.HtmlEncode(txtPost.Text);

but still In the post_data column of the database only the following text is posted:
CKEditor.NET.CKEditorControl

Tried all the database fields like varchar(MAX), nvarchar(MAX), text() but all in vain. the error is same always, please guide me for this.

i tried using txtPost.Value, but value is not a member of CKEditor namespace.

here is my DB structure:

SQL

CREATE TABLE [dbo].[user_posts] (
    [post_id]    INT           IDENTITY (1, 1) NOT NULL,
    [post_title] VARCHAR (50)  NOT NULL,
    [post_data]  VARCHAR (MAX) NOT NULL,
    [post_date]  DATE          NOT NULL,
    [user_id]    INT           NOT NULL,
    PRIMARY KEY CLUSTERED ([post_id] ASC),
    FOREIGN KEY ([user_id]) REFERENCES [dbo].[user_details] ([user_id])
);

Posted 3-Oct-13 23:04pm

Arsh Pareek

Updated 3-Oct-13 23:28pm

v5

Add a Solution

Comments

Harshil_Raval 4-Oct-13 5:15am

One of your field exceed length. Can you post your db structure. or check twice, your field have enough space to store value.

Arsh Pareek 4-Oct-13 5:18am

as i told you, i tried each of the datatype. but getting same error.

updated the question,, check please

Harshil_Raval 4-Oct-13 5:34am

try to change yourpost_date datatype from Date to DateTime.
or do this...
DateTime dt = DateTime.Today;
string insertSQL = "INSERT INTO user_posts (";
insertSQL += "post_title, post_data, post_date, user_id) ";
insertSQL += "VALUES (";
insertSQL += "@post_title, @post_data, @post_date, @user_id) ";

SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\v11.0;AttachDbFileName=|DataDirectory|\Database.mdf;Integrated Security=True;MultipleActiveResultSets=True");
SqlCommand cmd = new SqlCommand(insertSQL, con);

//Add Parameters
cmd.Parameters.AddWithValue("@post_title", txtTitle.Text.Trim());
cmd.Parameters.AddWithValue("@post_data", str);
cmd.Parameters.AddWithValue("@post_date",dt);
cmd.Parameters.AddWithValue("@user_id", "1");

see if it works.

Arsh Pareek 4-Oct-13 5:44am

bro i solved that problem, but there is a new problem now,

i have to immune myself from XSS, so please guide me with this.. as i have to disallow some tags like <script> </script> how will this be done

Harshil_Raval 4-Oct-13 5:48am

No idea about this. Better is to create another post regarding this query, so that other can answer it.

Arsh Pareek 4-Oct-13 5:54am

okay thanks buddy, thanks for the fast response.

iteleh 9-Feb-17 5:19am

ok thanks

iteleh 9-Feb-17 5:20am

ok

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Arsh Pareek · Accepted Answer · 2013-10-03T23:35:00

hey guys corrected it myself. thanks for the reply Harshil.

i was making some silly mistakes. now everything is working.

i had to remove the httpencode function, as it was creating the problem.

Now i am using txtPost.Text only.

but i think now i am open to XSS attacks, so will have to search some solution for that.