Tuesday, August 25, 2009

Sqlparameter is already contained by another Sqlparameter Collection

"Sqlparameter is already contained by another Sqlparameter Collection" --This
is the problem I faced last week while I created two SqlCommand. First one, to
find the variable Id 'a' and second one pass that 'a' to the stored procedure.

The solution, I added the SqlCommand.Parameters.Clear() to the code and the problem gone.
As you can in the code, I created SqlCommand Command and should be destroyed at the end because
C# is the managed language that handles garbage collections.

Code example:

SqlConnection conn =
new SqlConnection(DataAccess.GetConnectionString());
string strSQLCommand =
"select Id from Schools WHERE SchoolName= '" + name + "'";
SqlCommand command =
new SqlCommand(strSQLCommand, conn);
int a = Convert.ToInt32(command.ExecuteScalar());
//write this line of code before using another command execute function
command.Parameters.Clear();
...................................................
...................................................
SqlDataReader rdr = null;

SqlCommand cmd = new SqlCommand("dbo.GetSchoolName", conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add("@ID", SqlDbType.Int).Value = a;
rdr = cmd.ExecuteReader();
...................................................
...................................................
Happy Coding !!!
Posted by at No comments:
Labels: ,

Wednesday, August 5, 2009

A potentially dangerous Request.Form value was detected from the client

I had a run time error on my web application last week . It was a request form application whichhas user input testboxes. When I looked into event viewer on the server, the actual problem was:

A Potentially dangerous Request.Form value was detected from the client.

Basically it means that you can't post values containing HTML ( or script ) tags to the server.

In other words - if you have a textbox and the visitor enters something like :
and then presses Submit button this error will occur since the posted value(s) contains HTML tags.

There are different solutions to solve thhis problem, you can read more at ASP.Net site. Many People suggests changing web.config file which is a bad solutions since it'll affect all pages on your Site.

The simple solution is add a tag validateRequest="false" into the Page-directive on top of the page. When request validation is disabled, content can be submitted to a page but developer should ensure that content is properly encoded or processed.


Happy Programming!!

Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)