I am building a web site similar to Craigslist. I would like to know how to store the html formatted text (bold / italics / font size etc) in a sql 2008 database?
In order words, the user would enter their text, format it with font size, bold etc and save the information. Whats the most efficient way to store that in a database?
Save it to a nvarchar(max) field. Make sure you use parameterized queries for security. Read http://www.aspnet101.com/2007/03/parameterized-queries-in-asp-net/
Make sure only to allow a certain limited number of HTML tags or else you risk getting a cross script injection.
For example, don t allow your user to input <script> or <style> tags. I suggest you read more about cross script injection before you move on! Good luck
I would probably just store the ad text as a nvarchar(max) datatype
I would simply stuff it, as is, into a NVARCHAR(MAX) field.
Of course, you would use a parameterized query for this.
I would say just use a NVARCHAR(max) or Text data type as opposed to the XML data type.
This will allow easy access to the content where as the xml datatype would need converted somewhere along the line.
I would put it in a nvarchar(MAX) field if you are using SQL Server 2008 or above otherwise. If you are using SQL Server 2005 or lower and if the number of characters will be below 2000 you could use an nvarchar(2000) type. If that is too restricting use a text type.
In my webpages I have references to js and images as such: "../../Content/Images/"Filename" In my code if I reference a file as above, it doesnt work so i have to write: "c:/miscfiles/"filename" 1-...
I m the only developer in my company, and am getting along well as an autodidact, but I know I m missing out on the education one gets from working with and having code reviewed by more senior devs. ...
Heres the problem, In Masterpage, the google analytics code were pasted before the end of body tag. In ASPX page, I need to generate a script (google addItem tracker) using codebehind ClientScript ...
I m looking for best practices here. Sorry. I know it s subjective, but there are a lot of smart people here, so there ought to be some "very good" ways of doing this. I have a custom object called ...
I am implementing Transaction using TransactionScope with the help this MSDN article http://msdn.microsoft.com/en-us/library/system.transactions.transactionscope.aspx I just want to confirm that is ...
i have the following base controller... public class BaseController : Controller { protected override void Initialize(System.Web.Routing.RequestContext requestContext) { if (...
For what it is necessary Microsoft.Contracts namespace in asp.net? I mean, in what cases I could write using Microsoft.Contracts;?
I d like to add a simple separator line in an aspx web form. Does anyone know how? It sounds easy enough, but still I can t manage to find how to do it.. 10x!
