Insert CKEditor data to database using C# and VB.Net in ASP.Net

Last Reply 2 months ago By dharmendr

Posted 2 months ago

 I have used ckeditor this way...please check .cs code

<%@ Page Title="" Language="C#" MasterPageFile="~/Site1.Master" EnableEventValidation="false" AutoEventWireup="true" CodeBehind="WebForm7.aspx.cs" Inherits="Green_Garden.WebForm7" %>
<asp:Content ID="Content1" ContentPlaceHolderID="head" runat="server">
    <script src="https://cdn.ckeditor.com/4.9.2/standard/ckeditor.js">
   </script>
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" runat="server">
    <form id="f1">
        <table>
            <tr>
                <td><txtarea id="editor" class="editor1" name="editor1" rows="10" cols="80"></txtarea></td>
            </tr>
            <tr>
                <td><asp:Button ID="save" runat="server" OnClick="save_Click" Text="Save" /></td>
            </tr>
        </table>
    </form>
   <script>
       var editor = CKEDITOR.replace('editor');
   </script>
</asp:Content>

 

namespace Green_Garden
{
    public partial class WebForm7 : System.Web.UI.Page
    {
        SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["fkzala"].ToString());

        protected void save_Click(object sender, EventArgs e)
        {
            SqlCommand cmd = new SqlCommand("insert description(text) values(@txt)");
            con.Open();
            cmd.Connection = con;
            cmd.CommandType = CommandType.Text;
            cmd.Parameters.AddWithValue("@txt", WebUtility.HtmlEncode(Request.Form["editor"]).ToString());
            int row;
            try
            {
                row = cmd.ExecuteNonQuery();
                if (row > 0)
                {
                    Session["category"] =  Request.Form["editor"].ToString();
                    ScriptManager.RegisterStartupScript(this, GetType(), "alert", "alert('Added Successfully! ');", true);
                }
                else
                {
                    ScriptManager.RegisterStartupScript(this, GetType(), "alert", "alert('Please Add again ! ');", true);
                }
            }
            catch (Exception)
            {
                throw;
            }
            finally
            {
                if (con.State == ConnectionState.Open)
                    con.Close();
            }
        }
    }
}

 

You are viewing reply posted by: dharmendr 2 months ago.
Posted 2 months ago Modified on 2 months ago

Hi fkz2899,

Instead of using txtarea use asp TextBox and set the TextMod to MultiLine.

So that you can access the value in code behind.

Then you can insert the value in database.

Check this example. Now please take its reference and correct your code.

SQL

CREATE TABLE CKEditor
(
    Description NVARCHAR(MAX)
)

HTML

<script type="text/javascript" src="https://code.jquery.com/jquery-3.1.1.min.js"></script>
<script type="text/javascript" src="https://cdn.ckeditor.com/4.9.2/standard/ckeditor.js"></script>
<script type="text/javascript">
    $(function () {
        CKEDITOR.replace('editor');
    });
</script>
<table>
    <tr>
        <td>
            <%--<txtarea id="editor" name="editor1" runat="server">
            </txtarea>--%>
            <asp:TextBox runat="server" ID="editor" TextMode="MultiLine" />
        </td>
    </tr>
    <tr>
        <td>
            <asp:Button ID="save" runat="server" OnClick="save_Click" Text="Save" />
        </td>
    </tr>
</table>

Namespaces

C#

using System.Configuration;
using System.Data;
using System.Data.SqlClient;

VB.Net

Imports System.Configuration
Imports System.Data
Imports System.Data.SqlClient

Code

C#

protected void save_Click(object sender, EventArgs e)
{
    using (SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["constr"].ConnectionString))
    {
        using (SqlCommand cmd = new SqlCommand("INSERT INTO CKEditor (Description) VALUES(@Content)"))
        {
            cmd.CommandType = CommandType.Text;
            cmd.Parameters.AddWithValue("@Content", HttpUtility.HtmlEncode(editor.Text));
            cmd.Connection = con;
            con.Open();
            cmd.ExecuteNonQuery();
            con.Close();
        }
    }
}

VB.Net

Protected Sub save_Click(ByVal sender As Object, ByVal e As EventArgs)
    Using con As SqlConnection = New SqlConnection(ConfigurationManager.ConnectionStrings("constr").ConnectionString)
        Using cmd As SqlCommand = New SqlCommand("INSERT INTO CKEditor (Description) VALUES(@Content)")
            cmd.CommandType = CommandType.Text
            cmd.Parameters.AddWithValue("@Content", HttpUtility.HtmlEncode(editor.Text))
            cmd.Connection = con
            con.Open()
            cmd.ExecuteNonQuery()
            con.Close()
        End Using
    End Using
End Sub

Screenshot

Form

Database record after inserted with HtmlEncode and without HtmlEncode

Note: Refer the below article to avoid the error.

A potentially dangerous Request.Form value was detected from the client 

ASP.Net Error: A potentially dangerous Request.Form value was detected from the client