asp.net dynamic data application won't accept input with "<" in it

Question

I'm new to using asp.net dynamic data apps.. I just generated a simple app from my schema, and in one table I'm trying to insert a record where one of the fields is a varchar(255) field. I am finding that any input that has the "<" character in it will cause the app to throw an error when you try to save it, with the exception being if "<" is the last character in the input string.

Since the editinsert function is some ajax based call, it just gives me a generic javascript error indicating whatever webservice it tried to hit for the update threw a 500 error and I have no idea how to debug this.

Answer 1

I would guess it's one of two things:

1 - You're triggering asp.net's built-in request validation. You can turn it off by adding the following to your page:

<%@ Page validateRequest="false" %>

(You can read more about it at http://www.asp.net/%28S%28ywiyuluxr3qb2dfva1z5lgeg%29%29/learn/whitepapers/request-validation/)

OR

2 - You're not using parameterized SQL querys so your doing something like:

"SELECT * FROM Customers WHERE FirstName = " + input

And this is causing invalid SQL when "input" has an SQL operator in it (such as ">")