Wrox Programmer Forums
| Search | Today's Posts | Mark Forums Read
ASP.NET 1.0 and 1.1 Basics ASP.NET discussion for users new to coding in ASP.NET 1.0 or 1.1. NOT for the older "classic" ASP 3 or the newer ASP.NET 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 1.0 and 1.1 Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
  #1 (permalink)  
Old December 8th, 2003, 02:27 PM
Friend of Wrox
 
Join Date: Jun 2003
Location: , , USA.
Posts: 1,110
Thanks: 0
Thanked 3 Times in 3 Posts
Default Unhandled Exception

how do i catch these?

A potentially dangerous Request.QueryString value was detected from the client (h="<object>").

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

  #2 (permalink)  
Old December 8th, 2003, 03:00 PM
Friend of Wrox
 
Join Date: Jun 2003
Location: , , USA.
Posts: 1,110
Thanks: 0
Thanked 3 Times in 3 Posts
Default

I have a

Try
Catch ex As Exception
      Label1.Text = ex.ToString
End Try

but apparently an unhandled exception is different from an exception

  #3 (permalink)  
Old December 9th, 2003, 06:36 AM
Registered User
 
Join Date: Dec 2003
Location: , , .
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

try
            {
            ..........
            }
            catch(Exception ex)
            {
            ex.Message
            }

  #4 (permalink)  
Old December 9th, 2003, 09:50 AM
Friend of Wrox
 
Join Date: Jun 2003
Location: , , USA.
Posts: 1,110
Thanks: 0
Thanked 3 Times in 3 Posts
Default

I changed it to:
Try
Catch ex As Exception
      Label1.Text = ex.Message
End Try

And it still can't catch an unhandled exception when i try to put <html> in the querystring.

This is what i try to do http://localhost/cable/category.aspx?loc=1&h=<html>

but my catch statement is not catching it.

  #5 (permalink)  
Old December 9th, 2003, 09:52 AM
Friend of Wrox
 
Join Date: Jun 2003
Location: Copenhagen, , Denmark.
Posts: 440
Thanks: 0
Thanked 0 Times in 0 Posts
Default

What are you asking!? If there is a difference between Exceptions? An unhandled exception is just an Exception, which is not caught, as far as I know!

You only sended the structure of your try/catch, right?

You have included your staments like...
Code:
Request.QueryString("h")
inside your try block?

Jacob.

  #6 (permalink)  
Old December 9th, 2003, 10:55 AM
planoie's Avatar
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

I *think* you might be able to resolve this issue with the ValidateRequest attribute of the @ Page directive.

Set ValidateRequest="False" so that ASP.net doesn't check the querystring/form inputs for "dangerous" values (i.e. html, script).

Peter
------------------------------------------------------
Work smarter, not harder.
  #7 (permalink)  
Old December 9th, 2003, 11:29 AM
Friend of Wrox
 
Join Date: Jun 2003
Location: , , USA.
Posts: 1,110
Thanks: 0
Thanked 3 Times in 3 Posts
Default

This is odd:
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.QueryString value was detected from the client (h="<html>").


I tried to set up a custom exception handler:
Catch myex As HttpRequestValidationException
                Label1.Text = myex.Message

and it still throws the exception.

  #8 (permalink)  
Old December 9th, 2003, 11:32 AM
Friend of Wrox
 
Join Date: Jun 2003
Location: , , USA.
Posts: 1,110
Thanks: 0
Thanked 3 Times in 3 Posts
Default

That worked. Thanks Peter. Will it still catch dangerous sql code? Like the dreaded sql injections?

Quote:
quote:Originally posted by planoie
 I *think* you might be able to resolve this issue with the ValidateRequest attribute of the @ Page directive.

Set ValidateRequest="False" so that ASP.net doesn't check the querystring/form inputs for "dangerous" values (i.e. html, script).

Peter
------------------------------------------------------
Work smarter, not harder.
  #9 (permalink)  
Old December 9th, 2003, 12:03 PM
planoie's Avatar
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

ValidateRequest only validates what you are posting/getting from the browser. I don't know if that actually checks for SQL injections or not. If it does, then I would think you'll loose that protection as well.

Peter
------------------------------------------------------
Work smarter, not harder.
  #10 (permalink)  
Old December 9th, 2003, 12:47 PM
Authorized User
 
Join Date: Jul 2003
Location: Calgary, Alberta, Canada.
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I created a method a while back to hopefully deal with some SQL Injection attacks. I take the sql query string i have built using the uers input and run it thought the method which goes through and removed single quotes (') and replaces them with two single quotes (''). This help prevent people from breaking my query and adding dangerous sql statements... Not sure if think will help but try it out

Public Class stringBuilder

    Shared Function replaceQuote(ByVal text As String)
        'Method takes text input by user and replaces single quote with two single quotes
        ' to prevent SQL string from breaking if value is used in SQL string
        'Precondition: User must enter value through a freeform text field
        'Postcondition: Return modified string

        Dim modifiedString As String 'Declare string variable
        modifiedString = Replace(text, "'", "''") 'Replace single quote with two single quotes
        Return modifiedString 'return modified string
    End Function

End Class


there is no place like 127.0.0.1




Similar Threads
Thread Thread Starter Forum Replies Last Post
unhandled exception dipakp ASP.NET 2.0 Professional 1 July 6th, 2007 02:16 PM
Null reference exception was unhandled labby C# 2005 0 April 24th, 2007 06:14 AM
Unhandled NullReference Exception dheeraj1053 C# 1 May 30th, 2006 05:55 PM
Unhandled NullReference Exception MAKO C# 1 April 19th, 2006 05:46 AM
Unhandled Exception: mbarrett C# 3 August 1st, 2003 05:25 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.