Try our conversational search powered by Generative AI!

SQL injection exception when creating dynamic data store



I'm trying to create a Dynamic Data Store in Episerver CMS6 to store number of visits to certain pages, but I'm getting the following exception:

Exception Details: System.ArgumentException: Contains potentially dangerous (SQL Injection) characters
Parameter name: storeName

My code looks like this:

 protected List<ProjectVisits> GetProjectsVisitsInfo()
            var store = DynamicDataStoreFactory.Instance.GetStore(typeof(ProjectVisits));

            if (store == null)
                return new List<ProjectVisits>();

            return store.LoadAll<ProjectVisits>().ToList();



public class ProjectVisits:IDynamicData
        public string LinkURL { get; set; }
        public int NumberOfVisits { get; set; }
        public int PageID { get; set; }

        public EPiServer.Data.Identity Id

The exception occurs specifically when I try to create the store. Any ideas?


Oct 20, 2011 11:40

The storeName will use the full namespace of your ProjectVisits class. Does this contain any special characters? I think that only characters a-z, 0-9, '.', and '_' are allowed for security reasons

Oct 20, 2011 13:10

Guess ProjectVisits is a class defined inside another class. That will mess up the namespace with _

just move the class outside and dont have any spesial characters in the namespace

Oct 20, 2011 14:04

Hello and thanks for your reply! I had invalid characters in the namespace, so I provided a name for the store and the problem was solved.

Oct 20, 2011 15:04
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.