Five New Optimizely Certifications are Here! Validate your expertise and advance your career with our latest certification exams. Click here to find out more
AI OnAI Off
SQL injection exception when creating dynamic data store
The storeName will use the full namespace of your ProjectVisits class. Does this contain any special characters? I think that only characters a-z, 0-9, '.', and '_' are allowed for security reasons
Oct 20, 2011 13:10
Guess ProjectVisits is a class defined inside another class. That will mess up the namespace with _
just move the class outside and dont have any spesial characters in the namespace
Oct 20, 2011 14:04
Hello and thanks for your reply! I had invalid characters in the namespace, so I provided a name for the store and the problem was solved.
Oct 20, 2011 15:04
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
Hello!
I'm trying to create a Dynamic Data Store in Episerver CMS6 to store number of visits to certain pages, but I'm getting the following exception:
Exception Details: System.ArgumentException: Contains potentially dangerous (SQL Injection) characters
Parameter name: storeName
My code looks like this:
protected List<ProjectVisits> GetProjectsVisitsInfo()
{
var store = DynamicDataStoreFactory.Instance.GetStore(typeof(ProjectVisits));
if (store == null)
{
DynamicDataStoreFactory.Instance.CreateStore(typeof(ProjectVisits));
return new List<ProjectVisits>();
}
return store.LoadAll<ProjectVisits>().ToList();
}
public class ProjectVisits:IDynamicData
{
public string LinkURL { get; set; }
public int NumberOfVisits { get; set; }
public int PageID { get; set; }
public EPiServer.Data.Identity Id
{
get;
set;
}
}
The exception occurs specifically when I try to create the store. Any ideas?
Thanks!
/Kenia