Don't miss out Virtual Happy Hour this Friday (April 26).

Try our conversational search powered by Generative AI!



I'm just experimenting with PageObjects in CMS 6 R2 (Beta) and come across an issue. I get an exception when I try to save:


Contains potentially dangerous (SQL Injection) characters
Parameter name: storeName

Stack Trace:

[ArgumentException: Contains potentially dangerous (SQL Injection) characters
Parameter name: storeName]
EPiServer.Framework.Validator.ThrowIfContainsSqlInjectionChars(String name, String value) +191
EPiServer.Data.Dynamic.EPiServerDynamicDataStoreFactory.CreateStore(String storeName, IDictionary`2 typeBag, StoreDefinitionParameters parameters) +115
EPiServer.DataAccess.<>c__DisplayClassc.<Save>b__a() +1158
EPiServer.Data.Dynamic.Providers.<>c__DisplayClass7.<ExecuteTransaction>b__6() +428
EPiServer.Data.Dynamic.Providers.DbDataStoreProvider.InternalExecute(Func`1 method) +69
EPiServer.Data.Dynamic.Providers.DbDataStoreProvider.ExecuteTransaction(Action action) +117
EPiServer.DataAccess.DdsPageObjectRepository.Save(PageObject[] pageObjects) +2798
EPiServer.Core.PageObjectManager.InternalSave(PageObject[] pageObjects) +477
EPiServer.Core.PageObjectManager.InternalSave(String name, Object value, Nullable`1 ownerOption) +425
EPiServer.Core.PageObjectManager.Save(String name, Object value) +32
LiVIntra.Templates.Knowit.Units.Comments.btnComment_Click(Object sender, EventArgs e) in C:\EPiServer\Sites\LiVIntra\Templates\Knowit\Units\Comments.ascx.cs:85
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2981

Using Reflector I se that ThrowIfContainsSqlInjectionChars is implemented as:

public static void ThrowIfContainsSqlInjectionChars(string name, string value){

if (!string.IsNullOrEmpty(value) && (_regexSqlCommentChars.IsMatch(value) || !_regexAllowedChars.IsMatch(value))){

throw new ArgumentException("Contains potentially dangerous (SQL Injection) characters", name);



The "_regexSqlCommentChars" and "_regexAllowedChars" are empty? Anyone got an idea how to get past this (other then waiting for the official release of R2)?
Mar 16, 2011 12:43


I have very vague memories of seing something similiar when trying to add primitives or (generic) collections as page objects. You must always use a class. You could of course create a class which only has one property to carry the value you want to save.

Another vague memory has something to do with autogenerated classes, like the anonymous types generated by lambdas or classes created by the JIT compiler for the aspx/ascx.

Can you post the code where you try to add the page object causing the exception?

Mar 16, 2011 13:08

Damn... my first post was ugly formatted...


Your first vague memory was correct :-)


I was trying to save a class like this one:

    public class Comment
        public Guid CommentGuid { get; set; }
        public DateTime DatePosted { get; set; }
        public String UserName { get; set; }
        public String CommentText { get; set; }

I added another class that contains a list of "Comment":


    public class CommentsList
        public IList<Comment> Comments { get; set; }

        public CommentsList()
            Comments = new List<Comment>();

... and saving this "CommentList" as a PageObject works like a charm. Thanks for the help Magnus!

Mar 16, 2011 19:17

I'm facing the same problem when I'm trying to save the following class

        public class PomData : IDynamicData
            public bool IsSecure { get; set; }

            public Identity Id { get; set; }

Dec 13, 2012 16:16

What happens if you try to save a similar object that does not implement IDynamicData? IDynamicData is good for saving things in your own store, but could it be that it upsets the PageObject PropertyBag handling?

Dec 14, 2012 8:51

The same exception occurs. All i'm trying to do is save a boolean value as PageObject data

PomData data = new PomData();
data.Id = Identity.NewIdentity(Guid.NewGuid());
data.IsSecure = true;

pom.Save(this._propertyName, data);

Dec 14, 2012 9:00
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.