8

我正在使用 ozeki ng SMS 网关。我无法向任何手机发送任何短信。请帮我通过网络向手机发送短信

从客户端检测到潜在危险的 Request.Form 值 (textboxError="。设置此值后,您可以通过在 Page 指令或配置部分中设置 validateRequest="false" 来禁用请求验证。但是,它是强建议您的应用程序在这种情况下明确检查所有输入。有关详细信息,请参阅http://go.microsoft.com/fwlink/?LinkId=153133

异常详细信息:System.Web.HttpRequestValidationException:从客户端检测到潜在危险的 Request.Form 值(textboxError="

我的cs文件是

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Net;
using System.Text.RegularExpressions;

public partial class _Default : System.Web.UI.Page 
{


    protected void Page_Load(object sender, EventArgs e)
    {
        textboxRecipient.Width = 400;
        textboxMessage.Width = 450;
        textboxMessage.Rows = 10;
        textboxError.Width = 400;
        textboxError.Rows = 5;

        textboxError.ForeColor = System.Drawing.Color.Red;
        textboxError.Visible = false;
        textboxError.Text = "";

        if (!Page.IsPostBack)
        {
            textboxRecipient.Text = "+441234567";
            textboxMessage.Text = "Hello World!";
        }
    }

    protected void buttonSendOnClick(object sender, EventArgs e)
    {
        //are required fields filled in:
        if (textboxRecipient.Text == "")
        {
            textboxError.Text += "Recipient(s) field must not be empty!\n";
            textboxError.Visible = true;
            return;
        }

        //we creating the necessary URL string:
        string ozSURL = "http://127.0.0.1"; //where Ozeki NG SMS Gateway is running
        string ozSPort = "9501"; //port number where Ozeki NG SMS Gateway is listening
        string ozUser = HttpUtility.UrlEncode("admin"); //username for successful login
        string ozPassw = HttpUtility.UrlEncode("admin"); //user's password
        string ozMessageType = "SMS:TEXT"; //type of message
        string ozRecipients = HttpUtility.UrlEncode(textboxRecipient.Text); //who will get the message
        string ozMessageData = HttpUtility.UrlEncode(textboxMessage.Text); //body of message

        string createdURL = ozSURL + ":" + ozSPort + "/httpapi" +
            "?action=sendMessage" +
            "&username=" + ozUser +
            "&password=" + ozPassw +
            "&messageType=" + ozMessageType +
            "&recipient=" + ozRecipients +
            "&messageData=" + ozMessageData;

        try
        {
            //Create the request and send data to Ozeki NG SMS Gateway Server by HTTP connection
            HttpWebRequest myReq = (HttpWebRequest)WebRequest.Create(createdURL);

            //Get response from Ozeki NG SMS Gateway Server and read the answer
            HttpWebResponse myResp = (HttpWebResponse)myReq.GetResponse();
            System.IO.StreamReader respStreamReader = new System.IO.StreamReader(myResp.GetResponseStream());
            string responseString = respStreamReader.ReadToEnd();
            respStreamReader.Close();
            myResp.Close();

            //inform the user
            textboxError.Text = responseString;
            textboxError.Visible = true;
        }
        catch (Exception)
        {
            //if sending request or getting response is not successful Ozeki NG SMS Gateway Server may do not run
            textboxError.Text = "Ozeki NG SMS Gateway Server is not running!";
            textboxError.Visible = true;
        }

    }
}

我的asp页面是

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Ozeki NG SMS Gateway Message Sending Example</title>
</head>
<body>
    <center>
    <form id="smsdata" runat="server">
        <asp:Table id="smstable" runat="server" style="text-align:left; border-width:thin; border-color:Silver;" BorderStyle="Solid">
            <asp:TableRow>
                <asp:TableCell ColumnSpan="2">
                    <b>Compose a message:</b>
                    <br />
                    <br />
                </asp:TableCell>
            </asp:TableRow>
            <asp:TableRow>
                <asp:TableCell HorizontalAlign="Left" VerticalAlign="Top">
                    <asp:Label ID="labelRecipient" runat="server" Text="Recipient: "></asp:Label>
                </asp:TableCell>
                <asp:TableCell>
                    <asp:TextBox ID="textboxRecipient" runat="server"></asp:TextBox>
                </asp:TableCell>
            </asp:TableRow>
            <asp:TableRow>
                <asp:TableCell HorizontalAlign="Left" VerticalAlign="Top">
                    <asp:Label ID="labelMessage" runat="server" Text="Message Text: "></asp:Label>
                </asp:TableCell>
                <asp:TableCell>
                    <asp:TextBox ID="textboxMessage" runat="server" TextMode="MultiLine"></asp:TextBox>
                </asp:TableCell>
            </asp:TableRow>
            <asp:TableRow>
                <asp:TableCell ColumnSpan="2" HorizontalAlign="Center">
                    <asp:Button ID="buttonSend" runat="server" Text="Send Message" OnClick="buttonSendOnClick" />
                </asp:TableCell>
            </asp:TableRow>
            <asp:TableRow>
                <asp:TableCell ColumnSpan="2" HorizontalAlign="Center">
                    <asp:TextBox ID="textboxError" runat="server" BorderStyle="None" TextMode="MultiLine"></asp:TextBox>
                </asp:TableCell>
            </asp:TableRow>
        </asp:Table>
    </form>
    </center>
</body>
</html>

如何获取发送到数据库的准备好的查询

当使用实现Python 数据库 API 规范的pyodbc等数据库库时,如何在应用参数替换后获得完全准备好的查询。我正在调用一个 Sybase 存储过程,它将通过参数替换接收 18 个参数。我想捕获实际调用并将其记录下来以帮助调试。我需要的一个更简单的例子:

pyodbc 示例

import pyodbc
conn = pyodbc.connect('DSN=test;PWD=password')
c = conn.cursor()
c.execute('CREATE TABLE stocks (symbol varchar(10), price real)')
c.execute("INSERT INTO stocks VALUES (?, ?)", ('RHAT', 35.14))
c.execute('SELECT * FROM stocks WHERE symbol=?', ('RHAT',))
print c.fetchone()

预期的最终查询(待记录)

CREATE TABLE stocks (symbol varchar(10), price real)
INSERT INTO stocks VALUES ('RHAT', 35.14)
SELECT * FROM stocks WHERE symbol = 'RHAT'

sqlite3 示例

import sqlite3
conn = sqlite3.connect(':memory:')
c = conn.cursor()
c.execute('CREATE TABLE stocks (symbol text, price real)')
c.execute("INSERT INTO stocks VALUES (?, ?)", ('RHAT', 35.14))
c.execute('SELECT * FROM stocks WHERE symbol=?', ('RHAT',))
print c.fetchone()

我放了 sqlite3 示例,因为它不需要 pyodbc 来试用。

更新

似乎当使用准备好的语句时,将数据填充到模板中的过程是在 DBMS 中的服务器端完成的。如user581592's answer中所述,经常没有方法或api可以从服务器获取查询的最终版本。其他值得注意的链接是pyodbc 上的第 163 期,进一步讨论了这一点。此外,像 psycopg 这样的一些数据库库添加了一个mogrify方法,该方法将返回最终语句。但正如他们的文档中提到的,这不是 DB API 的一部分。

4

4 回答 4

19

您的问题是您的字段之一 (textboxError) 的值包含 XML 或 HTML 样式的标记,默认情况下不允许使用这些标记,以避免开发人员在其应用程序中引入潜在的安全问题。

错误信息中给出了解决方案;您需要validateRequest="false"在顶部(示例中省略)或 web.config 中添加 @Page 指令。

请注意,如果您使用的是 .net 4,则需要从 2.0 退回到验证模式,只需稍微更改 web.config 并添加:

<system.web>
    <httpRuntime requestValidationMode="2.0" />
</system.web>

有关 requestValidationMode的更多信息,请参阅有关 requestValidationMode 的MSDN 文章。

于 2013-07-11T10:56:34.380 回答
2

您的问题是您的字段之一 (textboxError) 的值包含 XML 或 HTML 样式的标记,默认情况下不允许使用这些标记,以避免开发人员在其应用程序中引入潜在的安全问题。

错误信息中给出了解决方案;你需要添加

  [HttpPost]
  [ValidateInput(false)]

在控制器中

于 2015-10-12T06:59:23.040 回答
1

我找到了以下解决方案,使您只能在一个字段上禁用验证!(我不想为整个页面禁用它)

VB.net:

Public Class UnvalidatedTextBox
    Inherits TextBox
    Protected Overrides Function LoadPostData(postDataKey As String, postCollection As NameValueCollection) As Boolean
        Return MyBase.LoadPostData(postDataKey, System.Web.HttpContext.Current.Request.Unvalidated.Form)
    End Function
End Class

C#:

public class UnvalidatedTextBox : TextBox
{
    protected override bool LoadPostData(string postDataKey, NameValueCollection postCollection)
    {
        return base.LoadPostData(postDataKey, System.Web.HttpContext.Current.Request.Unvalidated.Form);
    }
}

现在只需使用<prefix:UnvalidatedTextBox id="test" runat="server" />而不是<asp:TextBox它应该允许所有字符(这对于密码字段来说是完美的!)

于 2017-01-16T14:50:05.747 回答
1

这对我有用...

 [HttpPost, ValidateInput(false)]
 public ActionResult updateContact(FormModel model)
 {
    //contents
 }
于 2017-08-21T06:21:11.880 回答