A potentially dangerous Request.Path value was detected from the client (&) in ASP.NET MVC4 Application

I was doing developing a window in ASP.NET MVC4 and got this error because some of the data had an ampersand in it.   The data in question were category names and after doing some research it seems that I could have made changes to IIS that would allow the ampersand in the URL but I would have been opening up a can of worms and increasing the risk of security breach.

Fix Data By Replacing Ampersand With “And”

I wasn’t sure how I was going to go about fixing my data, but after a little time on Google I found that SQL Server 2008 has a Replace statement. The command that I used to replace the ampersand with “and” is below.

SQL Server 2008 Replace Statement Example

UPDATE LinkDBuilder.dbo.category_master
SET category_name = replace(category_name, ‘&’, ‘and’)
WHERE category_name LIKE ‘%&%’




3 Responses

Leave a Reply

Your email address will not be published. Required fields are marked *