I have inherited a database that is moving to the web. Problem is that some of the string fields have html characters….

One example is….

“” without the quotes, IT WON’T SHOW UP IN HERE EITHER, trying something else. At any rate it has < and the > signs with text in the middle.

How can I escape any possible combination of html references.

SelectCommand="usp_getSingleStringData" SelectCommandType="StoredProcedure" 
<SelectParameters>
    <asp:SessionParameter Name="shrtText" SessionField="shrtText" Type="String" />
     <asp:SessionParameter Name="tableName" SessionField="currUserTable" Type="String" />
</SelectParameters>




Protected Sub DropDownList1_SelectedIndexChanged(ByVal sender As Object, ByVal e As System.EventArgs) Handles DropDownList1.SelectedIndexChanged

    If DropDownList1.SelectedValue = "Select" Then
        GridView1.Visible = False
        Exit Sub
    End If
    GridView1.Visible = True

    Dim TestString As String = DropDownList1.SelectedValue
    Dim EncodedString As String = Server.HtmlEncode(TestString)

    Session("shrtText") = EncodedString

End Sub

The error message is….

A potentially dangerous Request.Form value was detected from the client (ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$DropDownList1=””).

tried Texbox also,

A potentially dangerous Request.Form value was detected from the client
(ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$GridView3$ctl17$TextBox1=””).

Thanks for any help