protected void UpdateButton_Click(object sender, System.EventArgs e) { Guid uGuid = new Guid(Membership.GetUser().ProviderUserKey.ToString()); string reaction = HttpUtility.HtmlEncode(ReactionTextBox.Text.Trim()); ////hack to preserve at least some formatting in a post //reaction = Regex.Replace( reaction, "" + char( 13 ) + "" + Chr( 10 ) + "", "<br />", RegexOptions.IgnoreCase | RegexOptions.Multiline ); //reaction = Regex.Replace( reaction, "<br />", "<br />", RegexOptions.IgnoreCase | RegexOptions.Multiline ); //suggest you get an html editor type input box instead //if you do, you'll need to sanitize the input here to check for malicious html and script junk PollReaction pr = new PollReaction(); pr.Reaction = reaction; pr.PollId = PollId; pr.UserId = uGuid; PollReaction.Create(pr); Response.Redirect(string.Format("~/Poll/View.aspx?pollId={0}", PollId.ToString()), true); }