過濾非法字符串(但是查詢的時候,假如是英文名字,是很容易有單引號的? 例如 Joey’s name,這個時候我們就需要把單引號,換成2個單引號
/// <summary>過濾sql非法字符串
///
/// </summary>
/// <param name="value"></param>
/// <returns></returns>
public
static
string
GetSafeSQL(
string
value
)
{
if
(
string
.IsNullOrEmpty(
value
))
return
string
.Empty;
value
= Regex.Replace(
value
, @"
;
",
string
.Empty);
//value = Regex.Replace(value, @"'", string.Empty);
value
= Regex.Replace(
value
, @"
'
", "
''
");
value
= Regex.Replace(
value
, @"
&
",
string
.Empty);
value
= Regex.Replace(
value
, @"
%20
",
string
.Empty);
value
= Regex.Replace(
value
, @"
--
",
string
.Empty);
value
= Regex.Replace(
value
, @"
==
",
string
.Empty);
value
= Regex.Replace(
value
, @"
<
",
string
.Empty);
value
= Regex.Replace(
value
, @"
>
",
string
.Empty);
value
= Regex.Replace(
value
, @"
%
",
string
.Empty);
return
value
;
}
接下來我們制作 新聞表和前臺的新聞制作。
shop_news:id,title,body,visitnum,createdate,type
新聞id,標題,內容,瀏覽量,創建時間,新聞類型(商品專題或者是新聞中心)
要學會代碼的復用,ctrl + c , Ctrl + v
?
/*********************************************************
* 開發人員:Joey QQ:1727050508 博客: http://1727050508.cnblogs.com
* 創建時間:2012-3-5 10:39:42
* 描述說明:news_list.aspx 新聞列表頁
*
* 更改歷史:
*
* *******************************************************/
using
System;
using
System.Collections.Generic;
using
System.Linq;
using
System.Web;
using
System.Web.UI;
using
System.Web.UI.WebControls;
namespace
Niunan.Shop.Web.admin
{
public
partial
class
news_list : System.Web.UI.Page
{
Niunan.Shop.DAL.NewsDAO newsdao =
new
DAL.NewsDAO();
protected
void
Page_Load(
object
sender, EventArgs e)
{
BindRep();
}
protected
void
anp_PageChanged(
object
sender, EventArgs e)
{
BindRep();
}
protected
void
lbtnDel_Click(
object
sender, EventArgs e)
{
string
id = (sender
as
LinkButton).CommandArgument;
newsdao.Delete(
int
.Parse(id));
BindRep();
}
private
void
BindRep()
{
int
pagesize = anp.PageSize;
int
pageindex = anp.CurrentPageIndex;
anp.RecordCount = newsdao.ClacCount(GetCond());
repList.DataSource = newsdao.GetList("
*
", "
id
", "
desc
", pagesize, pageindex, GetCond());
repList.DataBind();
}
private
string
GetCond()
{
string
cond = "
1=1
";
string
type = Request.QueryString["
type
"];
if
(!
string
.IsNullOrEmpty(type) && type == "
spzt
")
{
cond += "
and type='商品專題'
";
litH1.Text = "
商品專題
";
}
else
{
cond += "
and type='新聞中心'
";
litH1.Text = "
新聞中心
";
}
string
key = txtKey.Text.Trim();
key = Niunan.Shop.Utility.Tool.GetSafeSQL(key);
if
(key.Length != 0)
{
cond+= "
and title like '%
" + key + "
%'
";
}
return
cond;
}
protected
void
btnSearch_Click(
object
sender, EventArgs e)
{
BindRep();
}
}
}
?
下面是新聞添加和修改頁面的代碼
/*********************************************************
* 開發人員:Joey QQ:1727050508 博客: http://1727050508.cnblogs.com
* 創建時間:2012-3-5 15:30:56
* 描述說明:news_add.aspx 新聞添加和修改頁面
*
* 更改歷史:
*
* *******************************************************/
using
System;
using
System.Collections.Generic;
using
System.Linq;
using
System.Web;
using
System.Web.UI;
using
System.Web.UI.WebControls;
namespace
Niunan.Shop.Web.admin
{
public
partial
class
news_add : System.Web.UI.Page
{
Niunan.Shop.DAL.NewsDAO newsdao =
new
DAL.NewsDAO();
//Page_Load 是頁面進入的時候執行的函數,不論是第一次進入,還是我們點了按鈕回發進入,都會執行的
protected
void
Page_Load(
object
sender, EventArgs e)
{
if
(!Page.IsPostBack)
{
string
id = Request.QueryString["
id
"];
int
x;
if
(!
string
.IsNullOrEmpty(id) &&
int
.TryParse(id,
out
x))
{
Niunan.Shop.Model.News newsmodel = newsdao.GetModel(x);
if
(newsmodel !=
null
)
{
txtTitle.Text = newsmodel.title;
txtBody.Text = newsmodel.body;
litH1.Text = "
修改
";
btnAdd.Text = "
修改
";
}
}
}
}
protected
void
btnAdd_Click(
object
sender, EventArgs e)
{
string
title = txtTitle.Text.Trim();
string
body = txtBody.Text.Trim();
string
type = Request.QueryString["
type
"];
if
(!
string
.IsNullOrEmpty(type) && type == "
spzt
")
{
type = "
商品專題
";
}
else
{
type = "
新聞中心
";
}
if
(title.Length == 0 || body.Length == 0)
{
litRes.Text = "
<span style='color:blue'>請填寫完整的信息</span>
";
return
;
}
//如果有傳入ID,那么就是修改
string
id = Request.QueryString["
id
"];
int
x;
if
(!
string
.IsNullOrEmpty(id) &&
int
.TryParse(id,
out
x))
{
//這里是重復判斷,到底根據這個ID,能不能獲得這個實體
Niunan.Shop.Model.News newsmodel = newsdao.GetModel(x);
if
(newsmodel !=
null
)
{
newsmodel.title = title;
newsmodel.body = body;
newsdao.Update(newsmodel);
litRes.Text = "
<span style='color:red'>修改成功</span>
";
return
;
}
}
//否則是添加
int
res = newsdao.Add(
new
Niunan.Shop.Model.News()
{
title = title,
body = body,
createdate = DateTime.Now,
type = type,
visitnum = 0
});
if
(res > 0)
{
txtTitle.Text = "
";
txtBody.Text = "
";
litRes.Text = "
<span style='color:blue'>添加成功</span>
";
}
else
{
litRes.Text = "
<span style='color:red'>添加失敗,請聯系管理員</span>
";
}
}
}
}
?
更多文章、技術交流、商務合作、聯系博主
微信掃碼或搜索:z360901061
微信掃一掃加我為好友
QQ號聯系: 360901061
您的支持是博主寫作最大的動力,如果您喜歡我的文章,感覺我的文章對您有幫助,請用微信掃描下面二維碼支持博主2元、5元、10元、20元等您想捐的金額吧,狠狠點擊下面給點支持吧,站長非常感激您!手機微信長按不能支付解決辦法:請將微信支付二維碼保存到相冊,切換到微信,然后點擊微信右上角掃一掃功能,選擇支付二維碼完成支付。
【本文對您有幫助就好】元
