牛腩购物5 aspnetpager控件的巩固(屏蔽恶意字符过滤转换 单引号问题,制作新闻页面)

过滤非法字符串(但是查询的时候,假如是英文名字,是很容易有单引号的  例如 Joey’s name,这个时候我们就需要把单引号,换成2个单引号

/// <summary>过滤sql非法字符串
        /// 
        /// </summary>
        /// <param name="value"></param>
        /// <returns></returns>
        public static string GetSafeSQL(string value)
        {
            if (string.IsNullOrEmpty(value))
                return string.Empty;
            value = Regex.Replace(value, @";", string.Empty);
            //value = Regex.Replace(value, @"'", string.Empty);
            value = Regex.Replace(value, @"'", "''");
            value = Regex.Replace(value, @"&", string.Empty);
            value = Regex.Replace(value, @"%20", string.Empty);
            value = Regex.Replace(value, @"--", string.Empty);
            value = Regex.Replace(value, @"==", string.Empty);
            value = Regex.Replace(value, @"<", string.Empty);
            value = Regex.Replace(value, @">", string.Empty);
            value = Regex.Replace(value, @"%", string.Empty);
            return value;
        }
接下来我们制作 新闻表和前台的新闻制作。
shop_news:id,title,body,visitnum,createdate,type
          新闻id,标题,内容,浏览量,创建时间,新闻类型(商品专题或者是新闻中心)
要学会代码的复用,ctrl + c  , Ctrl + v
 
/*********************************************************
 * 开发人员:Joey  QQ:1727050508   博客: http://1727050508.cnblogs.com
 * 创建时间:2012-3-5 10:39:42
 * 描述说明:news_list.aspx  新闻列表页
 * 
 * 更改历史:
 * 
 * *******************************************************/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace Niunan.Shop.Web.admin
{
    public partial class news_list : System.Web.UI.Page
    {
        Niunan.Shop.DAL.NewsDAO newsdao = new DAL.NewsDAO();
        protected void Page_Load(object sender, EventArgs e)
        {
            BindRep();
        }

        protected void anp_PageChanged(object sender, EventArgs e)
        {
            BindRep();
        }
        protected void lbtnDel_Click(object sender, EventArgs e)
        {
            string id = (sender as LinkButton).CommandArgument;
            newsdao.Delete(int.Parse(id));
            BindRep();
        }

        private void BindRep()
        {
            int pagesize = anp.PageSize;
            int pageindex = anp.CurrentPageIndex;
            anp.RecordCount = newsdao.ClacCount(GetCond());
            repList.DataSource = newsdao.GetList("*", "id", "desc", pagesize, pageindex, GetCond());

            repList.DataBind();
        }

        private string GetCond()
        {
            string cond = "1=1";

            string type = Request.QueryString["type"];
            if (!string.IsNullOrEmpty(type) && type == "spzt")
            {
                cond += " and type='商品专题'";
                litH1.Text = "商品专题";
            }
            else
            {
                cond += " and type='新闻中心'";
                litH1.Text = "新闻中心";
            }


            string key = txtKey.Text.Trim();
            key = Niunan.Shop.Utility.Tool.GetSafeSQL(key);
            if (key.Length != 0)
            {
                cond+= " and title like  '%" + key + "%' ";
            }
            return cond;
        }

        protected void btnSearch_Click(object sender, EventArgs e)
        {
            BindRep();
        }
    }
}
 
下面是新闻添加和修改页面的代码
/*********************************************************
 * 开发人员:Joey  QQ:1727050508   博客: http://1727050508.cnblogs.com
 * 创建时间:2012-3-5 15:30:56
 * 描述说明:news_add.aspx  新闻添加和修改页面
 * 
 * 更改历史:
 * 
 * *******************************************************/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace Niunan.Shop.Web.admin
{
    public partial class news_add : System.Web.UI.Page
    {
         Niunan.Shop.DAL.NewsDAO newsdao = new DAL.NewsDAO();

        //Page_Load 是页面进入的时候执行的函数,不论是第一次进入,还是我们点了按钮回发进入,都会执行的
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!Page.IsPostBack)
            {
                string id = Request.QueryString["id"];
                int x;
                if (!string.IsNullOrEmpty(id) && int.TryParse(id, out x))
                {
                    Niunan.Shop.Model.News newsmodel = newsdao.GetModel(x);
                    if (newsmodel != null)
                    {

                        txtTitle.Text = newsmodel.title;
                        txtBody.Text = newsmodel.body;
                        litH1.Text = "修改";
                        btnAdd.Text = "修改";
                    }
                }
            }

        }

        protected void btnAdd_Click(object sender, EventArgs e)
        {
            string title = txtTitle.Text.Trim();
            string body = txtBody.Text.Trim();
            string type = Request.QueryString["type"];
            if (!string.IsNullOrEmpty(type) && type == "spzt")
            {
                type = "商品专题";
            }
            else
            {
                type = "新闻中心";
            }


            if (title.Length == 0 || body.Length == 0)
            {
                litRes.Text = "<span style='color:blue'>请填写完整的信息</span>";
                return;
            }

            //如果有传入ID,那么就是修改
            string id = Request.QueryString["id"];
            int x;
            if (!string.IsNullOrEmpty(id) && int.TryParse(id, out x))
            {
                //这里是重复判断,到底根据这个ID,能不能获得这个实体
                Niunan.Shop.Model.News newsmodel = newsdao.GetModel(x);
                if (newsmodel != null)
                {
                    newsmodel.title = title;
                    newsmodel.body = body;
                    newsdao.Update(newsmodel);
                    litRes.Text = "<span style='color:red'>修改成功</span>";
                    return;
                }
            }


            //否则是添加
            int res = newsdao.Add(new Niunan.Shop.Model.News()
            {
                title = title,
                body = body,
                createdate = DateTime.Now,
                type = type,
                visitnum = 0
            });

            if (res > 0)
            {
                txtTitle.Text = "";
                txtBody.Text = "";
                litRes.Text = "<span style='color:blue'>添加成功</span>";
            }
            else
            {
                litRes.Text = "<span style='color:red'>添加失败,请联系管理员</span>";
            }

        }
    }
}
 

image

posted @ 2012-03-05 14:39  asp_net老友记  阅读(250)  评论(0编辑  收藏  举报