小知识(十一)
1.有时为防止SQL注入需要过滤字符,如对Request.QueryString[]查询字符串的过滤:
/// <summary> /// 过滤字符 /// </summary> /// <param name="Input"></param> /// <returns></returns> public static string Filter(string sInput) { if (sInput == null || sInput == "") return null; string sInput1 = sInput.ToLower(); string output = sInput; string pattern = @"*|and|exec|insert|select|delete|update|count|master|truncate|declare|char(|mid(|chr(|'"; if (Regex.Match(sInput1, Regex.Escape(pattern), RegexOptions.Compiled | RegexOptions.IgnoreCase).Success) { throw new Exception("字符串中含有非法字符!"); } else { output = output.Replace("'", "''"); } return output; }?
2. 让TextBox里的文字换行
<asp:TextBox ID="txt" TextMode="MultiLine" runat="server" Width="600" Height="100"></asp:TextBox>
把TextBox的TextMode设为MultiLine ? 用\r\n换行 ? txt.Text="我是第一行\r\n"+"我是第二行\r\n";
?
3. 为repeater等控件绑定的数据添加一列,这一列可以是删除,详细等
//dt是已经从数据库中读出来的数据,准备绑定到repeater控件上 if (dt != null) { if (dt.Rows.Count > 0) { //添加列 dt.Columns.Add("op", typeof(string)); //添加操作列 for (int k = 0; dt.Rows.Count > k; k++) { dt.Rows[k]["op"] = "<a href="tbData_YH_Detail_list.aspx?Id=" + dt.Rows[k]["id"] + "" class='list_link'>详细</a> <a href="tbData_YH.aspx?Type=ShenHe&Id=" + dt.Rows[k]["id"] + "" class='list_link'>审核</a> <a href="tbData_YH_update.aspx?Id=" + dt.Rows[k]["id"] + "" class='list_link'>修改</a> <a href="tbData_YH.aspx?Type=Del&id=" + dt.Rows[k]["id"] + "" class='list_link' alt='删除' onClick="{if(confirm('确定要删除吗?')){return true;}return false;}">删除</a> <input type="checkbox" name="aid" value="" + dt.Rows[k]["id"] + "" />"; } } } repeater1.DataSource = dt; repeater1.DataBind(); ?
<ItemTemplate> <tr onmouseover="overColor(this)" onmouseout="outColor(this)"> <td align="center" valign="middle" ><%#((DataRowView)Container.DataItem)["ID"]%></td> <td align="center" valign="middle" ><%#((DataRowView)Container.DataItem)["tbDanWei"]%></td> <td align="center" valign="middle" ><%#((DataRowView)Container.DataItem)["tbTime"]%></td> <td align="center" valign="middle" ><%#((DataRowView)Container.DataItem)["sbND"]%></td> <td align="center" valign="middle" ><%#((DataRowView)Container.DataItem)["shenHeFlag"]%></td> <td align="center" valign="middle" ><%#((DataRowView)Container.DataItem)["op"]%></td> </tr> </ItemTemplate>?
4.<%%>与runat="server"控制元素的显示与否
<form id="form1" runat="server"> <%if (visible){%> <div> <table> <tr><td>1111</td></tr> </table> </div> <%}%> <hr /> <div runat="server" id="div2"> <table> <tr><td>2222</td></tr> </table> </div> <asp:Button ID="Button2" runat="server" Text="显示" onclick="Button2_Click"/> <asp:Button ID="Button1" runat="server" Text="隐藏" onclick="Button1_Click" /> </form>? protected bool visible = true; protected void Button1_Click(object sender, EventArgs e) { visible = false; div2.Visible = false; } protected void Button2_Click(object sender, EventArgs e) { visible = true; div2.Visible = true; }??
?
?
?