过滤非法字符串(但是查询的时候,假如是英文名字,是很容易有单引号的 例如 Joey’s name,这个时候我们就需要把单引号,换成2个单引号
/// <summary>过滤sql非法字符串
///
/// </summary>
/// <param name="value"></param>
/// <returns></returns>
public
static
string
GetSafeSQL(
string
value
)
{
if
(
string
.IsNullOrEmpty(
value
))
return
string
.Empty;
value
= Regex.Replace(
value
, @"
;
",
string
.Empty);
//value = Regex.Replace(value, @"'", string.Empty);
value
= Regex.Replace(
value
, @"
'
", "
''
");
value
= Regex.Replace(
value
, @"
&
",
string
.Empty);
value
= Regex.Replace(
value
, @"
%20
",
string
.Empty);
value
= Regex.Replace(
value
, @"
--
",
string
.Empty);
value
= Regex.Replace(
value
, @"
==
",
string
.Empty);
value
= Regex.Replace(
value
, @"
<
",
string
.Empty);
value
= Regex.Replace(
value
, @"
>
",
string
.Empty);
value
= Regex.Replace(
value
, @"
%
",
string
.Empty);
return
value
;
}
接下来我们制作 新闻表和前台的新闻制作。
shop_news:id,title,body,visitnum,createdate,type
新闻id,标题,内容,浏览量,创建时间,新闻类型(商品专题或者是新闻中心)
要学会代码的复用,ctrl + c , Ctrl + v
/*********************************************************
* 开发人员:Joey QQ:1727050508 博客: http://1727050508.cnblogs.com
* 创建时间:2012-3-5 10:39:42
* 描述说明:news_list.aspx 新闻列表页
*
* 更改历史:
*
* *******************************************************/
using
System;
using
System.Collections.Generic;
using
System.Linq;
using
System.Web;
using
System.Web.UI;
using
System.Web.UI.WebControls;
namespace
Niunan.Shop.Web.admin
{
public
partial
class
news_list : System.Web.UI.Page
{
Niunan.Shop.DAL.NewsDAO newsdao =
new
DAL.NewsDAO();
protected
void
Page_Load(
object
sender, EventArgs e)
{
BindRep();
}
protected
void
anp_PageChanged(
object
sender, EventArgs e)
{
BindRep();
}
protected
void
lbtnDel_Click(
object
sender, EventArgs e)
{
string
id = (sender
as
LinkButton).CommandArgument;
newsdao.Delete(
int
.Parse(id));
BindRep();
}
private
void
BindRep()
{
int
pagesize = anp.PageSize;
int
pageindex = anp.CurrentPageIndex;
anp.RecordCount = newsdao.ClacCount(GetCond());
repList.DataSource = newsdao.GetList("
*
", "
id
", "
desc
", pagesize, pageindex, GetCond());
repList.DataBind();
}
private
string
GetCond()
{
string
cond = "
1=1
";
string
type = Request.QueryString["
type
"];
if
(!
string
.IsNullOrEmpty(type) && type == "
spzt
")
{
cond += "
and type='商品专题'
";
litH1.Text = "
商品专题
";
}
else
{
cond += "
and type='新闻中心'
";
litH1.Text = "
新闻中心
";
}
string
key = txtKey.Text.Trim();
key = Niunan.Shop.Utility.Tool.GetSafeSQL(key);
if
(key.Length != 0)
{
cond+= "
and title like '%
" + key + "
%'
";
}
return
cond;
}
protected
void
btnSearch_Click(
object
sender, EventArgs e)
{
BindRep();
}
}
}
下面是新闻添加和修改页面的代码
/*********************************************************
* 开发人员:Joey QQ:1727050508 博客: http://1727050508.cnblogs.com
* 创建时间:2012-3-5 15:30:56
* 描述说明:news_add.aspx 新闻添加和修改页面
*
* 更改历史:
*
* *******************************************************/
using
System;
using
System.Collections.Generic;
using
System.Linq;
using
System.Web;
using
System.Web.UI;
using
System.Web.UI.WebControls;
namespace
Niunan.Shop.Web.admin
{
public
partial
class
news_add : System.Web.UI.Page
{
Niunan.Shop.DAL.NewsDAO newsdao =
new
DAL.NewsDAO();
//Page_Load 是页面进入的时候执行的函数,不论是第一次进入,还是我们点了按钮回发进入,都会执行的
protected
void
Page_Load(
object
sender, EventArgs e)
{
if
(!Page.IsPostBack)
{
string
id = Request.QueryString["
id
"];
int
x;
if
(!
string
.IsNullOrEmpty(id) &&
int
.TryParse(id,
out
x))
{
Niunan.Shop.Model.News newsmodel = newsdao.GetModel(x);
if
(newsmodel !=
null
)
{
txtTitle.Text = newsmodel.title;
txtBody.Text = newsmodel.body;
litH1.Text = "
修改
";
btnAdd.Text = "
修改
";
}
}
}
}
protected
void
btnAdd_Click(
object
sender, EventArgs e)
{
string
title = txtTitle.Text.Trim();
string
body = txtBody.Text.Trim();
string
type = Request.QueryString["
type
"];
if
(!
string
.IsNullOrEmpty(type) && type == "
spzt
")
{
type = "
商品专题
";
}
else
{
type = "
新闻中心
";
}
if
(title.Length == 0 || body.Length == 0)
{
litRes.Text = "
<span style='color:blue'>请填写完整的信息</span>
";
return
;
}
//如果有传入ID,那么就是修改
string
id = Request.QueryString["
id
"];
int
x;
if
(!
string
.IsNullOrEmpty(id) &&
int
.TryParse(id,
out
x))
{
//这里是重复判断,到底根据这个ID,能不能获得这个实体
Niunan.Shop.Model.News newsmodel = newsdao.GetModel(x);
if
(newsmodel !=
null
)
{
newsmodel.title = title;
newsmodel.body = body;
newsdao.Update(newsmodel);
litRes.Text = "
<span style='color:red'>修改成功</span>
";
return
;
}
}
//否则是添加
int
res = newsdao.Add(
new
Niunan.Shop.Model.News()
{
title = title,
body = body,
createdate = DateTime.Now,
type = type,
visitnum = 0
});
if
(res > 0)
{
txtTitle.Text = "
";
txtBody.Text = "
";
litRes.Text = "
<span style='color:blue'>添加成功</span>
";
}
else
{
litRes.Text = "
<span style='color:red'>添加失败,请联系管理员</span>
";
}
}
}
}
