小知识(十一)

1.有时为防止SQL注入需要过滤字符，如对Request.QueryString[]查询字符串的过滤：

 /// <summary>        /// 过滤字符        /// </summary>        /// <param name="Input"></param>        /// <returns></returns>        public static string Filter(string sInput)        {            if (sInput == null || sInput == "")                return null;            string sInput1 = sInput.ToLower();            string output = sInput;            string pattern = @"*|and|exec|insert|select|delete|update|count|master|truncate|declare|char(|mid(|chr(|'";            if (Regex.Match(sInput1, Regex.Escape(pattern), RegexOptions.Compiled | RegexOptions.IgnoreCase).Success)            {                throw new Exception("字符串中含有非法字符!");            }            else            {                output = output.Replace("'", "''");            }            return output;        }

?

2. 让TextBox里的文字换行

<asp:TextBox ID="txt" TextMode="MultiLine" runat="server" Width="600" Height="100"></asp:TextBox>

把TextBox的TextMode设为MultiLine ? 用\r\n换行 ? txt.Text="我是第一行\r\n"+"我是第二行\r\n";

?

3. 为repeater等控件绑定的数据添加一列，这一列可以是删除，详细等

//dt是已经从数据库中读出来的数据，准备绑定到repeater控件上         if (dt != null)            {                if (dt.Rows.Count > 0)                {                    //添加列                    dt.Columns.Add("op", typeof(string));                    //添加操作列                    for (int k = 0; dt.Rows.Count > k; k++)                    {                        dt.Rows[k]["op"] = "<a href=\"tbData_YH_Detail_list.aspx?Id=" + dt.Rows[k]["id"] + "\" class='list_link'>详细</a>  <a href=\"tbData_YH.aspx?Type=ShenHe&Id=" + dt.Rows[k]["id"] + "\" class='list_link'>审核</a>  <a href=\"tbData_YH_update.aspx?Id=" + dt.Rows[k]["id"] + "\" class='list_link'>修改</a>  <a href=\"tbData_YH.aspx?Type=Del&id=" + dt.Rows[k]["id"] + "\" class='list_link' alt='删除' onClick=\"{if(confirm('确定要删除吗？')){return true;}return false;}\">删除</a>  <input type=\"checkbox\" name=\"aid\" value=\"" + dt.Rows[k]["id"] + "\" />";                    }                }            }            repeater1.DataSource = dt;              repeater1.DataBind(); 

?

        <ItemTemplate>                <tr  onmouseover="overColor(this)" onmouseout="outColor(this)">                    <td align="center" valign="middle" ><%#((DataRowView)Container.DataItem)["ID"]%></td>                    <td align="center" valign="middle" ><%#((DataRowView)Container.DataItem)["tbDanWei"]%></td>                    <td align="center" valign="middle" ><%#((DataRowView)Container.DataItem)["tbTime"]%></td>                    <td align="center" valign="middle" ><%#((DataRowView)Container.DataItem)["sbND"]%></td>                    <td align="center" valign="middle" ><%#((DataRowView)Container.DataItem)["shenHeFlag"]%></td>                    <td align="center" valign="middle" ><%#((DataRowView)Container.DataItem)["op"]%></td>                </tr>           </ItemTemplate>

4.<%%>与runat="server"控制元素的显示与否

<form id="form1" runat="server">    <%if (visible){%>    <div>     <table>    <tr><td>1111</td></tr>    </table>    </div>    <%}%>    <hr />    <div runat="server" id="div2">    <table>    <tr><td>2222</td></tr>    </table>    </div>     <asp:Button ID="Button2" runat="server" Text="显示" onclick="Button2_Click"/>    <asp:Button ID="Button1" runat="server" Text="隐藏" onclick="Button1_Click" />    </form>

        protected bool visible = true;        protected void Button1_Click(object sender, EventArgs e)        {            visible = false;            div2.Visible = false;        }        protected void Button2_Click(object sender, EventArgs e)        {            visible = true;            div2.Visible = true;        }

?

?

?

?