5.DataList分页(其实Repeart也可采用这个,只是改一下控件名而已)
用户控件
DataList: DlstInfolist
Label:lblCurrentPage
HyperLink:lnkNext LnkPrev
存储过程:supplyinfo_select
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_7643')})</script>
c#.Net
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_6266')})</script>
VB.Net
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_6635')})</script>
7.用户密码修改
用户控件:
Button:Btnsubmit
TextBox:TxtNewPwd
存储过程:userpwd_update
C#.Net
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_4316')})</script>
c#.Net
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_4415')})</script>
VB.Net
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_8197')})</script>
8.发送E-mail:
用户控件:
Butoon:Button1
TextBox: TxtSubject
Label:LblUsername
c#
注意:要记得引用Jmail组件
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_2112')})</script>
VB.Net
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_8085')})</script>
9.asp.net获取复选框所选的值
c#.net
方法1:
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_8515')})</script>
方法2:
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_7671')})</script>
10数据库的备份与恢复
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_2362')})</script>
11.C#防注入函数
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_5311')})</script>
暂时先整理到这里,慢慢再补上吧,请大家多多指教:)
用户控件
DataList: DlstInfolist
Label:lblCurrentPage
HyperLink:lnkNext LnkPrev
存储过程:supplyinfo_select
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_7643')})</script>
| 程序代码: | [ 复制代码到剪贴板 ] |
/*
查询大类下所有的supplyinfo
2006-4-10
*/
create procedure supplyinfo_select
@bigclassid int
as
select * from supply
where
Supply_CatID=@bigclassid
GO
查询大类下所有的supplyinfo
2006-4-10
*/
create procedure supplyinfo_select
@bigclassid int
as
select * from supply
where
Supply_CatID=@bigclassid
GO
c#.Net
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_6266')})</script>
| 程序代码: | [ 复制代码到剪贴板 ] |
private void dlstsupplyinfolist()
{
SqlConnection conndb = new SqlConnection(System.Configuration.ConfigurationSettings.AppSettings["conn"]);
conndb.Open();
string bigid=Request.QueryString["bigid"].Trim();
SqlDataAdapter strbuyinfo = new SqlDataAdapter("supplyinfo_select",conndb);
strbuyinfo.SelectCommand.CommandType = CommandType.StoredProcedure;
strbuyinfo.SelectCommand.Parameters.Add("@bigclassid",bigid);
DataSet ds = new DataSet();
strbuyinfo.Fill(ds);
{
PagedDataSource objPds = new PagedDataSource();
objPds.DataSource = ds.Tables[0].DefaultView;
objPds.AllowPaging = true;
objPds.PageSize = 5;
int CurPage;
if (Request.QueryString["Page"] != null)
CurPage=Convert.ToInt32(Request.QueryString["Page"]);
else
CurPage=1;
objPds.CurrentPageIndex = CurPage-1;
lblCurrentPage.Text = "Page: " + CurPage.ToString();
if (!objPds.IsFirstPage)
lnkPrev.NavigateUrl=Request.CurrentExecutionFilePath + "?id=" + bigid +"&Page=" + Convert.ToString(CurPage-1);
if (!objPds.IsLastPage)
lnkNext.NavigateUrl=Request.CurrentExecutionFilePath + "?id=" + bigid +"&Page="+ Convert.ToString(CurPage+1);
DlstInfolist.DataSource=objPds;
DlstInfolist.DataKeyField="Supply";
DlstInfolist.DataBind();
}
}
{
SqlConnection conndb = new SqlConnection(System.Configuration.ConfigurationSettings.AppSettings["conn"]);
conndb.Open();
string bigid=Request.QueryString["bigid"].Trim();
SqlDataAdapter strbuyinfo = new SqlDataAdapter("supplyinfo_select",conndb);
strbuyinfo.SelectCommand.CommandType = CommandType.StoredProcedure;
strbuyinfo.SelectCommand.Parameters.Add("@bigclassid",bigid);
DataSet ds = new DataSet();
strbuyinfo.Fill(ds);
{
PagedDataSource objPds = new PagedDataSource();
objPds.DataSource = ds.Tables[0].DefaultView;
objPds.AllowPaging = true;
objPds.PageSize = 5;
int CurPage;
if (Request.QueryString["Page"] != null)
CurPage=Convert.ToInt32(Request.QueryString["Page"]);
else
CurPage=1;
objPds.CurrentPageIndex = CurPage-1;
lblCurrentPage.Text = "Page: " + CurPage.ToString();
if (!objPds.IsFirstPage)
lnkPrev.NavigateUrl=Request.CurrentExecutionFilePath + "?id=" + bigid +"&Page=" + Convert.ToString(CurPage-1);
if (!objPds.IsLastPage)
lnkNext.NavigateUrl=Request.CurrentExecutionFilePath + "?id=" + bigid +"&Page="+ Convert.ToString(CurPage+1);
DlstInfolist.DataSource=objPds;
DlstInfolist.DataKeyField="Supply";
DlstInfolist.DataBind();
}
}
VB.Net
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_6635')})</script>
| 程序代码: | [ 复制代码到剪贴板 ] |
Private Sub dlstsupplyinfolist()
Dim conndb As SqlConnection = New SqlConnection(System.Configuration.ConfigurationSettings.AppSettings("conn"))
conndb.Open()
Dim bigid As String = Request.QueryString("bigid").Trim()
Dim strbuyinfo As SqlDataAdapter = New SqlDataAdapter("supplyinfo_select",conndb)
strbuyinfo.SelectCommand.CommandType = CommandType.StoredProcedure
strbuyinfo.SelectCommand.Parameters.Add("@bigclassid",bigid)
Dim ds As DataSet = New DataSet()
strbuyinfo.Fill(ds)
{
Dim objPds As PagedDataSource = New PagedDataSource()
objPds.DataSource = ds.Tables(0).DefaultView
objPds.AllowPaging = True
objPds.PageSize = 5
Dim CurPage As Integer
If Not Request.QueryString("Page") Is Nothing Then
CurPage=Convert.ToInt32(Request.QueryString("Page"))
Else
CurPage=1
End If
objPds.CurrentPageIndex = CurPage-1
lblCurrentPage.Text = "Page: " + CurPage.ToString()
If Not objPds.IsFirstPage Then
lnkPrev.NavigateUrl=Request.CurrentExecutionFilePath + "?id=" + bigid +"&Page=" + Convert.ToString(CurPage-1)
End If
If Not objPds.IsLastPage Then
lnkNext.NavigateUrl=Request.CurrentExecutionFilePath + "?id=" + bigid +"&Page="+ Convert.ToString(CurPage+1)
End If
DlstInfolist.DataSource=objPds
DlstInfolist.DataKeyField="Supply"
DlstInfolist.DataBind()
}
End Sub
Dim conndb As SqlConnection = New SqlConnection(System.Configuration.ConfigurationSettings.AppSettings("conn"))
conndb.Open()
Dim bigid As String = Request.QueryString("bigid").Trim()
Dim strbuyinfo As SqlDataAdapter = New SqlDataAdapter("supplyinfo_select",conndb)
strbuyinfo.SelectCommand.CommandType = CommandType.StoredProcedure
strbuyinfo.SelectCommand.Parameters.Add("@bigclassid",bigid)
Dim ds As DataSet = New DataSet()
strbuyinfo.Fill(ds)
{
Dim objPds As PagedDataSource = New PagedDataSource()
objPds.DataSource = ds.Tables(0).DefaultView
objPds.AllowPaging = True
objPds.PageSize = 5
Dim CurPage As Integer
If Not Request.QueryString("Page") Is Nothing Then
CurPage=Convert.ToInt32(Request.QueryString("Page"))
Else
CurPage=1
End If
objPds.CurrentPageIndex = CurPage-1
lblCurrentPage.Text = "Page: " + CurPage.ToString()
If Not objPds.IsFirstPage Then
lnkPrev.NavigateUrl=Request.CurrentExecutionFilePath + "?id=" + bigid +"&Page=" + Convert.ToString(CurPage-1)
End If
If Not objPds.IsLastPage Then
lnkNext.NavigateUrl=Request.CurrentExecutionFilePath + "?id=" + bigid +"&Page="+ Convert.ToString(CurPage+1)
End If
DlstInfolist.DataSource=objPds
DlstInfolist.DataKeyField="Supply"
DlstInfolist.DataBind()
}
End Sub
7.用户密码修改
用户控件:
Button:Btnsubmit
TextBox:TxtNewPwd
存储过程:userpwd_update
C#.Net
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_4316')})</script>
| 程序代码: | [ 复制代码到剪贴板 ] |
/*
作者:dezai
日期:2006-3-11
用途:用来修改会员的密码
*/
create procedure userpwd_update
@user_ID int,
@user_pwd char(50)
as
update [user]
set
[UserPwd]=@user_pwd
where
[userid]=@user_id
GO
作者:dezai
日期:2006-3-11
用途:用来修改会员的密码
*/
create procedure userpwd_update
@user_ID int,
@user_pwd char(50)
as
update [user]
set
[UserPwd]=@user_pwd
where
[userid]=@user_id
GO
c#.Net
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_4415')})</script>
| 程序代码: | [ 复制代码到剪贴板 ] |
private void Btnsubmit_Click(object sender, System.EventArgs e)
{
if(Page.IsValid)
{
string userid = Request.QueryString["userid"].Trim();
SqlConnection conndb = new SqlConnection(System.Configuration.ConfigurationSettings.AppSettings["conn"]);
conndb.Open();
SqlCommand Strupdate = new SqlCommand("userpwd_update",conndb);
Strupdate.CommandType = CommandType.StoredProcedure;
Strupdate.Parameters.Add("@user_ID",userid);
Strupdate.Parameters.Add("@user_pwd",TxtNewPwd.Text.Trim());
Strupdate.ExecuteNonQuery();
conndb.Close();
Response.Write("<script language='javascript'>alert('Update succesful!');</script>");
}
else
{
Response.Write("<script language='javascript'>alert('Error!');</script>");}
}
{
if(Page.IsValid)
{
string userid = Request.QueryString["userid"].Trim();
SqlConnection conndb = new SqlConnection(System.Configuration.ConfigurationSettings.AppSettings["conn"]);
conndb.Open();
SqlCommand Strupdate = new SqlCommand("userpwd_update",conndb);
Strupdate.CommandType = CommandType.StoredProcedure;
Strupdate.Parameters.Add("@user_ID",userid);
Strupdate.Parameters.Add("@user_pwd",TxtNewPwd.Text.Trim());
Strupdate.ExecuteNonQuery();
conndb.Close();
Response.Write("<script language='javascript'>alert('Update succesful!');</script>");
}
else
{
Response.Write("<script language='javascript'>alert('Error!');</script>");}
}
VB.Net
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_8197')})</script>
| 程序代码: | [ 复制代码到剪贴板 ] |
vb.net
Private Sub Btnsubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs)
Dim userid As String = Request.QueryString("userid").Trim()
Dim conndb As SqlConnection = New SqlConnection(System.Configuration.ConfigurationSettings.AppSettings("conn"))
conndb.Open()
Dim Strupdate As SqlCommand = New SqlCommand("userpwd_update",conndb)
Strupdate.CommandType = CommandType.StoredProcedure
Strupdate.Parameters.Add("@user_ID",userid)
Strupdate.Parameters.Add("@user_pwd",TxtNewPwd.Text.Trim())
Strupdate.ExecuteNonQuery()
conndb.Close()
Response.Write("<script language='javascript'>alert('Update succesful!');</script>")
End Sub
Private Sub Btnsubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs)
Dim userid As String = Request.QueryString("userid").Trim()
Dim conndb As SqlConnection = New SqlConnection(System.Configuration.ConfigurationSettings.AppSettings("conn"))
conndb.Open()
Dim Strupdate As SqlCommand = New SqlCommand("userpwd_update",conndb)
Strupdate.CommandType = CommandType.StoredProcedure
Strupdate.Parameters.Add("@user_ID",userid)
Strupdate.Parameters.Add("@user_pwd",TxtNewPwd.Text.Trim())
Strupdate.ExecuteNonQuery()
conndb.Close()
Response.Write("<script language='javascript'>alert('Update succesful!');</script>")
End Sub
8.发送E-mail:
用户控件:
Butoon:Button1
TextBox: TxtSubject
Label:LblUsername
c#
注意:要记得引用Jmail组件
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_2112')})</script>
| 程序代码: | [ 复制代码到剪贴板 ] |
private void Button1_Click(object sender, System.EventArgs e)
{
jmail.Message Jmail=new jmail.Message();
DateTime t=DateTime.Now;
String Subject=TxtSubject.Text.Trim();;
String body="Hello"+LblUsername.Text.Trim();
String FromEmail="eastjazz@163.com";
String ToEmail=LblUseremail.Text.Trim();
//Silent属性:如果设置为true,JMail不会抛出例外错误. JMail. Send( () 会根据操作结果返回true或false
Jmail.Silent=true;
//Jmail创建的日志,前提loging属性设置为true
Jmail.Logging=true;
//字符集,缺省为"US-ASCII"
Jmail.Charset="GB2312";
//信件的contentype. 缺省是"text/plain") : 字符串如果你以HTML格式发送邮件, 改为"text/html"即可。
Jmail.ContentType="text/html";
//添加收件人
Jmail.AddRecipient(ToEmail,"","");
Jmail.From=FromEmail;
//发件人邮件用户名
Jmail.MailServerUserName="dezaiiloveu" ;
//发件人邮件密码
Jmail.MailServerPassWord="dezaistudio" ;
//设置邮件标题
Jmail.Subject=Subject;
//邮件添加附件,(多附件的话,可以再加一条Jmail.AddAttachment( "c://test.jpg",true,null);)就可以搞定了。[注]:加了附件,讲把上面的Jmail.ContentType="text/html";删掉。否则会在邮件里出现乱码。
//邮件内容
Jmail.Body=body+t.ToString();
//Jmail发送的方法
Jmail.Send("smtp.163.com",false);
Jmail.Close() ;
InkBack.Visible=true;
InkBack.NavigateUrl="index.aspx";
}
}
{
jmail.Message Jmail=new jmail.Message();
DateTime t=DateTime.Now;
String Subject=TxtSubject.Text.Trim();;
String body="Hello"+LblUsername.Text.Trim();
String FromEmail="eastjazz@163.com";
String ToEmail=LblUseremail.Text.Trim();
//Silent属性:如果设置为true,JMail不会抛出例外错误. JMail. Send( () 会根据操作结果返回true或false
Jmail.Silent=true;
//Jmail创建的日志,前提loging属性设置为true
Jmail.Logging=true;
//字符集,缺省为"US-ASCII"
Jmail.Charset="GB2312";
//信件的contentype. 缺省是"text/plain") : 字符串如果你以HTML格式发送邮件, 改为"text/html"即可。
Jmail.ContentType="text/html";
//添加收件人
Jmail.AddRecipient(ToEmail,"","");
Jmail.From=FromEmail;
//发件人邮件用户名
Jmail.MailServerUserName="dezaiiloveu" ;
//发件人邮件密码
Jmail.MailServerPassWord="dezaistudio" ;
//设置邮件标题
Jmail.Subject=Subject;
//邮件添加附件,(多附件的话,可以再加一条Jmail.AddAttachment( "c://test.jpg",true,null);)就可以搞定了。[注]:加了附件,讲把上面的Jmail.ContentType="text/html";删掉。否则会在邮件里出现乱码。
//邮件内容
Jmail.Body=body+t.ToString();
//Jmail发送的方法
Jmail.Send("smtp.163.com",false);
Jmail.Close() ;
InkBack.Visible=true;
InkBack.NavigateUrl="index.aspx";
}
}
VB.Net
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_8085')})</script>
| 程序代码: | [ 复制代码到剪贴板 ] |
Private Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs)
Dim Jmail As jmail.Message = New jmail.Message()
Dim t As DateTime = DateTime.Now
Dim Subject As String = TxtSubject.Text.Trim()
Dim body As String = "Hello"+LblUsername.Text.Trim()
Dim FromEmail As String = "eastjazz@163.com"
Dim ToEmail As String = LblUseremail.Text.Trim()
'Silent属性:如果设置为true,JMail不会抛出例外错误. JMail. Send( () 会根据操作结果返回true或false
Jmail.Silent=True
'Jmail创建的日志,前提loging属性设置为true
Jmail.Logging=True
'字符集,缺省为"US-ASCII"
Jmail.Charset="GB2312"
'信件的contentype. 缺省是"text/plain") : 字符串如果你以HTML格式发送邮件, 改为"text/html"即可。
Jmail.ContentType="text/html"
'添加收件人
Jmail.AddRecipient(ToEmail,"","")
Jmail.From=FromEmail
'发件人邮件用户名
Jmail.MailServerUserName="dezaiiloveu"
'发件人邮件密码
Jmail.MailServerPassWord="dezaistudio"
'设置邮件标题
Jmail.Subject=Subject
'邮件添加附件,(多附件的话,可以再加一条Jmail.AddAttachment( "c://test.jpg",true,null);)就可以搞定了。[注]:加了附件,讲把上面的Jmail.ContentType="text/html";删掉。否则会在邮件里出现乱码。
'邮件内容
Jmail.Body=body+t.ToString()
'Jmail发送的方法
Jmail.Send("smtp.163.com",False)
Jmail.Close()
InkBack.Visible=True
InkBack.NavigateUrl="index.aspx"
End Sub
}
Dim Jmail As jmail.Message = New jmail.Message()
Dim t As DateTime = DateTime.Now
Dim Subject As String = TxtSubject.Text.Trim()
Dim body As String = "Hello"+LblUsername.Text.Trim()
Dim FromEmail As String = "eastjazz@163.com"
Dim ToEmail As String = LblUseremail.Text.Trim()
'Silent属性:如果设置为true,JMail不会抛出例外错误. JMail. Send( () 会根据操作结果返回true或false
Jmail.Silent=True
'Jmail创建的日志,前提loging属性设置为true
Jmail.Logging=True
'字符集,缺省为"US-ASCII"
Jmail.Charset="GB2312"
'信件的contentype. 缺省是"text/plain") : 字符串如果你以HTML格式发送邮件, 改为"text/html"即可。
Jmail.ContentType="text/html"
'添加收件人
Jmail.AddRecipient(ToEmail,"","")
Jmail.From=FromEmail
'发件人邮件用户名
Jmail.MailServerUserName="dezaiiloveu"
'发件人邮件密码
Jmail.MailServerPassWord="dezaistudio"
'设置邮件标题
Jmail.Subject=Subject
'邮件添加附件,(多附件的话,可以再加一条Jmail.AddAttachment( "c://test.jpg",true,null);)就可以搞定了。[注]:加了附件,讲把上面的Jmail.ContentType="text/html";删掉。否则会在邮件里出现乱码。
'邮件内容
Jmail.Body=body+t.ToString()
'Jmail发送的方法
Jmail.Send("smtp.163.com",False)
Jmail.Close()
InkBack.Visible=True
InkBack.NavigateUrl="index.aspx"
End Sub
}
9.asp.net获取复选框所选的值
c#.net
方法1:
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_8515')})</script>
| 程序代码: | [ 复制代码到剪贴板 ] |
:
public static string GetCheckBoxListValue(CheckBoxList CBList)
{
string strTemp = "";
for (int i = 0; i < CBList.Items.Count; i++)
{
if (CBList.Items[i].Selected)
{
if (strTemp == "")
{
strTemp = CBList.Items[i].Value;
}
else
{
strTemp += "," + CBList.Items[i].Value;
}
}
}
return strTemp;
}
public static string GetCheckBoxListValue(CheckBoxList CBList)
{
string strTemp = "";
for (int i = 0; i < CBList.Items.Count; i++)
{
if (CBList.Items[i].Selected)
{
if (strTemp == "")
{
strTemp = CBList.Items[i].Value;
}
else
{
strTemp += "," + CBList.Items[i].Value;
}
}
}
return strTemp;
}
方法2:
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_7671')})</script>
| 程序代码: | [ 复制代码到剪贴板 ] |
CheckBoxListMessage.Text="";
for (int i=0; i<checkboxlist1.Items.Count; i++)
{
if (checkboxlist1.Items[i].Selected)
{
CheckBoxListMessage.Text += checkboxlist1.Items[i].Text + "<br/>";
}
}
for (int i=0; i<checkboxlist1.Items.Count; i++)
{
if (checkboxlist1.Items[i].Selected)
{
CheckBoxListMessage.Text += checkboxlist1.Items[i].Text + "<br/>";
}
}
10数据库的备份与恢复
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_2362')})</script>
| 程序代码: | [ 复制代码到剪贴板 ] |
<%@ Page %>
<HTML>
<HEAD>
<title>获取服务器端数据库列表示例</title>
<% @Import Namespace="System.Data" %>
<% @Import Namespace="System.Data.SqlClient" %>
<script language="C#" runat="server">
// 注意本节的数据库连接字符串
string ConnStr = System.Configuration.ConfigurationSettings.AppSettings["conn"];
void Page_Load(object sender, System.EventArgs e)
{
if(!IsPostBack)
{
// 创建连接及执行数据库操作
string db_query = "sp_helpdb";
SqlCommand myCommand = new SqlCommand(db_query, new SqlConnection(ConnStr));
myCommand.Connection.Open();
SqlDataReader dr = myCommand.ExecuteReader();
// 将数据库列表绑定到下拉列表控件(DropDownList)
dbDropDownList.DataSource = dr;
dbDropDownList.DataTextField = "name";
dbDropDownList.DataBind();
//关闭DataReader对象和数据库连接
dr.Close();
myCommand.Connection.Close();
}
}
void dbDropDownList_SelectedIndexChanged(object sender, System.EventArgs e)
{
pathTextBox.Text = @"d:/BACKUP/" + dbDropDownList.SelectedValue + ".bak";
}
void backupButton_Click(object sender, System.EventArgs e)
{
string path = pathTextBox.Text;
string dbname = dbDropDownList.SelectedValue;
string backupSql = "use master;";
backupSql += "backup database @dbname to disk = @path;";
SqlCommand myCommand = new SqlCommand(backupSql, new SqlConnection(ConnStr));
myCommand.Parameters.Add("@dbname", SqlDbType.Char);
myCommand.Parameters["@dbname"].Value = dbname;
myCommand.Parameters.Add("@path", SqlDbType.Char);
myCommand.Parameters["@path"].Value = path;
try
{
myCommand.Connection.Open();
myCommand.ExecuteNonQuery();
infoLabel.Text = "备份成功";
}
catch(Exception ex)
{
infoLabel.Text = "备份失败<br/>" + ex.ToString();
}
finally
{
myCommand.Connection.Close();
}
}
void restoreButton_Click(object sender, System.EventArgs e)
{
string path = pathTextBox.Text;
string dbname = dbDropDownList.SelectedValue;
string restoreSql = "use master;";
restoreSql += "restore database @dbname from disk = @path;";
SqlCommand myCommand = new SqlCommand(restoreSql, new SqlConnection(ConnStr));
myCommand.Parameters.Add("@dbname", SqlDbType.Char);
myCommand.Parameters["@dbname"].Value = dbname;
myCommand.Parameters.Add("@path", SqlDbType.Char);
myCommand.Parameters["@path"].Value = path;
try
{
myCommand.Connection.Open();
myCommand.ExecuteNonQuery();
infoLabel.Text = "恢复成功";
}
catch(Exception ex)
{
infoLabel.Text = "恢复失败<br/>" + ex.ToString();
}
finally
{
myCommand.Connection.Close();
}
}
</script>
</HEAD>
<body>
<form id="Form1" method="post" runat="server">
<h3> </h3>
数据库列表:
<asp:dropdownlist id="dbDropDownList" runat="server" AutoPostBack="True" OnSelectedIndexChanged="dbDropDownList_SelectedIndexChanged"></asp:dropdownlist>
<br>
<br>
请输入备份目录及备份文件名:
<asp:textbox id="pathTextBox" runat="server" Width="224px">
C:/BACKUP/Northwind.bak</asp:textbox>(目录必须存在)
<br>
<br>
<asp:button id="backupButton" runat="server" Font-Size="9pt" Text="备份数据库" OnClick="backupButton_Click"></asp:button>
<asp:button id="restoreButton" runat="server" Font-Size="9pt" Text="恢复数据库" OnClick="restoreButton_Click"></asp:button>
<br>
<br>
<asp:Label id="infoLabel" runat="server"></asp:Label>
</form>
</body>
</HTML>
<HTML>
<HEAD>
<title>获取服务器端数据库列表示例</title>
<% @Import Namespace="System.Data" %>
<% @Import Namespace="System.Data.SqlClient" %>
<script language="C#" runat="server">
// 注意本节的数据库连接字符串
string ConnStr = System.Configuration.ConfigurationSettings.AppSettings["conn"];
void Page_Load(object sender, System.EventArgs e)
{
if(!IsPostBack)
{
// 创建连接及执行数据库操作
string db_query = "sp_helpdb";
SqlCommand myCommand = new SqlCommand(db_query, new SqlConnection(ConnStr));
myCommand.Connection.Open();
SqlDataReader dr = myCommand.ExecuteReader();
// 将数据库列表绑定到下拉列表控件(DropDownList)
dbDropDownList.DataSource = dr;
dbDropDownList.DataTextField = "name";
dbDropDownList.DataBind();
//关闭DataReader对象和数据库连接
dr.Close();
myCommand.Connection.Close();
}
}
void dbDropDownList_SelectedIndexChanged(object sender, System.EventArgs e)
{
pathTextBox.Text = @"d:/BACKUP/" + dbDropDownList.SelectedValue + ".bak";
}
void backupButton_Click(object sender, System.EventArgs e)
{
string path = pathTextBox.Text;
string dbname = dbDropDownList.SelectedValue;
string backupSql = "use master;";
backupSql += "backup database @dbname to disk = @path;";
SqlCommand myCommand = new SqlCommand(backupSql, new SqlConnection(ConnStr));
myCommand.Parameters.Add("@dbname", SqlDbType.Char);
myCommand.Parameters["@dbname"].Value = dbname;
myCommand.Parameters.Add("@path", SqlDbType.Char);
myCommand.Parameters["@path"].Value = path;
try
{
myCommand.Connection.Open();
myCommand.ExecuteNonQuery();
infoLabel.Text = "备份成功";
}
catch(Exception ex)
{
infoLabel.Text = "备份失败<br/>" + ex.ToString();
}
finally
{
myCommand.Connection.Close();
}
}
void restoreButton_Click(object sender, System.EventArgs e)
{
string path = pathTextBox.Text;
string dbname = dbDropDownList.SelectedValue;
string restoreSql = "use master;";
restoreSql += "restore database @dbname from disk = @path;";
SqlCommand myCommand = new SqlCommand(restoreSql, new SqlConnection(ConnStr));
myCommand.Parameters.Add("@dbname", SqlDbType.Char);
myCommand.Parameters["@dbname"].Value = dbname;
myCommand.Parameters.Add("@path", SqlDbType.Char);
myCommand.Parameters["@path"].Value = path;
try
{
myCommand.Connection.Open();
myCommand.ExecuteNonQuery();
infoLabel.Text = "恢复成功";
}
catch(Exception ex)
{
infoLabel.Text = "恢复失败<br/>" + ex.ToString();
}
finally
{
myCommand.Connection.Close();
}
}
</script>
</HEAD>
<body>
<form id="Form1" method="post" runat="server">
<h3> </h3>
数据库列表:
<asp:dropdownlist id="dbDropDownList" runat="server" AutoPostBack="True" OnSelectedIndexChanged="dbDropDownList_SelectedIndexChanged"></asp:dropdownlist>
<br>
<br>
请输入备份目录及备份文件名:
<asp:textbox id="pathTextBox" runat="server" Width="224px">
C:/BACKUP/Northwind.bak</asp:textbox>(目录必须存在)
<br>
<br>
<asp:button id="backupButton" runat="server" Font-Size="9pt" Text="备份数据库" OnClick="backupButton_Click"></asp:button>
<asp:button id="restoreButton" runat="server" Font-Size="9pt" Text="恢复数据库" OnClick="restoreButton_Click"></asp:button>
<br>
<br>
<asp:Label id="infoLabel" runat="server"></asp:Label>
</form>
</body>
</HTML>
11.C#防注入函数
<script type="text/javascript">window.attachEvent("onload",function (){AutoSizeDIV('CODE_5311')})</script>
| 程序代码: | [ 复制代码到剪贴板 ] |
public string SafeRequest(string ParaName,int ParaType)
{
//如果是1为数字,0为字符串
string Paravalue="";
Paravalue = ParaName;
if (ParaType==1)
{
if(!(IsNumeric(Paravalue)))
{
Paravalue="0";
}
}
else
{
Paravalue=Paravalue.Replace("'","’");
}
return(Paravalue);
}
public static bool IsNumeric(string strData)
{
float fData;
bool bValid = true;
if(strData.Length>12)
{
bValid = false;
}
else
{
try
{
fData = float.Parse(strData);
}
catch (FormatException)
{
bValid = false;
}
}
return bValid;
}
private void Button1_Click(object sender, System.EventArgs e)
{
Label1.Text=SafeRequest(TextBox1.Text,1);
}
{
//如果是1为数字,0为字符串
string Paravalue="";
Paravalue = ParaName;
if (ParaType==1)
{
if(!(IsNumeric(Paravalue)))
{
Paravalue="0";
}
}
else
{
Paravalue=Paravalue.Replace("'","’");
}
return(Paravalue);
}
public static bool IsNumeric(string strData)
{
float fData;
bool bValid = true;
if(strData.Length>12)
{
bValid = false;
}
else
{
try
{
fData = float.Parse(strData);
}
catch (FormatException)
{
bValid = false;
}
}
return bValid;
}
private void Button1_Click(object sender, System.EventArgs e)
{
Label1.Text=SafeRequest(TextBox1.Text,1);
}
暂时先整理到这里,慢慢再补上吧,请大家多多指教:)
扫一扫
221
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
