如何通过单选按钮列表显示图片?

时间:2012-09-06 05:50:41

标签: c# asp.net sql-server c#-4.0

我有一个项目,我希望通过单选按钮列表从DB显示一条记录。选择一个选项后,单击Next按钮,下一条记录loads.this是我的Html代码:

<table style ="width :800px">
        <tr>
            <td style="width: 100px">
                <asp:Image ID="Image1" runat="server" ImageUrl="~/images/stdents12.jpeg" /></td>
        </tr>
        <tr>
            <td style="width: 100px">


                <table style="width: 950px" id="TABLE1" onclick="return TABLE1_onclick()">
        <tr>
            <td colspan="8" style="color: white; height: 21px; background-color: #3366ff">
                <asp:Label ID="Label1" runat="server" Font-Bold="True" Text="Test No :" Width="82px"></asp:Label>
                <asp:Label ID="TestNo" runat="server" Text="Label" Width="100px"></asp:Label><asp:Label ID="Label2" runat="server" Font-Bold="True" Text="Test Name :" Width="84px"></asp:Label>
                <asp:Label ID="TestName" runat="server" Text="Name Of the Test" Width="501px"></asp:Label><asp:Label ID="Label3" runat="server" Font-Bold="True" Text="Question :"></asp:Label>
                <asp:Label ID="Question" runat="server" Text="N of T" Width="52px"></asp:Label></td>
        </tr>
        <tr>
            <td style="width: 23px" rowspan="5">
            </td>
            <td style="width: 100px; height: 1px;">
                &nbsp;</td>
            <td style="width: 100px; height: 1px;">  



            </td>
            <td style="width: 100px; height: 1px;">
            </td>
            <td style="width: 100px; height: 1px;">
            </td>
            <td style="width: 100px; height: 1px;">
            </td>
            <td style="width: 100px; height: 1px;">
                </td>
            <td style="width: 100px; height: 1px;">
             <div class="timerCss"> <asp:Label ID="lblTimerCount" runat="server" Height="5px" Width="232px"></asp:Label>&nbsp;</div>
                </td>
        </tr>
        <tr>
            <td colspan="7" align="right">
                <asp:Image ID="Image2"  runat="server" />
                <asp:Label ID="Questionlbl" runat="server" Height="66px" Text="Label" 
                    Width="317px"></asp:Label></td>
        </tr>
        <tr>
            <td colspan="7">
                &nbsp;</td>
        </tr>
        <tr>
            <td colspan="7">


                <asp:RadioButtonList ID="RadioButtonList1" runat="server" 
                    RepeatDirection="Horizontal">
                </asp:RadioButtonList>


                </td>
        </tr>
        <tr>
            <td style="width: 100px; height: 12px;">
                &nbsp;</td>
            <td style="width: 100px; height: 12px;">
            </td>
            <td style="width: 100px; height: 12px;">
            </td>
            <td style="width: 100px; height: 12px;">
                </td>
            <td style="width: 100px; height: 12px;">
                </td>
            <td style="width: 100px; height: 12px;">
                <asp:Button ID="Button2" runat="server"   Text="Skip" Width="55px" /></td>
            <td style="width: 100px; height: 12px;">
                <asp:Button ID="BtnNext" runat="server" onclick="BtnNext_Click" Text="Next" 
                    Width="70px" />
            </td>
        </tr>
    </table>


            </td>
        </tr>
        <tr>
            <td style="background-color: silver;" class="style1">
            </td>
        </tr>
    </table>

这是我的代码隐藏页面:

void Page_PreRender(object sender, EventArgs e)
    {

        OnlineExamEntities context = new OnlineExamEntities();
        StringBuilder bldr = new StringBuilder();
        bldr.AppendFormat("var Timer = new myTimer({0},{1},'{2}','timerData');", this.timerStartValue, this.TimerInterval, this.lblTimerCount.ClientID);
        bldr.Append("Timer.go()");
        ClientScript.RegisterStartupScript(this.GetType(), "TimerScript", bldr.ToString(), true);
        ClientScript.RegisterHiddenField("timerData", timerStartValue.ToString());
        /////////////////////////////
        List<int> a = (List<int>)Session["QnumList"];
        List<string> resulttemp = new List<string>();

        int j = a[Convert.ToInt32(Session["Click"].ToString())];

        var q3 = ((from c in context.questions
                   orderby c.QID
                   where c.QID == j
                   select c)).SingleOrDefault();
        resulttemp.Add(q3.trueAns.ToString());
        Session["result"] = resulttemp;

        Questionlbl.Text = q3.Question1.ToString();
        Image2.ImageUrl = q3.ans4.ToString();
        RadioButtonList1.Items.Clear();
        string ans1, ans2, ans3;
        ans1 = q3.ans1.ToString();
        ans2 = q3.ans2.ToString();
        ans3 = q3.ans3.ToString();
        RadioButtonList1.Items.Add(String.Format("<img src='{0}'>", ans1));
        RadioButtonList1.Items.Add(String.Format("<img src='{0}'>", ans2));
        RadioButtonList1.Items.Add(String.Format("<img src='{0}'>", ans3));

    }

当我选择一个选项并单击“下一步”按钮加载另一个记录时,我收到此错误:

* 从客户端检测到潜在危险的Request.Form值(RadioButtonList1 =“*

我调整了Validate Request =“false”,但它无效。

1 个答案:

答案 0 :(得分:4)

服务器警告您有人可能会插入Html代码例如,如果您想获取FirstName但有人写入内部:“alert('Haha')”,那么当您显示输入的数据时,您可能会看到警报框。取消验证并不是一件好事。您可以使用Server.HtmlEncode

RadioButtonList1.Items.Add(Server.HtmlEncode(String.Format("<img src='{0}'>", ans1)));

用户选择一个值后,您可以使用Server.HtmlDecode对其进行解码。

但是,在这种情况下,您只需要选择的img,而不是整个img标记,这样您就可以设置不同的值(第二个参数是值):

RadioButtonList1.Items.Add(new ListItem(String.Format("<img src='{0}'>", ans1), ans1));

这样,html表单只会保存不被视为潜在危险值的图像路径。

相关问题
最新问题