public ActionResult _ReservationSearch(string sortOrder,string currentFilter, string currentPhoneFilter, string searchString, string searchPhoneString, int? page,int? psize, DateTime date)
{
ViewBag.currentSort
}
public ActionResult _RoomSearch(string sortOrder, string currentFilter, string searchString, string currentFloorFilter, string searchFloorString, int? page, int? psize, DateTime startDate, DateTime endDate)
{
ViewBag.CurrentSort = sortOrder;
ViewBag.NameSortParm = String.IsNullOrEmpty(sortOrder) ? "roomName DESC" : "";
sortOrder = (sortOrder ?? "roomName ASC");
var pageIndex = page ?? 1; //MembershipProvider expects a 0 for the first page
var pageSize = psize ?? 10;
ViewBag.psize = pageSize;
var SearchRow = "categoryName";
var SearchRowFloor = "FloorName";
int totalCount = 0;
DateTime datef = startDate;
DateTime datet = endDate;
ViewData["startDate"] = datef;
ViewData["endDate"] = datet;
try
{
if (searchString != null || searchFloorString != null)
{
pageIndex = 1;
ViewBag.currentFilter = searchString;
ViewBag.currentFloorFilter = searchFloorString;
}
else
{
searchString = currentFilter;
searchFloorString = currentFloorFilter;
ViewBag.currentFilter = searchString;
ViewBag.currentFloorFilter = searchFloorString;
}
int userId = Convert.ToInt32(Session["userId"]);
String Query = "select * from FGetRooms_session('" + startDate.ToShortDateString() + "'," + userId + ") r where r.room_id not in(select f.room_id from FGetRooms('" + startDate.ToShortDateString() + "') f inner join FGetBookings() b on f.room_id=b.room_id where ('" + datef + "' between b.start_date and b.end_date) OR ('" + datet + "' between b.start_date and b.end_date)) and " + SearchRow + " like '" + searchString + "%' and " + SearchRowFloor + " like '" + searchFloorString + "%'";
var dt = PageHelp.GetPagedList(pageIndex, pageSize, ref totalCount, Query, sortOrder);
List<RoomDto.Rooms> data = new List<RoomDto.Rooms>();
if (dt.Rows.Count > 0)
{
foreach (DataRow dr in dt.Rows)
{
data.Add(new RoomDto.Rooms { rId = Convert.ToInt32(dr["room_id"]), rName = dr["roomName"].ToString(), Rate = Convert.ToDouble(dr["Rate"]), extraBed = Convert.ToDouble(dr["ExtraBed"]), status = Convert.ToBoolean(dr["status"]), cName = dr["categoryName"].ToString(), fName = dr["floorName"].ToString(), bName = dr["blockName"].ToString() });
}
}
var dataAsIPagedList = new StaticPagedList<RoomDto.Rooms>(data, pageIndex, pageSize, totalCount);
return PartialView("_RoomSearch", dataAsIPagedList);
}
catch (Exception ex)
{
TempData["d_err"] = ex.Message;
return PartialView("_Error");
}
}
这是我的观点
<div class="th-inner">
@Ajax.ActionLink("Room Name", "_RoomSearch", new { sortOrder = ViewBag.NameSortParm, currentFilter = ViewBag.CurrentFilter, currentFloorFilter = ViewBag.currentFloorFilter@*, startDate = @ViewData["startDate"], endDate = @ViewData["endDate"]*@ }, new AjaxOptions
{
HttpMethod = "POST",
InsertionMode = InsertionMode.Replace,
UpdateTargetId = "ListBox"
})
</div>
答案 0 :(得分:0)
ViewBag只是一个在视图和控制器之间传输数据的容器。你的代码肯定是保存的,因为这只是一个服务器端代码。为什么你认为这段代码不安全?在相同程度的成功中,我可以向您展示控制台应用程序源代码的示例并提出相同的要求。如果我不对,请有人在评论中纠正我。希望,这会为你增添一丝清晰度。