我被困了 - 代码的第一部分“ // OPEN PRELOADING PAGE ”由于某种原因不会执行,将被跳过。如果我评论其余的代码,只保留这部分,它就可以了。怎么了?
protected void Create_Order_Click(object sender, EventArgs e)
{
// OPEN PRELOADING PAGE
Response.Write("<script>");
Response.Write("window.open('smth.aspx','_blank')");
Response.Write("</script>");
// DEFINE CONNECTION
SqlConnection conn = new SqlConnection(ConfigurationManager
.ConnectionStrings["SqlConnectionString"].ConnectionString);
// OPEN CONNECTION
conn.Open();
// DEFINE FIRST SQL QUERY
string insertOrder = "INSERT INTO Order_Connection (FK_User_ID) VALUES ('" + Session["User_ID"] + "')";
string str = FileUpload1.FileName;
FileUpload1.PostedFile.SaveAs(Server.MapPath(".") + "//upload//" + str);
string path = "//xxx.cz/intranet/pages/upload/" + str.ToString();
string insertOrder_Content = "INSERT INTO Order_Content (Uploaded_Photo, Issue_Description, Place_Of_Repair, Transfer_Method, Date_To_Bring, Date_To_Take) VALUES ('" + path + "', @Issue_Description, @Place_Of_Repair, @Transfer_Method, @Date_To_Bring, @Date_To_Take)";
SqlCommand comInsertIntoOrder = new SqlCommand(insertOrder_Content, conn);
comInsertIntoOrder.Parameters.AddWithValue("@Issue_Description", TextBox_Issue_Description.Text);
comInsertIntoOrder.Parameters.AddWithValue("@Place_Of_Repair", DropDownList_Place.SelectedItem.ToString());
comInsertIntoOrder.Parameters.AddWithValue("@Transfer_Method", DropDownList_Transfer.SelectedItem.ToString());
comInsertIntoOrder.Parameters.AddWithValue("@Date_To_Bring", TextBox_Date_To_Bring.Text);
comInsertIntoOrder.Parameters.AddWithValue("@Date_To_Take", TextBox_Date_To_Take.Text);
comInsertIntoOrder.ExecuteNonQuery();
// EXECUTE FIRST SQL QUERY
SqlCommand com = new SqlCommand(insertOrder, conn);
// EXECUTE NOW
com.ExecuteNonQuery();
// CLOSE CONNECTION
conn.Close();
Response.Redirect("http://xxx.cz/intranet/pages/Success.aspx");
}
答案 0 :(得分:7)
您在方法结束时调用Response.Redirect
。那将基本上以302响应终止请求。您之前写入(缓冲)响应的数据在此时无关紧要。
此外,您应该研究参数化SQL - 您的数据库处理目前容易受到SQL注入攻击。 (总是,总是,总是基本上参数化你的SQL。)
答案 1 :(得分:0)
你正试图在这里做两件事;
在Response.Redirect服务器上仅向浏览器发送302 Response
类似HTTP/1.1 302 Found
Location: http://xxx.cz/intranet/pages/Success.aspx
的内容,然后浏览器向success.aspx
页面发送另一个请求。但是,由于服务器从未将脚本标记发送到浏览器,因此页面中smith.aspx
的新标签页中的success.aspx
期待Response.Write("<script>");
Response.Write("window.open('smth.aspx','_blank')");
Response.Write("window.location.href='success.aspx';");
Response.Write("</script>");
.... //remaining code
//Remove the Response.Redirect line at the end of your function.
。
如果这是您要查找的内容,请尝试使用此代码;
// remove unallowed characters from user input
$code = (int) $_GET['c']; // this will make sure your code is an integer. If you use other characters use `preg_replace` instead.
// There are many ways to sanitize the input here
// if is empty redirect user
if (empty($code)) {
header('Location: http://www.domain.com/another.php');
die;
}
$result2 = $link->query('SELECT code FROM Codes WHERE code = "'. $code .'" LIMIT 1');
$CodeisValid = mysqli_num_rows($result2);
if ($CodeisValid !== 0) {
return true;
} else {
header ('Location: http://www.domain.com/another.php');
die;
}