C#跳过部分代码

时间:2017-01-01 16:14:47

标签: c# asp.net

我被困了 - 代码的第一部分“ // OPEN PRELOADING PAGE ”由于某种原因不会执行,将被跳过。如果我评论其余的代码,只保留这部分,它就可以了。怎么了?

protected void Create_Order_Click(object sender, EventArgs e)
{

  // OPEN PRELOADING PAGE
  Response.Write("<script>");
  Response.Write("window.open('smth.aspx','_blank')");
  Response.Write("</script>");

  // DEFINE CONNECTION
  SqlConnection conn = new SqlConnection(ConfigurationManager
             .ConnectionStrings["SqlConnectionString"].ConnectionString);

  // OPEN CONNECTION
  conn.Open();

  // DEFINE FIRST SQL QUERY
  string insertOrder = "INSERT INTO Order_Connection (FK_User_ID) VALUES ('" + Session["User_ID"] + "')";

  string str = FileUpload1.FileName;
  FileUpload1.PostedFile.SaveAs(Server.MapPath(".") + "//upload//" + str);
  string path = "//xxx.cz/intranet/pages/upload/" + str.ToString();

  string insertOrder_Content = "INSERT INTO Order_Content (Uploaded_Photo, Issue_Description, Place_Of_Repair, Transfer_Method, Date_To_Bring, Date_To_Take) VALUES ('" + path + "', @Issue_Description, @Place_Of_Repair, @Transfer_Method, @Date_To_Bring, @Date_To_Take)";
  SqlCommand comInsertIntoOrder = new SqlCommand(insertOrder_Content, conn);

  comInsertIntoOrder.Parameters.AddWithValue("@Issue_Description", TextBox_Issue_Description.Text);
  comInsertIntoOrder.Parameters.AddWithValue("@Place_Of_Repair", DropDownList_Place.SelectedItem.ToString());
  comInsertIntoOrder.Parameters.AddWithValue("@Transfer_Method", DropDownList_Transfer.SelectedItem.ToString());
  comInsertIntoOrder.Parameters.AddWithValue("@Date_To_Bring", TextBox_Date_To_Bring.Text);
  comInsertIntoOrder.Parameters.AddWithValue("@Date_To_Take", TextBox_Date_To_Take.Text);

  comInsertIntoOrder.ExecuteNonQuery();

  // EXECUTE FIRST SQL QUERY
  SqlCommand com = new SqlCommand(insertOrder, conn);

  // EXECUTE NOW
  com.ExecuteNonQuery();

  // CLOSE CONNECTION
  conn.Close();

  Response.Redirect("http://xxx.cz/intranet/pages/Success.aspx");
}

2 个答案:

答案 0 :(得分:7)

您在方法结束时调用Response.Redirect。那将基本上以302响应终止请求。您之前写入(缓冲)响应的数据在此时无关紧要。

此外,您应该研究参数化SQL - 您的数据库处理目前容易受到SQL注入攻击。 (总是,总是,总是基本上参数化你的SQL。)

答案 1 :(得分:0)

你正试图在这里做两件事;

  1. 打开新标签页并加载“&#;; smth.aspx&#39;
  2. 将请求重定向到success.aspx
  3. 在Response.Redirect服务器上仅向浏览器发送302 Response类似HTTP/1.1 302 Found Location: http://xxx.cz/intranet/pages/Success.aspx的内容,然后浏览器向success.aspx页面发送另一个请求。但是,由于服务器从未将脚本标记发送到浏览器,因此页面中smith.aspx的新标签页中的success.aspx期待Response.Write("<script>"); Response.Write("window.open('smth.aspx','_blank')"); Response.Write("window.location.href='success.aspx';"); Response.Write("</script>"); .... //remaining code //Remove the Response.Redirect line at the end of your function. 。 如果这是您要查找的内容,请尝试使用此代码;

    // remove unallowed characters from user input
    $code = (int) $_GET['c']; // this will make sure your code is an integer. If you use other characters use `preg_replace` instead.
    // There are many ways to sanitize the input here
    
    // if is empty redirect user
    if (empty($code)) {
        header('Location: http://www.domain.com/another.php');
        die;
    }
    
    $result2 = $link->query('SELECT code FROM Codes WHERE code = "'. $code .'" LIMIT 1');
    $CodeisValid = mysqli_num_rows($result2);
    
    if ($CodeisValid !== 0) {
        return true;
    } else {
        header ('Location: http://www.domain.com/another.php');
        die;
    }