我正在开发一个asp.net Web应用程序页面,其中包含一组级联下拉菜单,文本框和页面上的按钮。下拉列表从数据库填充,并取决于先前的下拉列表。这些按钮应该将选定的值从下拉列表和文本框写入数据库。
页面加载了正确的DDL列表。如果我只在文本框中输入一个值并单击按钮,它可以写入数据库。
如果我从下拉列表中选择一个值并在文本框中输入一个值,然后单击按钮将值添加到数据库,则会返回以下错误。
错误讯息: “无效的回发或回调参数。使用配置或页面中的<%@ Page EnableEventValidation =”true“%>启用事件验证。出于安全考虑,此功能验证回发或回调事件的参数是否来自服务器最初呈现它们的控件。如果数据有效且预期,请使用ClientScriptManager.RegisterForEventValidation方法注册回发或回调数据以进行验证。“
我做了一些研究,并了解如果我设置enableEventValidation =“false”可能会有安全隐患,所以我不想使用该选项。 另一种选择是什么?如何使用错误消息中建议的ClientScriptManager.RegisterForEventValidation方法?
以下是我正在使用的代码:由于它仍在开发中,我没有在DDL或文本框上添加任何验证,我打算最终做。
newlevel.aspx
<%@ Page Title="" Language="C#" MasterPageFile="~/Main.Master" `AutoEventWireup="true" CodeBehind="newlevels.aspx.cs" Inherits="COA.newlevels" `%>
<%@ Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit" TagPrefix="asp" %>
<%--<asp:Content ID="Content1" ContentPlaceHolderID="head" runat="server">
</asp:Content>--%>
<asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" runat="server">
<div>
<table>
<tr>
<td>Totaling Level A</td>
<td>
<asp:DropDownList ID="ddlTotalingLevelA" runat="server" Width="250" OnSelectedIndexChanged="ddlTotalingLevelA_SelectedIndexChanged" ></asp:DropDownList>
<asp:CascadingDropDown ID="cdlTotalingLevelA" TargetControlID="ddlTotalingLevelA" PromptText="Select Totaling Level A"
PromptValue="" ServicePath="ServiceCS.asmx" ServiceMethod="GetLevelAList" runat="server"
Category="TOTALING_LEVEL_A" LoadingText="Loading..." />
</td>
</tr>
<tr>
<td>Totaling Level B</td>
<td>
<asp:DropDownList ID="ddlTotalingLevelB" runat="server" Width="250"></asp:DropDownList>
<asp:CascadingDropDown ID="cdlTotalingLevelB" TargetControlID="ddlTotalingLevelB" PromptText="Select Totaling Level B"
PromptValue="" ServicePath="ServiceCS.asmx" ServiceMethod="GetLevelBList" runat="server"
Category="TOTALING_LEVEL_B" ParentControlID="ddlTotalingLevelA" LoadingText="Loading..." />
</td>
<td><asp:TextBox ID="txtTotalingLevelB" runat="server" required></asp:TextBox></td>
<td>
<asp:Button ID="ButtonTotalingLevelB" runat="server" Text="Add New Totaling Level B" OnClick="ButtonTotalingLevelB_Click" />
</td>
</tr>
<tr>
<td>Totaling Level C</td>
<td>
<asp:DropDownList ID="ddlTotalingLevelC" runat="server" Width="250"></asp:DropDownList>
<asp:CascadingDropDown ID="cdlTotalingLevelC" TargetControlID="ddlTotalingLevelC" PromptText="Select Totaling Level C"
PromptValue="" ServicePath="ServiceCS.asmx" ServiceMethod="GetLevelCList" runat="server"
Category="TOTALING_LEVEL_C" ParentControlID="ddlTotalingLevelB" LoadingText="Loading..." />
</td>
<td><asp:TextBox ID="txtTotalingLevelC" runat="server"></asp:TextBox></td>
<td>
<asp:Button ID="ButtonTotalingLevelC" runat="server" Text="Add New Totaling Level C" OnClick="ButtonTotalingLevelC_Click" />
</td>
</tr>
<tr>
<td>Totaling Level D</td>
<td>
<asp:DropDownList ID="ddlTotalingLevelD" runat="server" Width="250"></asp:DropDownList>
<asp:CascadingDropDown ID="cdlTotalingLevelD" TargetControlID="ddlTotalingLevelD" PromptText="Select Totaling Level D"
PromptValue="" ServicePath="ServiceCS.asmx" ServiceMethod="GetLevelDList" runat="server"
Category="TOTALING_LEVEL_D" ParentControlID="ddlTotalingLevelC" LoadingText="Loading..." />
</td>
<td><asp:TextBox ID="txtTotalingLevelD" runat="server"></asp:TextBox></td>
<td>
<asp:Button ID="ButtonTotalingLevelD" runat="server" Text="Add New Totaling Level D" OnClick="ButtonTotalingLevelD_Click" />
</td>
</tr>
<tr>
<td>Totaling Level E</td>
<td>
<asp:DropDownList ID="ddlTotalingLevelE" runat="server" Width="250"></asp:DropDownList>
<asp:CascadingDropDown ID="cdlTotalingLevelE" TargetControlID="ddlTotalingLevelE" PromptText="Select Totaling Level E"
PromptValue="" ServicePath="ServiceCS.asmx" ServiceMethod="GetLevelEList" runat="server"
Category="TOTALING_LEVEL_E" ParentControlID="ddlTotalingLevelD" LoadingText="Loading..." />
</td>
<td><asp:TextBox ID="txtTotalingLevelE" runat="server"></asp:TextBox></td>
<td>
<asp:Button ID="ButtonTotalingLevelE" runat="server" Text="Add New Totaling Level E" OnClick="ButtonTotalingLevelE_Click" />
</td>
</tr>
<tr>
<td>Totaling Level F</td>
<td>
<asp:DropDownList ID="ddlTotalingLevelF" runat="server" Width="250"></asp:DropDownList>
<asp:CascadingDropDown ID="cdlTotalingLevelF" TargetControlID="ddlTotalingLevelF"
PromptValue="" ServicePath="ServiceCS.asmx" ServiceMethod="GetLevelFList" runat="server"
Category="TOTALING_LEVEL_F" ParentControlID="ddlTotalingLevelE" LoadingText="Loading..." />
</td>
<td><asp:TextBox ID="txtTotalingLevelF" runat="server"></asp:TextBox></td>
<td>
<asp:Button ID="ButtonTotalingLevelF" runat="server" Text="Add New Totaling Level F" OnClick="ButtonTotalingLevelF_Click" />
</td>
</tr>
</table>
</div>
</asp:Content>
newlevels.aspx.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
namespace ChartOfAccounts
{
public partial class newlevels : System.Web.UI.Page
{
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["Chpcs"].ToString());
protected void Page_Load(object sender, EventArgs e)
{
}
protected void ButtonTotalingLevelB_Click(object sender, EventArgs e)
{
connection.Open();
SqlCommand cmd = connection.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "INSERT INTO [SCM].[LKP_TOTALING_LEVEL_B]([TOTALING_LEVEL_B],[TOTALING_LEVEL_A],[UNARY_OPERATOR],[SORTINGORDER]) VALUES('" + ddlTotalingLevelB.SelectedItem.Value + "','" + txtTotalingLevelB.Text + "','" + "','0')";
cmd.ExecuteNonQuery();
connection.Close();
}
protected void ButtonTotalingLevelC_Click(object sender, EventArgs e)
{
connection.Open();
SqlCommand cmd = connection.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "INSERT INTO [SCM].[LKP_TOTALING_LEVEL_B]([TOTALING_LEVEL_B],[TOTALING_LEVEL_A],[UNARY_OPERATOR],[SORTINGORDER]) VALUES('" + ddlTotalingLevelC.Text + "','" + txtTotalingLevelC.Text + "','" + "','0')";
cmd.ExecuteNonQuery();
connection.Close();
}
protected void ButtonTotalingLevelD_Click(object sender, EventArgs e)
{
connection.Open();
SqlCommand cmd = connection.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "INSERT INTO [SCM].[LKP_TOTALING_LEVEL_B]([TOTALING_LEVEL_B],[TOTALING_LEVEL_A],[UNARY_OPERATOR],[SORTINGORDER]) VALUES('" + ddlTotalingLevelD.Text + "','" + txtTotalingLevelD.Text + "','" + "','0')";
cmd.ExecuteNonQuery();
connection.Close();
}
protected void ButtonTotalingLevelE_Click(object sender, EventArgs e)
{
connection.Open();
SqlCommand cmd = connection.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "INSERT INTO [SCM].[LKP_TOTALING_LEVEL_B]([TOTALING_LEVEL_B],[TOTALING_LEVEL_A],[UNARY_OPERATOR],[SORTINGORDER]) VALUES('" + ddlTotalingLevelE.Text + "','" + txtTotalingLevelE.Text + "','" + "','0')";
cmd.ExecuteNonQuery();
connection.Close();
}
protected void ButtonTotalingLevelF_Click(object sender, EventArgs e)
{
connection.Open();
SqlCommand cmd = connection.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "INSERT INTO [SCM].[LKP_TOTALING_LEVEL_B]([TOTALING_LEVEL_B],[TOTALING_LEVEL_A],[UNARY_OPERATOR],[SORTINGORDER]) VALUES('" + ddlTotalingLevelF.Text + "','" + txtTotalingLevelF.Text + "','" + "','0')";
cmd.ExecuteNonQuery();
connection.Close();
}
protected void ddlTotalingLevelA_SelectedIndexChanged(object sender, EventArgs e)
{
}
}
}