我正在使用C#ASP.NET,并且我有一个提交页面,当您单击添加产品链接时,会打开一个弹出“添加产品”页面,其中包含可添加到的产品的下拉列表提交。业务规则规定每个产品在任何提交中只能有一个实例,所以我运行了两个单独的switch case语句,一个用于在弹出窗口中选择后从下拉列表中删除项目,另一个用于查询db以确定是否有任何已与提交相关联的产品,如果是,请从下拉列表中删除这些选项。用户从下拉列表中选择一个项目后,该产品的面板将显示为用户输入。
这两种开关盒都起作用,因为它们消除了不应该有的物品,但是由于我放入了查询过的开关盒,所以在选择时面板不再可见。当我移除查询的开关盒时,面板在选择时会变得可见,但是已经与提交相关联的产品仍然可以在下拉列表中找到。
我知道这里有一个冲突,但是我很喜欢它是什么,因为这是我第一次参加编程。代码如下。请忽略查询本身;这是一个非主动的培训项目,我的处理程序禁止参数化,因为他希望我先学习基础知识。我理解注射漏洞。
public partial class AddProduct : System.Web.UI.Page
{
protected void BtnAddProduct_Click(object sender, EventArgs e)
{
switch (DdlProductList.SelectedValue)
{
case "1":
PanelEpl.Visible = true;
DdlProductList.Items.Remove(DdlProductList.SelectedItem);
break;
case "2":
PanelProf.Visible = true;
DdlProductList.Items.Remove(DdlProductList.SelectedItem);
break;
case "3":
PanelCrime.Visible = true;
DdlProductList.Items.Remove(DdlProductList.SelectedItem);
break;
case "4":
PanelFid.Visible = true;
DdlProductList.Items.Remove(DdlProductList.SelectedItem);
break;
case "5":
PanelNotProf.Visible = true;
DdlProductList.Items.Remove(DdlProductList.SelectedItem);
break;
case "6":
PanelPriv.Visible = true;
DdlProductList.Items.Remove(DdlProductList.SelectedItem);
break;
case "7":
PanelPub.Visible = true;
DdlProductList.Items.Remove(DdlProductList.SelectedItem);
break;
default:
break;
}
}
protected void Page_Load(object sender, EventArgs e)
{
string x = Request.QueryString["SubId"];
string connectionString = System.Configuration.ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString;
string displayQuery = "SELECT CustName, CustAdd, CustCity, CustState, CustZip FROM Customer WHERE SubId =" + x;
string broQuery = "SELECT EntityType FROM Broker WHERE SubId =" + x;
string ddlQuery = "SELECT ProductId FROM SubmissionProducts WHERE SubmissionId =" + x;
using (SqlConnection displayConn = new SqlConnection(connectionString))
{
displayConn.Open();
SqlCommand DlistCmd = new SqlCommand(ddlQuery, displayConn);
using (SqlDataReader Ddldr = DlistCmd.ExecuteReader())
{
while (Ddldr.Read())
{
switch (Ddldr.GetInt32(0))
{
case 1:
DdlProductList.Items.RemoveAt(1);
break;
case 2:
DdlProductList.Items.RemoveAt(2);
break;
case 3:
DdlProductList.Items.RemoveAt(3);
break;
case 4:
DdlProductList.Items.RemoveAt(4);
break;
case 5:
DdlProductList.Items.RemoveAt(5);
break;
case 6:
DdlProductList.Items.RemoveAt(6);
break;
case 7:
DdlProductList.Items.RemoveAt(7);
break;
default:
break;
}
}
}
答案 0 :(得分:1)
我认为你没有考虑Page backback状态。将page_load代码放在If(!IsPostBack)条件下:
protected void Page_Load(object sender, EventArgs e)
{
If(!IsPostBack)
{
string x = Request.QueryString["SubId"];
string connectionString = System.Configuration.ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString;
string displayQuery = "SELECT CustName, CustAdd, CustCity, CustState, CustZip FROM Customer WHERE SubId =" + x;
string broQuery = "SELECT EntityType FROM Broker WHERE SubId =" + x;
string ddlQuery = "SELECT ProductId FROM SubmissionProducts WHERE SubmissionId =" + x;
using (SqlConnection displayConn = new SqlConnection(connectionString))
{
displayConn.Open();
SqlCommand DlistCmd = new SqlCommand(ddlQuery, displayConn);
using (SqlDataReader Ddldr = DlistCmd.ExecuteReader())
{
while (Ddldr.Read())
{
switch (Ddldr.GetInt32(0))
{
case 1:
DdlProductList.Items.RemoveAt(1);
break;
case 2:
DdlProductList.Items.RemoveAt(2);
break;
case 3:
DdlProductList.Items.RemoveAt(3);
break;
case 4:
DdlProductList.Items.RemoveAt(4);
break;
case 5:
DdlProductList.Items.RemoveAt(5);
break;
case 6:
DdlProductList.Items.RemoveAt(6);
break;
case 7:
DdlProductList.Items.RemoveAt(7);
break;
default:
break;
}
}
}