我使用的是 C# ASP.NET,我有一个提交页面,当您单击添加产品链接时,它会打开一个弹出的"添加产品"页面,其中包含可以添加到提交中的产品下拉列表。业务规则规定每个产品在任何提交中只能有一个实例,因此我运行了两个单独的 switch case 语句,一个用于在弹出窗口中选择项目后从下拉列表中删除项目,另一个用于查询数据库以确定是否有任何产品已经与提交关联, 如果是这样,也从下拉列表中删除这些选项。用户从下拉列表中选择项目后,该产品的面板将可见以供用户输入。
这两个开关盒的功能是,它们消除了不应该可用的项目,但是由于我放入了查询的开关盒,因此面板在选择后不再可见。当我删除查询的开关案例时,面板在选择时确实变得可见,但已经与提交关联的产品仍然在下拉列表中可用。
我知道这里有冲突的某个地方,但我对它是什么感到不安,因为这是我第一次尝试编程。代码如下。请忽略查询本身;这是一个非主动训练项目,我的处理程序禁止参数化,因为他希望我先学习基础知识。我了解注入漏洞。
public partial class AddProduct : System.Web.UI.Page
{
protected void BtnAddProduct_Click(object sender, EventArgs e)
{
switch (DdlProductList.SelectedValue)
{
case "1":
PanelEpl.Visible = true;
DdlProductList.Items.Remove(DdlProductList.SelectedItem);
break;
case "2":
PanelProf.Visible = true;
DdlProductList.Items.Remove(DdlProductList.SelectedItem);
break;
case "3":
PanelCrime.Visible = true;
DdlProductList.Items.Remove(DdlProductList.SelectedItem);
break;
case "4":
PanelFid.Visible = true;
DdlProductList.Items.Remove(DdlProductList.SelectedItem);
break;
case "5":
PanelNotProf.Visible = true;
DdlProductList.Items.Remove(DdlProductList.SelectedItem);
break;
case "6":
PanelPriv.Visible = true;
DdlProductList.Items.Remove(DdlProductList.SelectedItem);
break;
case "7":
PanelPub.Visible = true;
DdlProductList.Items.Remove(DdlProductList.SelectedItem);
break;
default:
break;
}
}
protected void Page_Load(object sender, EventArgs e)
{
string x = Request.QueryString["SubId"];
string connectionString = System.Configuration.ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString;
string displayQuery = "SELECT CustName, CustAdd, CustCity, CustState, CustZip FROM Customer WHERE SubId =" + x;
string broQuery = "SELECT EntityType FROM Broker WHERE SubId =" + x;
string ddlQuery = "SELECT ProductId FROM SubmissionProducts WHERE SubmissionId =" + x;
using (SqlConnection displayConn = new SqlConnection(connectionString))
{
displayConn.Open();
SqlCommand DlistCmd = new SqlCommand(ddlQuery, displayConn);
using (SqlDataReader Ddldr = DlistCmd.ExecuteReader())
{
while (Ddldr.Read())
{
switch (Ddldr.GetInt32(0))
{
case 1:
DdlProductList.Items.RemoveAt(1);
break;
case 2:
DdlProductList.Items.RemoveAt(2);
break;
case 3:
DdlProductList.Items.RemoveAt(3);
break;
case 4:
DdlProductList.Items.RemoveAt(4);
break;
case 5:
DdlProductList.Items.RemoveAt(5);
break;
case 6:
DdlProductList.Items.RemoveAt(6);
break;
case 7:
DdlProductList.Items.RemoveAt(7);
break;
default:
break;
}
}
}
我认为您没有考虑页面回发状态。将page_load代码置于If(!IsPostBack)条件下:
protected void Page_Load(object sender, EventArgs e)
{
If(!IsPostBack)
{
string x = Request.QueryString["SubId"];
string connectionString = System.Configuration.ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString;
string displayQuery = "SELECT CustName, CustAdd, CustCity, CustState, CustZip FROM Customer WHERE SubId =" + x;
string broQuery = "SELECT EntityType FROM Broker WHERE SubId =" + x;
string ddlQuery = "SELECT ProductId FROM SubmissionProducts WHERE SubmissionId =" + x;
using (SqlConnection displayConn = new SqlConnection(connectionString))
{
displayConn.Open();
SqlCommand DlistCmd = new SqlCommand(ddlQuery, displayConn);
using (SqlDataReader Ddldr = DlistCmd.ExecuteReader())
{
while (Ddldr.Read())
{
switch (Ddldr.GetInt32(0))
{
case 1:
DdlProductList.Items.RemoveAt(1);
break;
case 2:
DdlProductList.Items.RemoveAt(2);
break;
case 3:
DdlProductList.Items.RemoveAt(3);
break;
case 4:
DdlProductList.Items.RemoveAt(4);
break;
case 5:
DdlProductList.Items.RemoveAt(5);
break;
case 6:
DdlProductList.Items.RemoveAt(6);
break;
case 7:
DdlProductList.Items.RemoveAt(7);
break;
default:
break;
}
}
}