52,797
社区成员
发帖
与我相关
我的任务
分享
function ajax(url, onsuccess) {
var xmlhttp = window.XMLHttpRequest ? new XMLHttpRequest() : new ActiveXObject('Microsoft.XMLHTTP');
xmlhttp.open("POST", url, true);
xmlhttp.onreadystatechange = function () {
if (xmlhttp.readyState == 4)
{
if (xmlhttp.status == 200 )
{
onsuccess(xmlhttp.responseText);
}
else {
alert("AJAX服务器返回错误!" );
}
}
}
xmlhttp.send();
}
ajax("BlogCommentAjax.ashx?Action=PostComment&BlogId=$Data.Blog.Id&Name="+name+"&Email="+email+"&Website="+website+"&Subject="+subject, function (txt) {
if (txt == "ok") {
document.getElementById("commentName").value = '';
document.getElementById("commentEmail").value = '';
document.getElementById("commentWebsite").value = '';
document.getElementById("commentSubject").value = '';
LoadComments();
}
else if (txt == "error") {
alert("您提交的数据有错误!");
}
else {
alert("服务器返回未知数据:" + txt);
}
});
string action=context.Request["Action"];
if (action == "PostComment")
{
long blogid = Convert.ToInt64(context.Request["BlogId"]);
string name=context.Request["Name"];
string email=context.Request["Email"];
string website=context.Request["Website"];
string subject=context.Request["Subject"];
if (name.Contains(">") || name.Contains("<") || email.Contains("<") || email.Contains(">") || website.Contains("<") || website.Contains(">") || subject.Contains("<") || subject.Contains(">"))
{
context.Response.Write("error");
return;
}
SqlHelper.ExecuteNonQuery("insert into BlogComments(BlogId,Name,Email,Website,Subject,CreateDateTime) values(@BlogId,@Name,@Email,@Website,@Subject,getdate())",new SqlParameter("@BlogId",blogid),new SqlParameter("@Name",name),new SqlParameter("@Email",email),new SqlParameter("@Website",website),new SqlParameter("@Subject",subject));
context.Response.Write("ok");
}