62,074
社区成员
发帖
与我相关
我的任务
分享急救!
我的程序,用存储过程从数据库读出来数据DataSet赋给DataGrid.其中有个字段 内容 是带特殊字符的(如: br,> ),现在一点更新就报错。
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (Db_G_news:_ctl10:_ctl5="dsf<br>sdfjsd'f<br>&nbs...").
我在EditCommand事件 中写了转换程序改变不了。e.Item.Cells[4].Text=Server.HtmlDecode(e.Item.Cells[4].Text);
高手帮我啊!小弟给你们鞠躬了!
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (Db_G_news:_ctl10:_ctl5="dsf<br>sdfjsd'f<br>&nbs...").
我在EditCommand事件 中写了转换程序改变不了。e.Item.Cells[4].Text=Server.HtmlDecode(e.Item.Cells[4].Text);
高手帮我啊!小弟给你们鞠躬了!
...全文
请发表友善的回复…
发表回复
vzxq 2004-04-14
- 打赏
- 举报
太谢谢了,交个朋友吧。我的MSN是 vzxq@2008@hotmail.com
亲人啊·!
亲人啊·!
bitsbird 2004-04-14
- 打赏
- 举报
试试看修改web.config文件:
<configuration>
<system.web>
<pages validateRequest="false" />
</system.web>
</configuration>
<configuration>
<system.web>
<pages validateRequest="false" />
</system.web>
</configuration>
vzxq 2004-04-14
- 打赏
- 举报
private void News_DataBind()
{
SqlConnection conn= new SqlConnection(ConfigurationSettings.AppSettings["ConnectionString"]);
try
{
if (conn.State.ToString()=="Closed")
{
conn.Open();
}
SqlDataAdapter myReader =new SqlDataAdapter("browse_news_other",conn);
DataSet DS=new DataSet();
Db_G_news.Columns[0].HeaderText ="删除";
Db_G_news.Columns[1].HeaderText="更新";
myReader.Fill(DS,"news");
Db_G_news.DataSource=DS;
Db_G_news.DataBind();
myReader.Dispose();
DS.Dispose();
}
catch(Exception ex)
{
string Error_info_detail=Server.UrlEncode(ex.Message.ToString());
Response.Redirect("Error_page.aspx?Error_info="+ Error_info_detail);
}
finally
{
if (conn.State.ToString()=="Open")
{
conn.Close();
conn.Dispose();
}
}
}
private void News_update(int n_id,string n_title,string n_content,string n_date,int n_num,int n_type)
{
SqlConnection conn=new SqlConnection(ConfigurationSettings.AppSettings["ConnectionString"]);
try
{
if (conn.State.ToString()=="Closed")
{
conn.Open();
}
SqlCommand com= new SqlCommand("update_news",conn);
com.CommandType=CommandType.StoredProcedure;
com.Parameters.Add("@n_id",SqlDbType.Int);
com.Parameters["@n_id"].Value=n_id;
n_title=formatString(n_title);
com.Parameters.Add("@n_title",SqlDbType.VarChar);
com.Parameters["@n_title"].Value=n_title;
n_content=formatString(n_content);
com.Parameters.Add("@n_content",SqlDbType.VarChar);
com.Parameters["@n_content"].Value=n_content;
com.Parameters.Add("@n_date",SqlDbType.SmallDateTime);
com.Parameters["@n_date"].Value=Convert.ToDateTime(n_date);
com.Parameters.Add("@news_bro_num",SqlDbType.VarChar);
com.Parameters["@news_bro_num"].Value=n_num;
com.Parameters.Add("@n_type",SqlDbType.Int);
com.Parameters["@n_type"].Value=n_type;
com.ExecuteNonQuery();
com.Dispose();
}
catch(Exception ex)
{
String Error_info1=ex.Message.ToString();
Error_info1="Error_page.aspx?Error_info="+Error_info1;
Response.Redirect(Error_info1);
}
finally
{
if (conn.State.ToString()=="Open")
{
conn.Close();
conn.Dispose();
}
}
}
private void Db_G_news_PageIndexChanged(object source, System.Web.UI.WebControls.DataGridPageChangedEventArgs e)
{
Db_G_news.CurrentPageIndex=e.NewPageIndex;
News_DataBind();
}
private void Db_G_news_UpdateCommand(object source, System.Web.UI.WebControls.DataGridCommandEventArgs e)
{
int n_id;
int n_num;
int n_type;
((TextBox)e.Item.Cells[4].Controls[0]).Text=Server.UrlDecode(((TextBox)e.Item.Cells[4].Controls[0]).Text);
//string eee=((TextBox)e.Item.Cells[3].Controls[0]).Text;
//string test=((TextBox)e.Item.Cells[4].Controls[0]).Text;
int test= Convert.ToInt32(((TextBox)e.Item.Cells[2].Controls[0]).Text);
if(((TextBox)e.Item.Cells[2].Controls[0]).Text=="" || ((TextBox)e.Item.Cells[2].Controls[0]).Text.Length==0)
{ return;}
else
{ n_id=Convert.ToInt32(((TextBox)e.Item.Cells[2].Controls[0]).Text);}
string n_title=((TextBox)e.Item.Cells[3].Controls[0]).Text;
//n_title=formatString(n_title);
Server.UrlDecode(n_title);
string n_content=((TextBox)e.Item.Cells[4].Controls[0]).Text;
//n_content=formatString(n_content);
string n_date=((TextBox)e.Item.Cells[5].Controls[0]).Text;
if(((TextBox)e.Item.Cells[6].Controls[0]).Text=="" || ((TextBox)e.Item.Cells[6].Controls[0]).Text.Length==0)
{ n_num=0;}
else
{ n_num=Convert.ToInt32(((TextBox)e.Item.Cells[6].Controls[0]).Text);}
if(((TextBox)e.Item.Cells[7].Controls[0]).Text=="" || ((TextBox)e.Item.Cells[7].Controls[0]).Text.Length==0)
{ n_type=0;}
else
{n_type=Convert.ToInt32(((TextBox)e.Item.Cells[7].Controls[0]).Text);}
News_update(n_id,n_title,n_content,n_date,n_num,n_type);
Db_G_news.EditItemIndex=-1;
News_DataBind();
}
private void Db_G_news_CancelCommand(object source, System.Web.UI.WebControls.DataGridCommandEventArgs e)
{
Db_G_news.EditItemIndex=-1;
News_DataBind();
}
private string formatString(string str)
{
str=str.Replace(" "," ");//处理空格
str=str.Replace("<","<");//处理小于号
str=str.Replace(">",">");//处理大于号
str=str.Replace("\n","<br>");//处理换行
return str;
}
private string formatString_too(string str)
{
str=str.Replace(" "," ");//处理空格
str=str.Replace("<","<");//处理小于号
str=str.Replace(">",">");//处理大于号
str=str.Replace("<br>","\n");//处理换行
return str;
}
private void Db_G_news_ItemDataBound(object sender, System.Web.UI.WebControls.DataGridItemEventArgs e)
{
//e.Item.Cells[2].Enabled=false;
e.Item.Cells[3].Text=formatString_too(e.Item.Cells[3].Text);
e.Item.Cells[4].Text=formatString_too(e.Item.Cells[4].Text);
}
{
SqlConnection conn= new SqlConnection(ConfigurationSettings.AppSettings["ConnectionString"]);
try
{
if (conn.State.ToString()=="Closed")
{
conn.Open();
}
SqlDataAdapter myReader =new SqlDataAdapter("browse_news_other",conn);
DataSet DS=new DataSet();
Db_G_news.Columns[0].HeaderText ="删除";
Db_G_news.Columns[1].HeaderText="更新";
myReader.Fill(DS,"news");
Db_G_news.DataSource=DS;
Db_G_news.DataBind();
myReader.Dispose();
DS.Dispose();
}
catch(Exception ex)
{
string Error_info_detail=Server.UrlEncode(ex.Message.ToString());
Response.Redirect("Error_page.aspx?Error_info="+ Error_info_detail);
}
finally
{
if (conn.State.ToString()=="Open")
{
conn.Close();
conn.Dispose();
}
}
}
private void News_update(int n_id,string n_title,string n_content,string n_date,int n_num,int n_type)
{
SqlConnection conn=new SqlConnection(ConfigurationSettings.AppSettings["ConnectionString"]);
try
{
if (conn.State.ToString()=="Closed")
{
conn.Open();
}
SqlCommand com= new SqlCommand("update_news",conn);
com.CommandType=CommandType.StoredProcedure;
com.Parameters.Add("@n_id",SqlDbType.Int);
com.Parameters["@n_id"].Value=n_id;
n_title=formatString(n_title);
com.Parameters.Add("@n_title",SqlDbType.VarChar);
com.Parameters["@n_title"].Value=n_title;
n_content=formatString(n_content);
com.Parameters.Add("@n_content",SqlDbType.VarChar);
com.Parameters["@n_content"].Value=n_content;
com.Parameters.Add("@n_date",SqlDbType.SmallDateTime);
com.Parameters["@n_date"].Value=Convert.ToDateTime(n_date);
com.Parameters.Add("@news_bro_num",SqlDbType.VarChar);
com.Parameters["@news_bro_num"].Value=n_num;
com.Parameters.Add("@n_type",SqlDbType.Int);
com.Parameters["@n_type"].Value=n_type;
com.ExecuteNonQuery();
com.Dispose();
}
catch(Exception ex)
{
String Error_info1=ex.Message.ToString();
Error_info1="Error_page.aspx?Error_info="+Error_info1;
Response.Redirect(Error_info1);
}
finally
{
if (conn.State.ToString()=="Open")
{
conn.Close();
conn.Dispose();
}
}
}
private void Db_G_news_PageIndexChanged(object source, System.Web.UI.WebControls.DataGridPageChangedEventArgs e)
{
Db_G_news.CurrentPageIndex=e.NewPageIndex;
News_DataBind();
}
private void Db_G_news_UpdateCommand(object source, System.Web.UI.WebControls.DataGridCommandEventArgs e)
{
int n_id;
int n_num;
int n_type;
((TextBox)e.Item.Cells[4].Controls[0]).Text=Server.UrlDecode(((TextBox)e.Item.Cells[4].Controls[0]).Text);
//string eee=((TextBox)e.Item.Cells[3].Controls[0]).Text;
//string test=((TextBox)e.Item.Cells[4].Controls[0]).Text;
int test= Convert.ToInt32(((TextBox)e.Item.Cells[2].Controls[0]).Text);
if(((TextBox)e.Item.Cells[2].Controls[0]).Text=="" || ((TextBox)e.Item.Cells[2].Controls[0]).Text.Length==0)
{ return;}
else
{ n_id=Convert.ToInt32(((TextBox)e.Item.Cells[2].Controls[0]).Text);}
string n_title=((TextBox)e.Item.Cells[3].Controls[0]).Text;
//n_title=formatString(n_title);
Server.UrlDecode(n_title);
string n_content=((TextBox)e.Item.Cells[4].Controls[0]).Text;
//n_content=formatString(n_content);
string n_date=((TextBox)e.Item.Cells[5].Controls[0]).Text;
if(((TextBox)e.Item.Cells[6].Controls[0]).Text=="" || ((TextBox)e.Item.Cells[6].Controls[0]).Text.Length==0)
{ n_num=0;}
else
{ n_num=Convert.ToInt32(((TextBox)e.Item.Cells[6].Controls[0]).Text);}
if(((TextBox)e.Item.Cells[7].Controls[0]).Text=="" || ((TextBox)e.Item.Cells[7].Controls[0]).Text.Length==0)
{ n_type=0;}
else
{n_type=Convert.ToInt32(((TextBox)e.Item.Cells[7].Controls[0]).Text);}
News_update(n_id,n_title,n_content,n_date,n_num,n_type);
Db_G_news.EditItemIndex=-1;
News_DataBind();
}
private void Db_G_news_CancelCommand(object source, System.Web.UI.WebControls.DataGridCommandEventArgs e)
{
Db_G_news.EditItemIndex=-1;
News_DataBind();
}
private string formatString(string str)
{
str=str.Replace(" "," ");//处理空格
str=str.Replace("<","<");//处理小于号
str=str.Replace(">",">");//处理大于号
str=str.Replace("\n","<br>");//处理换行
return str;
}
private string formatString_too(string str)
{
str=str.Replace(" "," ");//处理空格
str=str.Replace("<","<");//处理小于号
str=str.Replace(">",">");//处理大于号
str=str.Replace("<br>","\n");//处理换行
return str;
}
private void Db_G_news_ItemDataBound(object sender, System.Web.UI.WebControls.DataGridItemEventArgs e)
{
//e.Item.Cells[2].Enabled=false;
e.Item.Cells[3].Text=formatString_too(e.Item.Cells[3].Text);
e.Item.Cells[4].Text=formatString_too(e.Item.Cells[4].Text);
}
bitsbird 2004-04-14
- 打赏
- 举报
不知道你程序怎么写的,你先贴出来看看
vzxq 2004-04-14
- 打赏
- 举报
老兄写在ItemDataBound中是不报错了。可是这一列的值成空的了,还不可编辑。
vzxq 2004-04-14
- 打赏
- 举报
把什么写在ItemdataBound里啊,我e.Item.Cells[4].Text=Server.HtmlDecode(e.Item.Cells[4].Text);写进去了,翻页不能用了
bitsbird 2004-04-14
- 打赏
- 举报
在itemdatabound里写试试看
vzxq 2004-04-14
- 打赏
- 举报
发错了!
太谢谢了,交个朋友吧。我的MSN是 vzxq2008@hotmail.com
亲人啊·!
太谢谢了,交个朋友吧。我的MSN是 vzxq2008@hotmail.com
亲人啊·!
