【发布时间】:2018-09-15 08:46:21
【问题描述】:
我可以使用文本区域来保存表单的详细信息。当我设置项目符号列表时,项目符号可以显示在 gridview 的前一个单元格中。描述列的gridview行的以下设计是:
<asp:TemplateField HeaderText="Description" sortExpression="description" >
<ItemTemplate>
<asp:Literal ID="Description" runat="server" Text='<%#
System.Web.HttpUtility.HtmlDecode(Eval("description").ToString()) %>'>
</asp:Literal>
</ItemTemplate>
</asp:TemplateField>
而aspx.cs页面的代码是:
protected void ONCETASKGridView_RowDataBound(object sender, GridViewRowEventArgs e)
{
if (e.Row.RowType == DataControlRowType.DataRow)
{
Label newlabel = (Label)e.Row.FindControl("SubjectLabel");
e.Row.Cells[6].ToolTip = Regex.Replace((e.Row.DataItem as DataRowView)["handover_subject"].ToString(), @"<(.|\n)*?>", string.Empty);
e.Row.Cells[2].ToolTip = Regex.Replace((e.Row.DataItem as DataRowView)["msp_name"].ToString(), @"<(.|\n)*?>", string.Empty);
e.Row.Cells[3].ToolTip = Regex.Replace((e.Row.DataItem as DataRowView)["priority_name"].ToString(), @"<(.|\n)*?>", string.Empty);
e.Row.Cells[4].ToolTip = Regex.Replace((e.Row.DataItem as DataRowView)["c_cat_name"].ToString(), @"<(.|\n)*?>", string.Empty);
//e.Row.Cells[7].ToolTip = Regex.Replace((e.Row.DataItem as DataRowView)["description"].ToString(), @"<(.|\n)*?>", string.Empty);
Button completeB = (Button)e.Row.FindControl("ONCETASK_DELETE_Button");
Label completeL = (Label)e.Row.FindControl("ONCETASK_DELETE_Label");
string select_query = "SELECT hide FROM tbl_schedule_task_list WHERE hide=0 AND schedule_id=" + ONCETASKGridView.DataKeys[e.Row.RowIndex].Values[0].ToString();
SqlCommand select_cmd = new SqlCommand(select_query, con);
con.ConnectionString = constr;
try
{
con.Open();
SqlDataReader reader = select_cmd.ExecuteReader();
if (reader.HasRows)
{
if (Session["role"].ToString().Equals("2") || Session["desig"].ToString().Equals("16"))
{
completeB.Visible = true;
completeL.Visible = false;
}
else
{
completeL.Visible = true;
completeB.Visible = false;
}
con.Close();
}
else
{
completeL.Text = "Deleted";
completeB.Visible = false;
completeL.Visible = true;
completeL.CssClass = "error";
con.Close();
reader.Close();
}
}
catch (Exception er)
{
ERRORPopUpLabel.Text = "Error While Binding AD_HOC Grid.Please Concern Your DEVELOPER";
ERRORPanel.Visible = true;
ERRORModalPopupExtender.Show();
}
}
}
【问题讨论】:
-
请提供您为“描述”提取的数据。在 sql 中运行查询并在此处发布您的结果。该数据似乎对子弹负责
-
这段代码容易受到sql注入。