【发布时间】:2017-06-30 20:54:58
【问题描述】:
我正在使用 C# 和 MS SQL 开发一个消息墙,到目前为止,我能够使用转发器发布和检索它们,现在我需要在每个转发器文本框元素的评论部分中制作 cmets,为此我分配了一个帖子 ID 来关联两个表。
问题是我被困在如何从每个转发器元素中检索帖子 ID,因此当我插入 cmets 表时,我可以包含它,然后一起检索所有内容。
这是我背后的相关代码:
public void postear()
{
string emailcc = Session["EMAIL"].ToString();
string user_id = Session["ID"].ToString();
string usrnom = Session["NOMBRE"].ToString();
string usrfoto = Session["FOTO_URL"].ToString();
string post_contenido = txtpublica.Text.ToString();
var post_fecha = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConexionBD"].ConnectionString))
{
using (SqlCommand cmd = new SqlCommand())
{
cmd.CommandType = CommandType.Text;
cmd.CommandText = (@"INSERT INTO MIEMBROS_Posts (POST_USER_ID, POST_CONTENIDO, POST_FECHA, POST_USER_NOMBRE, POST_USER_FOTO) VALUES ('"
+ user_id + "','" + post_contenido + "','" + post_fecha + "','" + usrnom + "','" + usrfoto + "');");
cmd.Connection = conn;
conn.Open();
int rowsAffected = cmd.ExecuteNonQuery();
}
}
txtpublica.Text = "";
traerposts();
}
public void comentar()
{
string emailcc = Session["EMAIL"].ToString();
string user_id = Session["ID"].ToString();
string usrnom = Session["NOMBRE"].ToString();
string usrfoto = Session["FOTO_URL"].ToString();
// This is the problem area
foreach (RepeaterItem item in Repeater_UsrPosts.Items)
{
Label lbluserID = (Label)item.FindControl("lbluserid");
string userid_post = lbluserID.Text;
}
string buscaid = (string)Repeater_UsrPosts.Items[lblid].FindControl("lbluserid");
string COMM_contenido = txtpublica.Text.ToString();
var COMM_fecha = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConexionBD"].ConnectionString))
{
using (SqlCommand cmd = new SqlCommand())
{
cmd.CommandType = CommandType.Text;
cmd.CommandText = (@"INSERT INTO MIEMBROS_Comments (COMM_USER_ID, COMM_CONTENIDO, COMM_FECHA, COMM_USER_NOMBRE, COMM_USER_FOTO, COMM_POST_ID) VALUES ('"
+ user_id + "','" + COMM_contenido + "','" + COMM_fecha + "','" + usrnom + "','" + usrfoto + "','" + userid_post + "');");
cmd.Connection = conn;
conn.Open();
int rowsAffected = cmd.ExecuteNonQuery();
}
}
txtpublica.Text = "";
traerposts();
}
还有aspx:
<asp:Repeater ID="Repeater_UsrPosts" runat="server">
<ItemTemplate>
<!-- Post -->
<div class="post clearfix">
<div class="user-block">
<asp:Label ID="lblid" runat="server" Text="<%#Eval("post_user_id")%>"></asp:Label>
<img alt="" src="<%#Eval("post_user_foto")%>" class="img-circle img-bordered-sm" />
<span class="username">
<a href="#"><%#Eval("post_user_nombre") %></a>
<a href="#" class="pull-right btn-box-tool"><i class="fa fa-times"></i></a>
</span>
<span class="description"><%#Eval("post_fecha") %></span>
</div>
<!-- /.user-block -->
<p>
<%#Eval("post_contenido") %>
</p>
<form class="form-horizontal">
<div class="form-group margin-bottom-none">
<div class="col-sm-9">
<input class="form-control input-sm" placeholder="Respuesta">
</div>
<div class="col-sm-3">
<button type="submit" class="btn btn-danger pull-right btn-block btn-sm">Enviar</button>
</div>
</div>
</form>
</div>
<!-- /.post -->
</ItemTemplate>
</asp:Repeater>
【问题讨论】:
-
您真的应该研究参数化查询。您的代码很容易受到 SQL 注入的攻击。此外,您在页面上有多个
form标签,这永远不会与 aspnet 一起使用。见developer.com/net/asp/article.php/3609466/…
标签: c# sql asp.net repeater asprepeater