0
我有一個模式彈出應該上傳文件。這樣做很好,除了它不給它們一個標題,因此沒有任何東西顯示在我的頁面上,因爲Title是它們在列表中顯示的方式。我應該用什麼替換LinkTitle.Text才能使它工作? 我想解決這個傢伙的代碼,因爲它沒有正常工作。我在下面添加了一條評論,其中有參數化的新代碼。這是在使用Microsoft SQL Server的ASP.net 4.0 VB中。INSERT語句忽略一塊
Protected Sub SubmitDocument_Click(ByVal sender As Object, ByVal e As EventArgs) Handles SubmitDocument.Click
DocumentModal.Hide()
'Builds the full absolute URL to be inserted into the database.
Dim hostURL As String = Request.Url.Scheme & "://" & Request.Url.Host & ":" & Request.Url.Port & Request.ApplicationPath
Dim sqlFileHREF As String = "INSERT INTO Marketing (ProductID, MarketingTypeID, MarketingTitle, MarketingData) VALUES (" & ProductID.Value & " ,4, '" & LinkTitle.Text & "', '" & hostURL & "uploads/" & ProductID.Value & "/" & DocumentUpload.FileName & "')"
sqlFileHREF.Replace("'", "''")
'Create SQL Connection
Dim SqlConnection As New SqlConnection("****************************************")
SqlConnection.Open()
Dim sqlCommand As New SqlCommand(sqlFileHREF, SqlConnection)
sqlCommand.ExecuteNonQuery()
SqlConnection.Close()
Response.Redirect(Request.RawUrl)
End Sub
<!-- Add a Document -->
<li>
<asp:LinkButton ID="DocumentButton" runat="server">Document</asp:LinkButton>
<asp:Panel ID="DocumentPanel" runat="server" CssClass="modalPopup" Style="display:none">
<asp:FileUpload ID="DocumentUpload" runat="server" />
<asp:Button ID="SubmitDocument" runat="server" Text="Upload" onclick="SubmitDocument_Click" /><asp:Button ID="CancelDocument" runat="server" Text="Cancel" /><asp:HiddenField ID="filename" runat="server" />
</asp:Panel>
<asp:ModalPopupExtender ID="DocumentModal" runat="server" DropShadow="True" DynamicServicePath="" Enabled="True" PopupControlID="DocumentPanel" TargetControlID="DocumentButton"></asp:ModalPopupExtender>
</li>
你在哪裏做這個和什麼? – Fionnuala
備註:使用參數NOT字符串連接。您正在詢問SQL注入漏洞。 –
當您顯示彈出窗口時,您提供LinkTitle.Text,否? – gbn