ASP modalpopupextender 和上传控件
我的页面上有几个上传控件,由 ajax ModalPopUpExtender 显示,但它们目前不起作用。有人可以帮助我找出问题所在,以便他们可以开始将信息输入我的数据库吗?
顺便说一句,我不知道隐藏字段的用途或用途,所以如果有人理解这一点,请向我解释一下。我没有写这个,我只是想修复它。
<!-- Add a Document -->
<li>
<asp:LinkButton ID="DocumentButton" runat="server">Document</asp:LinkButton>
<asp:Panel ID="DocumentPanel" runat="server" CssClass="modalPopup" Style="display:none">
<asp:FileUpload ID="DocumentUpload" runat="server" />
<asp:Button ID="SubmitDocument" runat="server" Text="Upload" onclick="SubmitDocument_Click" /><asp:Button ID="CancelDocument" runat="server" Text="Cancel" /><asp:HiddenField ID="filename" runat="server" />
</asp:Panel>
<asp:ModalPopupExtender ID="DocumentModal" runat="server" DropShadow="True"
DynamicServicePath="" Enabled="True" OkControlID="SubmitDocument" PopupControlID="DocumentPanel" TargetControlID="DocumentButton"></asp:ModalPopupExtender>
</li>
Protected Sub SubmitDocument_Click(ByVal sender As Object, ByVal e As EventArgs) Handles SubmitDocument.Click
'Builds the full absolute URL to be inserted into the database.
Dim hostURL As String = Request.Url.Scheme & "://" & Request.Url.Host & ":" & Request.Url.Port & Request.ApplicationPath
Dim sqlFileHREF As String = "INSERT INTO Marketing (ProductID, MarketingTypeID, MarketingTitle, MarketingData) VALUES (" & ProductID.Value & " , 4 , '" & LinkTitle.Text & "', '" & hostURL & "uploads/" & ProductID.Value & "/" & filename.Value & "')"
'Create SQL Connection
Dim SqlConnection As New SqlConnection("Server=off-db1;uid=productsDB_admin;pwd=*****;database=Products")
SqlConnection.Open()
Dim sqlCommand As New SqlCommand(sqlFileHREF, SqlConnection)
sqlCommand.ExecuteNonQuery()
SqlConnection.Close()
Response.Redirect(Request.RawUrl)
End Sub
I have a couple upload controls on my page that are being shown by the ajax ModalPopUpExtender, but they don't work at the moment. Can someone help me figure out what is wrong so that they can start getting information into my database?
By the way, I don't know what the hidden field is for or is doing, so if someone understands that, please explain it to me. I didn't write this, I'm just trying to fix it.
<!-- Add a Document -->
<li>
<asp:LinkButton ID="DocumentButton" runat="server">Document</asp:LinkButton>
<asp:Panel ID="DocumentPanel" runat="server" CssClass="modalPopup" Style="display:none">
<asp:FileUpload ID="DocumentUpload" runat="server" />
<asp:Button ID="SubmitDocument" runat="server" Text="Upload" onclick="SubmitDocument_Click" /><asp:Button ID="CancelDocument" runat="server" Text="Cancel" /><asp:HiddenField ID="filename" runat="server" />
</asp:Panel>
<asp:ModalPopupExtender ID="DocumentModal" runat="server" DropShadow="True"
DynamicServicePath="" Enabled="True" OkControlID="SubmitDocument" PopupControlID="DocumentPanel" TargetControlID="DocumentButton"></asp:ModalPopupExtender>
</li>
Protected Sub SubmitDocument_Click(ByVal sender As Object, ByVal e As EventArgs) Handles SubmitDocument.Click
'Builds the full absolute URL to be inserted into the database.
Dim hostURL As String = Request.Url.Scheme & "://" & Request.Url.Host & ":" & Request.Url.Port & Request.ApplicationPath
Dim sqlFileHREF As String = "INSERT INTO Marketing (ProductID, MarketingTypeID, MarketingTitle, MarketingData) VALUES (" & ProductID.Value & " , 4 , '" & LinkTitle.Text & "', '" & hostURL & "uploads/" & ProductID.Value & "/" & filename.Value & "')"
'Create SQL Connection
Dim SqlConnection As New SqlConnection("Server=off-db1;uid=productsDB_admin;pwd=*****;database=Products")
SqlConnection.Open()
Dim sqlCommand As New SqlCommand(sqlFileHREF, SqlConnection)
sqlCommand.ExecuteNonQuery()
SqlConnection.Close()
Response.Redirect(Request.RawUrl)
End Sub
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在 ModalPopupExtender 中设置
OkControlID="SubmitDocument"可以防止在服务器端引发SubmitDocument按钮的Click事件。首先要尝试的是删除它并在
SubmitDocument_Click子中添加一个DocumentModal.hide()。更新:
然后,您可以向
sqlFileHREF添加监视,以查找导致',' 附近的语法不正确的原因。我怀疑其中有引号或其他特殊字符。您可以执行诸如sqlFileHREF.Replace("'", "''")之类的操作来将引号加倍。注意:像这样执行 SQL 代码会让你容易受到 SQL 注入!
注意 2:明智的做法是从连接字符串中删除密码,并在您以后的帖子中将其替换为星号 (
pwd=********)(您应该编辑这个)更新2:
使用
DocumentUpload.FileName而不是filename.Value,看起来文件名 HiddenField 是为了某些未实现的功能或测试目的而存在的。setting
OkControlID="SubmitDocument"in the ModalPopupExtender prevent theClickevent of theSubmitDocumentButton to be raised on the server-side.first thing to try is to remove it and add a
DocumentModal.hide()in theSubmitDocument_ClickSub.Update :
Then you could add a watch to
sqlFileHREFto find what is causing theIncorrect syntax near ','.I suspect that you have a quote or others specials character in it. You could do somthing likesqlFileHREF.Replace("'", "''")to double your quotes.Note : Executing SQL code like this make you vulnerable to SQL Injection!
Note 2 : It would be wise to remove the password from the connection string and replace it with stars in yours future posts (
pwd=********) (you should edit this one)Update 2 :
Use
DocumentUpload.FileNameinstead offilename.Value, it look like the filename HiddenField was there for some unimplemented feature or testing purpose.