未经授权的访问异常由用户代码错误解决方案处理 [英] unauthorized access exception was handled by user code error solution
本文介绍了未经授权的访问异常由用户代码错误解决方案处理的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
using System;
using System.IO;
using System.Collections;
using System.Data;
using System.Configuration;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.Sql;
using System.Data.SqlClient;
using iTextSharp.text;
using iTextSharp.text.pdf;
public partial class donorcard : System.Web.UI.Page
{
SqlConnection cn;
SqlCommand cmd;
protected void Page_Load(object sender, EventArgs e)
{
cn = new SqlConnection("Data Source=.\\SQLEXPRESS;AttachDbFilename=E:\\organ2\\App_Data\\Database.mdf;Integrated Security=True;User Instance=True");
cn.Open();
}
protected void Button1_Click(object sender, EventArgs e)
{
string donorid = TextBox1.Text;
string donorname = TextBox5.Text;
string address = TextBox2.Text;
string anypart = RadioButtonList1.Text;
string wish = CheckBoxList2.Text;
string witnessname = TextBox3.Text;
string witnessphno = TextBox4.Text;
string name = FileUpload1.FileName;
FileUpload1.SaveAs(Server.MapPath("~/images/" + name));
string photo = "~/images/" + name;
cmd = new SqlCommand("insert into donorcard values('" + donorid + "','" + donorname + "','" + address + "','" + anypart + "','" + wish + "','" + witnessname + "','" + witnessphno + "','" + photo + "')", cn);
cmd.ExecuteNonQuery();
TextBox1.Text = "";
TextBox2.Text = "";
TextBox3.Text = "";
TextBox4.Text = "";
TextBox5.Text = "";
RadioButtonList1.Text = "";
CheckBoxList2.Text = "";
//Response.Redirect("~/donor mainpage.aspx");00
//Response.ContentType = "Application/pdf";
//Response.AppendHeader("Content-Disposition", "attachment;filename=Test_PDF.pdf");
//Response.TransmitFile(Server.MapPath("~//pdf.pdf"));
//Response.End();
Document doc = new Document(iTextSharp.text.PageSize.LETTER, 10, 10, 42, 35);
PdfWriter wri = PdfWriter.GetInstance(doc, new FileStream("Donorcard.pdf", FileMode.Create));
doc.Open();
Paragraph paragraph = new Paragraph("This is your Donorcard.Get signature form the witness and keep it safe.");
doc.Add(paragraph);
doc.Close();
}
}
推荐答案
这里有太多错误...
第一个是当前文件夹是一个非常差的存储PDF文件的地方:
There are so many things wrong here...
The first is that the "current folder" is a very poor place to store your PDF files:
PdfWriter wri = PdfWriter.GetInstance(doc, new FileStream("Donorcard.pdf", FileMode.Create));
这可能是你问题的根源。因此,创建一个Documents文件夹,给它相应的写入权限,然后使用它。
但更重要的是,不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。这在Web应用程序中尤为重要,世界上任何地方的任何人都可以通过键入文本框来删除您的数据库......
And that's probably the source of your problem. So create a "Documents" folder, give it the appropriate write permissions, and use that instead.
But more importantly, Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. This is especially important in a web app where anyone, anywhere in the world, can delete your database by typing in text boxes...
这篇关于未经授权的访问异常由用户代码错误解决方案处理的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
