使用asp.net选择州和城市验证? [英] Select State and City validation using asp.net?
问题描述
亲爱的所有人,
请检查下面的代码,在此代码中没有和带图像的输出正确但是这里选择状态和城市验证不正确请回复我
<前lang =c#> 受保护 void btnPostAd_Click( object sender,EventArgs e)
{
if (ddlState.SelectedItem.Text!= 选择状态&& ddlCity.SelectedItem。 Text!= 选择城市 || FileUpload1.PostedFile.ContentLength!= 0 )
{
string strimage = @ 〜\ProductImage \ + FileUpload1.FileName;
FileUpload1.PostedFile.SaveAs(Server.MapPath(strimage));
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings [ DBConnection的跨度>]的ConnectionString)。
字符串 strInsert = 插入ProductDetailsTable(类别,类别类型,标题,说明,价格,州,城市,联系人姓名,ContactEmail,ContactMobile,ContactPhoto,ContactViaEmail,日期)值(' + lblEducation.Text + ',' + ddlCategoryType.Text + ',' + txtTitle.Text + ',' + txtDescription .Text + ',' + txtPrice.Text + ',' + ddlState.SelectedItem.Text + ',' + ddlCity.SelectedItem.Text + ',' + txtContact Name.Text + ',' + txtContactEmail.Text + ',' + txtContactMobile.Text + ',' + strimage + ',' + txtContactedViaEmail.Text + ',' + lblDateTime.Text + ');
SqlCommand cmd = new SqlCommand(strInsert,con);
尝试
{
con.Open();
cmd.ExecuteNonQuery();
Thread.Sleep( 3000 );
ScriptManager.RegisterStartupScript( this , this .GetType(), script, 警报('您的添加已成功发布'), true );
}
catch (SqlException ex)
{
ScriptManager.RegisterStartupScript( this , this .GetType(), script, alert('Select State / City'),< span class =code-keyword> true );
string errorMessage = 参加比赛时出错跨度>;
errorMessage + = ex.Message;
throw new 异常(errorMessage);
}
最后
{
con.Close();
}
清除();
}
else
{
string strimage = NoImage.jpg;
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings [ DBConnection的跨度>]的ConnectionString)。
字符串 strInsert = 插入ProductDetailsTable(类别,类别类型,标题,说明,价格,州,城市,联系人姓名,ContactEmail,ContactMobile,ContactPhoto,ContactViaEmail,日期)值(' + lblEducation.Text + ',' + ddlCategoryType.Text + ',' + txtTitle.Text + ',' + txtDescription .Text + ',' + txtPrice.Text + ',' + ddlState.SelectedItem.Text + ',' + ddlCity.SelectedItem.Text + ',' + txtContact Name.Text + ',' + txtContactEmail.Text + ',' + txtContactMobile.Text + ',' + strimage + ',' + txtContactedViaEmail.Text + ',' + lblDateTime.Text + ');
SqlCommand cmd = new SqlCommand(strInsert,con);
尝试
{
con.Open();
cmd.ExecuteNonQuery();
Thread.Sleep( 3000 );
ScriptManager.RegisterStartupScript( this , this .GetType(), script, 警报('您的添加已成功发布'), true );
}
catch (SqlException ex)
{
ScriptManager.RegisterStartupScript( this , this .GetType(), script, alert('Select State / City'),< span class =code-keyword> true );
string errorMessage = 参加比赛时出错跨度>;
errorMessage + = ex.Message;
throw new 异常(errorMessage);
}
最后
{
con.Close();
}
清除();
}
} 试试这个:
受保护 void btnPostAd_Click( object sender,EventArgs e)
{
if (ddlState.SelectedItem.Text!= 选择状态&& ddlCity.SelectedItem.Text!= 选择城市)
{
if (FileUpload1.PostedFile.ContentLength!= 0 )
{
string strimage = @ 〜\ProductImage \ + FileUpload1.FileName;
FileUpload1.PostedFile.SaveAs(Server.MapPath(strimage));
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings [ DBConnection的跨度>]的ConnectionString)。
字符串 strInsert = 插入ProductDetailsTable(类别,类别类型,标题,说明,价格,州,城市,联系人姓名,ContactEmail,ContactMobile,ContactPhoto,ContactViaEmail,日期)值(' + lblEducation.Text + ',' + ddlCategoryType.Text + ',' + txtTitle.Text + ',' + txtDescription .Text + ',' + txtPrice.Text + ',' + ddlState.SelectedItem.Text + ',' + ddlCity.SelectedItem.Text + ',' + txtContact Name.Text + ',' + txtContactEmail.Text + ',' + txtContactMobile.Text + ',' + strimage + ',' + txtContactedViaEmail.Text + ',' + lblDateTime.Text + ');
SqlCommand cmd = new SqlCommand(strInsert,con);
尝试
{
con.Open();
cmd.ExecuteNonQuery();
Thread.Sleep( 3000 );
ScriptManager.RegisterStartupScript( this , this .GetType(), script, 警报('您的添加已成功发布'), true );
}
catch (SqlException ex)
{
// ScriptManager.RegisterStartupScript(this,this.GetType(),script,alert('Select State / City'),true);
// string errorMessage =参加比赛时出错;
// errorMessage + = ex.Message;
// 抛出新的异常(errorMessage);
}
最后
{
con.Close();
}
清除();
}
else
{
string strimage = NoImage.jpg;
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings [ DBConnection的跨度>]的ConnectionString)。
字符串 strInsert = 插入ProductDetailsTable(类别,类别类型,标题,说明,价格,州,城市,联系人姓名,ContactEmail,ContactMobile,ContactPhoto,ContactViaEmail,日期)值(' + lblEducation.Text + ',' + ddlCategoryType.Text + ',' + txtTitle.Text + ',' + txtDescription .Text + ',' + txtPrice.Text + ',' + ddlState.SelectedItem.Text + ',' + ddlCity.SelectedItem.Text + ',' + txtContact Name.Text + ',' + txtContactEmail.Text + ',' + txtContactMobile.Text + ',' + strimage + ',' + txtContactedViaEmail.Text + ',' + lblDateTime.Text + ');
SqlCommand cmd = new SqlCommand(strInsert,con);
尝试
{
con.Open();
cmd.ExecuteNonQuery();
Thread.Sleep( 3000 );
ScriptManager.RegisterStartupScript( this , this .GetType(), script, 警报('您的添加已成功发布'), true );
}
catch (SqlException ex)
{
// ScriptManager.RegisterStartupScript(this,this.GetType(),script,alert('Select State / City'),true);
// string errorMessage =参加比赛时出错;
// errorMessage + = ex.Message;
// 抛出新的异常(errorMessage);
}
最后
{
con.Close();
}
清除();
}
}
else
{
ScriptManager.RegisterStartupScript( this , this .GetType(), script, alert('Select State / City'), true );
}
}
请勿在查询中连接字符串。它导致 Sql Injection [ ^ ]
Dear All,
please check below code and in this code without and with image is coming output properly but here select state and city validation is not coming properly please reply me
protected void btnPostAd_Click(object sender, EventArgs e)
{
if (ddlState.SelectedItem.Text != "Select State" && ddlCity.SelectedItem.Text != "Select City" || FileUpload1.PostedFile.ContentLength != 0)
{
string strimage = @"~\ProductImage\" + FileUpload1.FileName;
FileUpload1.PostedFile.SaveAs(Server.MapPath(strimage));
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["DBCONNECTION"].ConnectionString);
String strInsert = "insert into ProductDetailsTable(Categories,CategoriesType,Title,Description,Price,State,City,ContactName,ContactEmail,ContactMobile,ContactPhoto,ContactViaEmail,Date)values('" + lblEducation.Text + "','" + ddlCategoryType.Text + "','" + txtTitle.Text + "','" + txtDescription.Text + "','" + txtPrice.Text + "','" + ddlState.SelectedItem.Text + "','" + ddlCity.SelectedItem.Text + "','" + txtContactName.Text + "','" + txtContactEmail.Text + "','" + txtContactMobile.Text + "','" + strimage + "','" + txtContactedViaEmail.Text + "','" + lblDateTime.Text + "')";
SqlCommand cmd = new SqlCommand(strInsert, con);
try
{
con.Open();
cmd.ExecuteNonQuery();
Thread.Sleep(3000);
ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Your Add has been Posted Successfully')", true);
}
catch (SqlException ex)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Select State/City')", true);
string errorMessage = "Error in entering competition";
errorMessage += ex.Message;
throw new Exception(errorMessage);
}
finally
{
con.Close();
}
Clear();
}
else
{
string strimage = "NoImage.jpg";
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["DBCONNECTION"].ConnectionString);
String strInsert = "insert into ProductDetailsTable(Categories,CategoriesType,Title,Description,Price,State,City,ContactName,ContactEmail,ContactMobile,ContactPhoto,ContactViaEmail,Date)values('" + lblEducation.Text + "','" + ddlCategoryType.Text + "','" + txtTitle.Text + "','" + txtDescription.Text + "','" + txtPrice.Text + "','" + ddlState.SelectedItem.Text + "','" + ddlCity.SelectedItem.Text + "','" + txtContactName.Text + "','" + txtContactEmail.Text + "','" + txtContactMobile.Text + "','" + strimage + "','" + txtContactedViaEmail.Text + "','" + lblDateTime.Text + "')";
SqlCommand cmd = new SqlCommand(strInsert, con);
try
{
con.Open();
cmd.ExecuteNonQuery();
Thread.Sleep(3000);
ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Your Add has been Posted Successfully')", true);
}
catch (SqlException ex)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Select State/City')", true);
string errorMessage = "Error in entering competition";
errorMessage += ex.Message;
throw new Exception(errorMessage);
}
finally
{
con.Close();
}
Clear();
}
}
Try this:
protected void btnPostAd_Click(object sender, EventArgs e) { if (ddlState.SelectedItem.Text != "Select State" && ddlCity.SelectedItem.Text != "Select City") { if (FileUpload1.PostedFile.ContentLength != 0) { string strimage = @"~\ProductImage\" + FileUpload1.FileName; FileUpload1.PostedFile.SaveAs(Server.MapPath(strimage)); SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["DBCONNECTION"].ConnectionString); String strInsert = "insert into ProductDetailsTable(Categories,CategoriesType,Title,Description,Price,State,City,ContactName,ContactEmail,ContactMobile,ContactPhoto,ContactViaEmail,Date)values('" + lblEducation.Text + "','" + ddlCategoryType.Text + "','" + txtTitle.Text + "','" + txtDescription.Text + "','" + txtPrice.Text + "','" + ddlState.SelectedItem.Text + "','" + ddlCity.SelectedItem.Text + "','" + txtContactName.Text + "','" + txtContactEmail.Text + "','" + txtContactMobile.Text + "','" + strimage + "','" + txtContactedViaEmail.Text + "','" + lblDateTime.Text + "')"; SqlCommand cmd = new SqlCommand(strInsert, con); try { con.Open(); cmd.ExecuteNonQuery(); Thread.Sleep(3000); ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Your Add has been Posted Successfully')", true); } catch (SqlException ex) { //ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Select State/City')", true); //string errorMessage = "Error in entering competition"; //errorMessage += ex.Message; //throw new Exception(errorMessage); } finally { con.Close(); } Clear(); } else { string strimage = "NoImage.jpg"; SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["DBCONNECTION"].ConnectionString); String strInsert = "insert into ProductDetailsTable(Categories,CategoriesType,Title,Description,Price,State,City,ContactName,ContactEmail,ContactMobile,ContactPhoto,ContactViaEmail,Date)values('" + lblEducation.Text + "','" + ddlCategoryType.Text + "','" + txtTitle.Text + "','" + txtDescription.Text + "','" + txtPrice.Text + "','" + ddlState.SelectedItem.Text + "','" + ddlCity.SelectedItem.Text + "','" + txtContactName.Text + "','" + txtContactEmail.Text + "','" + txtContactMobile.Text + "','" + strimage + "','" + txtContactedViaEmail.Text + "','" + lblDateTime.Text + "')"; SqlCommand cmd = new SqlCommand(strInsert, con); try { con.Open(); cmd.ExecuteNonQuery(); Thread.Sleep(3000); ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Your Add has been Posted Successfully')", true); } catch (SqlException ex) { //ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Select State/City')", true); //string errorMessage = "Error in entering competition"; //errorMessage += ex.Message; //throw new Exception(errorMessage); } finally { con.Close(); } Clear(); } } else { ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Select State/City')", true); } }
Do not concatenate stringsin query.It leads to Sql Injection[^]
这篇关于使用asp.net选择州和城市验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!