EnableEventValidation的目的是什么?它如何工作? [英] What is the purpose of EnableEventValidation and how does it work?
问题描述
<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="false" onrowediting="GridView1_RowEditing">
<Columns>
<asp:TemplateField>
<ItemTemplate>
<asp:Button ID="btnEdit" runat="server" Text="Edit" CommandName="Edit" />
<asp:Label ID="lblFirstColumn" runat="server" Text='<%# Eval("FirstColumn") %>'></asp:Label>
</ItemTemplate>
<EditItemTemplate>
<asp:Label ID="lblEditMode" runat="server" Text="This is Edit mode"></asp:Label>
</EditItemTemplate>
</asp:TemplateField>
</Columns>
</asp:GridView>
protected void Page_Load(object sender, EventArgs e)
{
DataTable dt = new DataTable();
dt.Columns.Add("FirstColumn", typeof(int));
dt.Rows.Add(100);
GridView1.DataSource = dt;
if (!IsPostBack)
GridView1.DataBind();
}
protected void GridView1_RowEditing(object sender, GridViewEditEventArgs e)
{
GridView1.EditIndex = e.NewEditIndex;
GridView1.DataBind();
}
如果我将 if(!IsPostBack)GridView1.DataBind(); 更改为 GridView1.DataBind(); ,并尝试通过单击btnEdit将GridView置于编辑"模式,然后我得到了例外:
If I change if (!IsPostBack) GridView1.DataBind(); to GridView1.DataBind(); and try to put GridView into Edit mode by clicking btnEdit, then I get the exception:
无效的回发或回调参数.使用以下方式启用事件验证在配置中或<%@页面EnableEventValidation ="true"%>在页.为了安全起见,这是功能验证该参数是否回发或回调事件起源从服务器控制最初渲染它们.如果数据有效且预期有效,请使用ClientScriptManager.RegisterForEventValidation方法来注册的回传或回调数据验证.
Invalid postback or callback argument. Event validation is enabled using in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.
但是,如果我将 EnableEventValidation 设置为 false ,则 GridView1 将不会进入编辑模式(即- GridView1_RowEditing 不会被调用).
But if I set EnableEventValidation to false, then GridView1 won’t enter edit mode ( ie - GridView1_RowEditing doesn’t get called ).
顺便说一句–其他数据绑定控件(DataList,DetailsView)也会发生相同的问题
BTW – same problem also occurs with other databound controls ( DataList, DetailsView )
页.EnableEventValidation获取或设置一个值,该值指示页面验证回发和回调事件.当EnableEventValidation属性设置为true,ASP.NET验证控制事件源自用户界面由该控件呈现.一种控制过程中注册其事件渲染,然后验证回发或回调期间的事件处理.
Page. EnableEventValidation gets or sets a value indicating whether the page validates postback and callback events. When the EnableEventValidation property is set to true, ASP.NET validates that a control event originated from the user interface that was rendered by that control. A control registers its events during rendering and then validates the events during postback or callback handling.
a)为什么必须评估回发和回调事件?以及评估是如何发生的?
a) Why must postback and callback events be evaluated? and how exactly does evaluation happen?
b)当尝试将其置于 edit 模式时,为什么在每次回发上调用 GridView1.Databind()会导致异常?
b) Why would calling GridView1.Databind() on each postback cause exception when trying to put it into edit mode?
c)我还看不到为什么禁用 EnableEventValidation 会阻止GridView进入 edit 模式的任何原因吗?!那么为什么
c) I also don’t see any reasons why disabling EnableEventValidation prevents GridView from entering edit mode?! Thus why did
谢谢
推荐答案
这里有一篇很好的文章,介绍了如何以及为什么要使用EventValidation:
There is a good article about how and why you would want to use EventValidation here:
http://msdn.microsoft.com/en-us/library/system.web.ui.page.enableeventvalidation.aspx
简短的答案是事件验证旨在保护网站,使其不会在页面中注入可用于以某种方式利用您的应用程序的值.
The short answer is event validation is designed to protect the web site from having values injected into the page that can be used to exploit your application in some way.
这篇关于EnableEventValidation的目的是什么?它如何工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
