502647092/CitySunlight
1
0
Fork 0
mirror of https://e.coding.net/circlecloud/CitySunlight.git synced 2024-12-04 12:58:46 +00:00
Code Releases Activity

修复SQL注入问题...

Browse Source
This commit is contained in:
j502647092 2015-06-19 14:42:21 +08:00
parent 1af6f4fdc1
commit dacca6c619
4 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CitySunlight/Admin.aspx.cs
View File

@ -51,7 +51,7 @@ namespace CitySunlight
String classname = ProductClassManager.getClassName(int.Parse(ProductManager.GetProductInfo(item, ProductManager.Info.Class))); String classname = ProductClassManager.getClassName(int.Parse(ProductManager.GetProductInfo(item, ProductManager.Info.Class)));
String delete = "<a href=\"/Product/ProductEdit.aspx?id=" + id + "&type=delete\" >删除</a>"; String delete = "<a href=\"/Product/ProductEdit.aspx?id=" + id + "&type=delete\" >删除</a>";
html += "<tr>"; html += "<tr>";
html += HttpUtils.addTd(""); html += HttpUtils.addTd();
html += HttpUtils.addTd(ProductManager.NameToUrl(id, name)); html += HttpUtils.addTd(ProductManager.NameToUrl(id, name));
html += HttpUtils.addTd(picurl); html += HttpUtils.addTd(picurl);
html += HttpUtils.addTd(price); html += HttpUtils.addTd(price);

3
CitySunlight/HttpUtils.cs
View File

@ -10,7 +10,7 @@ namespace CitySunlight
public static String getElementsbyName(String tagName) public static String getElementsbyName(String tagName)
{ {
if (HttpContext.Current.Request.Form[tagName] != null) if (HttpContext.Current.Request.Form[tagName] != null)
return HttpContext.Current.Request.Form[tagName].ToString().Trim(); return HttpContext.Current.Request.Form[tagName].ToString().Trim().Replace("'", "");
else else
return null; return null;
} }
@ -21,7 +21,6 @@ namespace CitySunlight
else else
return null; return null;
} }
public static HttpPostedFile getFilebyName(String tagName) public static HttpPostedFile getFilebyName(String tagName)
{ {
HttpPostedFile file = HttpContext.Current.Request.Files[tagName]; HttpPostedFile file = HttpContext.Current.Request.Files[tagName];

4
CitySunlight/Main.aspx.cs
View File

@ -28,14 +28,14 @@ namespace CitySunlight
return "<tr><td style=\"color:red\" colspan=\"8\" align=\"center\">数据库中未找到产品</td></tr>"; return "<tr><td style=\"color:red\" colspan=\"8\" align=\"center\">数据库中未找到产品</td></tr>";
else else
html += String.Format("<tr>{0}</tr>", html += String.Format("<tr>{0}</tr>",
HttpUtils.addTd("") + HttpUtils.addTd() +
HttpUtils.addTd("商品名称") + HttpUtils.addTd("商品名称") +
HttpUtils.addTd("商品图片") + HttpUtils.addTd("商品图片") +
HttpUtils.addTd("商品价格") + HttpUtils.addTd("商品价格") +
HttpUtils.addTd("商品数量") + HttpUtils.addTd("商品数量") +
HttpUtils.addTd("商品分类") + HttpUtils.addTd("商品分类") +
HttpUtils.addTd("所属卖家") + HttpUtils.addTd("所属卖家") +
HttpUtils.addTd("")); HttpUtils.addTd());
foreach (DataRow item in items.Rows) foreach (DataRow item in items.Rows)
{ {

6
CitySunlight/Product/ProductEdit.aspx.cs
View File

@ -84,7 +84,11 @@ namespace CitySunlight.Product
amount = ProductManager.GetProductInfo(id, ProductManager.Info.Amount); amount = ProductManager.GetProductInfo(id, ProductManager.Info.Amount);
classid = ProductManager.GetProductInfo(id, ProductManager.Info.Class); classid = ProductManager.GetProductInfo(id, ProductManager.Info.Class);
if (username != ProductManager.GetProductInfo(id, ProductManager.Info.UserName)) if (username != ProductManager.GetProductInfo(id, ProductManager.Info.UserName))
return "<h1>你没有修改此商品的权限!</h1>"; {
this.submit.Visible = false;
return "<h1 align=\"center\" style=\"color: red\">你没有修改此商品的权限!</h1>";
}
} }
String html = ""; String html = "";