ASP.NET¼¼ÇÉ£ºÊ¹ÓÃGridview°ó¶¨Êý¾Ý¿âÖеÄͼƬ
ʹÓÃGridview°ó¶¨Êý¾Ý¿âÖеÄͼƬ
×¢£º´ËϵÁмǼÔÚÎÒʵ¼Ê¿ª·¢ÖÐÓöµ½µÄÎÊÌâºÍÊÕ²ØÒ»Ð©¼¼ÇÉÎÄÕ¡£
ÎÒÃǶ¼ÖªµÀ£¬ÔÚGridviewÖв»ÄÜÖ±½ÓÈ¥°ó¶¨Êý¾Ý¿âÖеÄͼƬ£¬ÎÒÃÇ¿ÉÒÔÀûÓÃHttpHandlerºÜÈÝÒ×µÄÍê³ÉÕâ¸öÈÎÎñ£¬ÔÚÕâÀïÎҼǼһÏÂÕâ¸ö¹ý³Ì¡£
1.ÉÏ´«Í¼Æ¬´æ´¢µ½Êý¾Ý¿âÖÐ
ÔÚÊý¾Ý¿âÖд´½¨Ò»¸ö±í£¬Ìí¼ÓÒ»ÏÂ3¸ö×ֶΣº
²½ÖèÒ»£ºÔÚWebÒ³ÃæÖÐÍÏÒ»¸öFileUpload ¿Ø¼þ£¬Ò»¸öÎı¾¿òÓÃÓÚÊäÈëÃû³ÆºÍÌá½»ÉÏ´«°´Å¥
<asp:FileUpload ID="fuImage" runat="server" /><br />
<asp:TextBox ID="txtImageName" runat="server"/><br />
<asp:Button ID="btnUpload" runat="server" onClick="btnUpload_Click" Text="Upload" />
²½Öè¶þ£ºÔÚWeb.ConfigÎļþÄÚÅäÖÃÁ¬½Ó×Ö·û´®¡£
<add name="ConnectionString" connectionString="Data Source=.\SQLEXPRESS;
AttachDbFilename=|DataDirectory|\Image.mdf;Integrated Security=True;
User Instance=True" providerName="System.Data.SqlClient"/>
²½ÖèÈý£º°ÑÏÂÃæµÄ´úÂë¸´ÖÆµ½ÉÏ´«°´Å¥Ê¼þÖС£
protected void btnUpload_Click(object sender, EventArgs e)
{
Stream imgStream = fuImage.PostedFile.InputStream;
int imgLen = fuImage.PostedFile.ContentLength;
string imgName = txtImageName.Text;
byte[] imgBinaryData = new byte[imgLen];
int n = imgStream.Read(imgBinaryData,0,imgLen);
//use the web.config to store the connection string
SqlConnection connection = new SqlConnection(ConfigurationManager.
ConnectionStrings["connectionString"].ConnectionString);
SqlCommand command = new SqlCommand("INSERT INTO Image (imagename,image)
VALUES ( @img_name, @img_data)", connection);
SqlParameter param0 = new SqlParameter("@img_name", SqlDbType.VarChar, 50);
param0.Value = imgName;
command.Parameters.Add(param0);
SqlParameter param1 = new SqlParameter("@img_data", SqlDbType.Image);
param1.Value = imgBinaryData;
command.Parameters.Add(param1);
connection.Open();
int numRowsAffected = command.ExecuteNonQuery();
connection.Close();
}
2.ÀûÓÃHttpHandler´ÓÊý¾Ý¿âÖжÁȡͼƬ
´´½¨Ò»¸öÃû
Ïà¹ØÎĵµ£º
×öÏîĿҲÓÐÒ»¶Îʱ¼äÁË£¬ÔÚ³ÌÐòÖÐÒ²Óöµ½ºÜ¶à°²È«·½ÃæµÄÎÊÌâ¡£Ò²¸Ã×ܽáÒ»ÏÂÁË¡£Õâ¸öÏîÄ¿ÊÇÒ»¸ö CMS ϵͳ¡£ÏµÍ³ÊÇÓà ASP.NET ×öµÄ¡£¿ª·¢µÄʱºò·¢ÏÖ΢Èí×öÁ˺ܶలȫ´ëÊ©£¬Ö»ÊÇÓÐЩÐÂÊÖ³ÌÐòÔ±²»ÖªµÀÔõô¿ªÆô¡£ÏÂÃæÎÒͨ¹ý¼¸¸ö·½Ãæ¼òµ¥½éÉÜ£º
¡¡¡¡1£ºSQL ×¢Èë
¡¡¡¡2£ºXSS
¡¡¡¡3£ºCSRF
¡¡¡¡4£ºÎļþÉÏ´«
SQL ×¢Èë
¡¡¡¡Ò ......
javascript º¯Êý ºÍ CustomValidator¿Ø¼þÏà½áºÏʹÓÃ
<asp:TextBox ID="txtPwdPrompt" runat="server"></asp:TextBox>
<asp:CustomValidator id="CVPwdPrompt" runat="server" ClientValidationFunction="CheckPwd" ControlToValidate="txtPwdPrompt" ErrorMessage="<span style='font:12px'>ÌáʾÎÊÌ ......
1. ´ò¿ªÐµĴ°¿Ú²¢´«ËͲÎÊý£º
´«ËͲÎÊý£º
response.write("<script>window.open(’*.aspx?id="+this.DropDownList1.SelectIndex+"&id1="+...+"’)</script>")
½ÓÊÕ²ÎÊý£º
string a = Request.QueryString("id");
string b = Request.QueryStrin ......
Asp.NetÖм¸ÖÖÏàËÆµÄ±ê¼Ç·ûºÅ: < %=...%>< %#... %>< % %>< %@ %>½âÊͼ°Ó÷¨
´ð: < %#... %>: ÊÇÔڰ󶨿ؼþDataBind()·½·¨Ö´ÐÐʱ±»Ö´ÐУ¬ÓÃÓÚÊý¾Ý°ó¶¨
Èç: < %# Container.DataItem("tit") %>
< %= %>: ÔÚ³ÌÐòÖ´ÐÐʱ±»µ÷Ó㬿ÉÒÔÏÔʾºǫ́±äÁ¿Öµ
Èç:
*.aspxÖУº & ......
use http header
protected void Page_Load(object sender, EventArgs e)
{
string format = Convert.ToString(ViewData["format"]);
Response.AddHeader("Content-Disposition", "attachment; filename=" + HttpUtility.UrlEncode("·ÑÓñ¨Ïú±í", Encoding.UTF8) + string.Forma ......