使用C#开发一个简单的ASP.net程序留言本
这个留言本使用的数据库是access 2003,当然你也可以以sql server 2k来做。程序只有3个文件,default.aspx主要用来展示留言及书写留言,checkcode.aspx是验证码的代码文件,admin.aspx 用来管理留言部分,我写的很简单,就是一个功能,删除。
sql部分,为了避免sql注入的威胁,我使用了oledbparameters来引入参数。现在我把代码贴出来,供那些正在学习c#,有志于学习c#的朋友参考一下,代码如果有什么漏洞,大家可以提出来。总之,就是一个目的,共同学习。
本留言本的在线实例: http://et.bestzhou.org/
以下代码仅供学习试验,请勿使用于生产环境.
default.aspx 文件代码
<%@ page language=”c#” autoeventwireup=”true” codefile=”default.aspx.cs” inherits=”_default” %> <!doctype html public “-//w3c//dtd xhtml 1.0 transitional//en” “http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.org/1999/xhtml” > <head runat=”server”> <title>atlansing guestbook v1.0 beta</title> <link href=”style.css” rel=”stylesheet” type=”text/css” /> <form id=”form1″ runat=”server”> <div id=”pagediv”> <div id=”msglist” runat=”server”> <asp:gridview id=”gridview1″ autogeneratecolumns=”false” runat=”server” width=”70%” allowpaging=”true” borderstyle=”none” borderwidth=”0px” cellpadding=”0″ showheader=”false” gridlines=”none”> <columns> <asp:templatefield showheader=”false”> <itemtemplate> <div id=”msgdiv”> <div class=”author”><asp:image id=”image1″ runat=”server” imagealign=”absmiddle” imageurl=”~/images/icon_quote.gif” /><strong><asp:hyperlink id=”author” runat=”server” text=‘‘<%# eval(“author”) %>‘‘ navigateurl=‘‘<%# eval(“email”,”mailto:{0}”) %>‘‘></asp:hyperlink></strong> [ <asp:label id=”date” runat=”server” text=‘‘<%# eval(“date”) %>‘‘></asp:label> | <asp:label id=”ip” runat=”server” text=‘‘<%# eval(“ip”) %>‘‘></asp:label> ]</div> <div id=”msgcontent”><asp:label id=”msg” runat=”server” text=‘‘<%# eval(“msg”) %>‘‘></asp:label> </div> </div><br /> </itemtemplate> </asp:templatefield> </columns> </asp:gridview> </div> <div> <table width=”80%” border=”0″ cellpadding=”0″ style=”text-align: left”> <tr> <td style=”text-align: right; width: 170px;”>昵称:</td> <td style=”width: 292px”> <asp:textbox id=”author” runat=”server”></asp:textbox></td> <td style=”width: 130px”> <asp:requiredfieldvalidator id=”requiredfieldvalidator1″ runat=”server” controltovalidate=”author” errormessage=”*必须填写”></asp:requiredfieldvalidator></td> </tr> <tr> <td style=”text-align: right; width: 170px;”>验证码:</td> <td style=”width: 292px”> <asp:textbox id=”checkcode” runat=”server”></asp:textbox> <asp:image id=”image2″ runat=”server” imageurl=”~/checkcode.aspx” /></td> <td style=”width: 130px”> <asp:requiredfieldvalidator id=”requiredfieldvalidator3″ runat=”server” controltovalidate=”author” errormessage=”*必须填写”></asp:requiredfieldvalidator></td> </tr> <tr> <td style=”text-align: right; width: 170px;”>email:</td> <td style=”width: 292px; height: 20px”> <asp:textbox id=”email” runat=”server”></asp:textbox></td>   ; <td id=”tablecell5″ runat=”server” style=”height: 20px; width: 130px;”> </td> </tr> <tr> <td style=”text-align: right; width: 170px;”>website:</td> <td style=”width: 292px”> <asp:textbox id=”website” runat=”server”></asp:textbox></td> <td id=”tablecell3″ runat=”server” style=”width: 130px”></td> </tr> <tr id=”tablerow1″ runat=”server”> <td id=”tablecell1″ runat=”server” style=”height: 80px; text-align: right; width: 170px;”>留言内容:</td> <td id=”tablecell2″ runat=”server” style=”width: 292px; height: 80px”> <asp:textbox id=”msg” runat=”server” textmode=”multiline” height=”70px” width=”283px”></asp:textbox></td> <td id=”tablecell4″ runat=”server” style=”height: 80px; width: 130px;”> <asp:requiredfieldvalidator id=”requiredfieldvalidator2″ runat=”server” errormessage=”*必须填写” controltovalidate=”msg”></asp:requiredfieldvalidator></td> </tr> <tr> <td style=”text-align: right; width: 170px;”></td> <td style=”width: 292px”> <asp:button id=”savebtn” runat=”server” text=”发表留言” onclick=”savebtn_click” /> <asp:button id=”cancelbtn” runat=”server” text=”重写” /> <asp:label id=”resultlbl” runat=”server” font-bold=”true” forecolor=”red”></asp:label> </td> </tr> </table> <br /> <br /> powered by <a href=”http://www.bestzhou.org/” title=”马上访问”>atlansing guestbook 1.0 beta</a><br /> copy © 2006-2007, bestzhou.org</div> </div> </form> default.aspx.cs 源代码文件
using system; using system.data; using system.data.sqlclient; using system.data.oledb; using system.configuration; using system.web; using system.web.security; using system.web.ui; using system.web.ui.webcontrols; using system.web.ui.webcontrols.webparts; using system.web.ui.htmlcontrols; using system.security.cryptography;</textarea> public partial class _default : system.web.ui.page { public static string filename = “~//app_data//guestbook.mdb”; public static string connstring = “provider=microsoft.jet.oledb.4.0; data source=” + system.web.httpcontext.current.server.mappath(filename); protected void page_load(object sender, eventargs e) { oledbconnection odbconn = new oledbconnection(connstring); oledbdataadapter dbada = new oledbdataadapter(“select * from [guestbook] order by [date] desc”, odbconn); dataset ds = new dataset(); dbada.fill(ds); gridview1.datasource = ds; gridview1.databind(); if (gridview1.rows.count == 0) { gridview1.visible = false; msglist.innerhtml = “<div style=”text-align:center”><strong>目前尚无新的留言</strong></div>”; } session.add(“ips”, request.userhostaddress); if (ispostback != false) { gridview1.datasource = ds; gridview1.databind(); } } protected void savebtn_click(object sender, eventargs e) { savebtn.enabled = false; if (string.compare(session[“checkcode”].tostring(), checkcode.text,true) == 0) { string myauthor = server.htmlencode(author.text); //string mymsg = server.htmlencode(msg.text); string mymsg = httputility.htmlencode(msg.text); mymsg=mymsg.replace(“<b>”, “<b>”); mymsg=mymsg.replace(“</b>”, “</b>”); mymsg=mymsg.replace(“<i>”, “<i>”); mymsg=mymsg.replace(“</i>”, “</i>”); string myweb = server.htmlencode(website.text); string myemail = server.htmlencode(email.text); oledbconnection odbconn = new oledbconnection(connstring); odbconn.open(); oledbdataadapter oleda = new oledbdataadapter(“select * from [guestbook] order by [date] desc”, odbconn); try { oledbcommand olecmd = new oledbcommand(“insert into [guestbook] (author,msg,email,website,ip) values (?,?,?,?,?)”, odbconn); oledbparameter p_author = olecmd.parameters.add(“@author”, oledbtype.varwchar, 12); p_author.value = myauthor; oledbparameter p_msg = olecmd.parameters.add(“@msg”, oledbtype.varwchar); p_msg.value = mymsg; oledbparameter p_email = olecmd.parameters.add(“@email”, oledbtype.varwchar); p_email.value = myemail; oledbparameter p_web = olecmd.parameters.add(“@web”, oledbtype.varwchar); p_web.value = myweb; oledbparameter p_ip = olecmd.parameters.add(“@ip”, oledbtype.varwchar); p_ip.value = session[“ips”].tostring(); int i = olecmd.executenonquery(); if (i != 0) { author.text = “”; email.text = “”; website.text = “”; msg.text = “”; checkcode.text = “”; savebtn.enabled = true; resultlbl.text = “保存留言成功”; } } catch(oledbexception ex) { resultlbl.text = ex.message; } catch(exception ex) { resultlbl.text=ex.message; } & nbsp; dataset ds = new dataset(); oleda.fill(ds); odbconn.close(); gridview1.datasource = ds; gridview1.databind(); } else { resultlbl.text = “验证码错误”; savebtn.enabled = true; return; } } } checkcode.aspx 页面代码:
<%@ page language=”c#” autoeventwireup=”true” codefile=”checkcode.aspx.cs” inherits=”checkcode” %> <!doctype html public “-//w3c//dtd xhtml 1.0 transitional//en” “http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd”></textarea> <html xmlns=”http://www.w3.org/1999/xhtml” > <head runat=”server”> <title>无标题页</title> <!– 点击后退按钮,刷新验证码 –> <% response.buffer = true ;%> <% response.expiresabsolute = datetime.now.addseconds(-1);%> <% response.expires = 0 ;%> <% response.cachecontrol = “no-cache” ; %> <form id=”form1″ runat=”server”> <div> </div> </form> checkcode.aspx 源文件代码:
using system; using system.data; using system.configuration; using system.collections; using system.web; using system.web.security; using system.web.ui; using system.web.ui.webcontrols; using system.web.ui.webcontrols.webparts; using system.web.ui.htmlcontrols; using system.drawing;</textarea> public partial class checkcode : system.web.ui.page { //验证码由生成彩色验证码和zhongfeng, http://blog.csdn.net/sw515 的验证码综合而成. //感谢他们的劳动. protected void page_load(object sender, eventargs e) { createimage(generatecheckcode()); } private string generatecheckcode() { //生成checkcode int number; char code; string checkcode = string.empty; system.random random = new random(); for (int i = 0; i < 5; i++) { number = random.next(); if (number % 2 == 0) code = (char)(‘‘0‘‘ + (char)(number % 10)); else code = (char)(‘‘a‘‘ + (char)(number % 26)); checkcode += code.tostring(); } //response.cookies.add(new httpcookie(“checkcode”, checkcode)); session.add(“checkcode”, checkcode); return checkcode; } private void createimage(string checkcode) { if (checkcode == null || checkcode.trim() == string.empty) return; int iwidth = (int)(checkcode.length * 15); system.drawing.bitmap image = new system.drawing.bitmap(iwidth, 25); graphics g = graphics.fromimage(image); g.clear(color.white); //定义颜色 color[] c = { color.black, color.red, color.darkblue, color.green, color.orange, color.brown, color.darkcyan, color.purple }; //定义字体 string[] font = {“verdana”,”microsoft sans serif”,”comic sans ms”,”arial”,”宋体”}; random rand = new random(); //随机输出噪点 for (int i = 0; i < 100; i++) { int x = rand.next(image.width); int y = rand.next(image.height); g.drawrectangle(new pen(color.lightgray, 0), x, y, 1, 1); } //输出不同字体和颜色的验证码字符 for (int i = 0; i < checkcode.length; i++) { int cindex = rand.next(7); int findex = rand.next(5); font f = new system.drawing.font(font[findex], 10, system.drawing.fontstyle.bold); brush b = new system.drawing.solidbrush(c[cindex]); int ii = 4; if ((i + 1) % 2 == 0) { ii = 2; } g.drawstring(checkcode.substring(i, 1), f, b, 3 + (i * 12), ii); } //画一个边框 g.drawrectangle(new pen(color.black, 0), 0, 0, image.width – 1, image.height – 7); //输出到浏览器 system.io.memorystream ms = new system.io.memorystream(); image.save(ms, system.drawing.imaging.imageformat.jpeg); response.clearcontent(); response.contenttype = “image/jpeg”; response.binarywrite(ms.toarray()); g.dispose(); image.dispose(); } } admin.aspx 页面代码:
<%@ page language=”c#” autoeventwireup=”true” codefile=”admin.aspx.cs” inherits=”admin” %> <!doctype html public “-//w3c//dtd xhtml 1.0 transitional//en” “http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.org/1999/xhtml” > <head runat=”server”> <title>留言本管理-arvan留言本</title> <form id=”form1″ runat=”server”> <div> <asp:multiview id=”multiview1″ runat=”server” activeviewindex=”0″> <asp:view id=”view1″ runat=”server”> <asp:textbox id=”passwdtxt” runat=”server” textmode=”password”></asp:textbox> <asp:requiredfieldvalidator id=”requiredfieldvalidator1″ runat=”server” controltovalidate=”passwdtxt” display=”dynamic” errormessage=”*请输入密码” setfocusonerror=”true”></asp:requiredfieldvalidator><br /> <asp:button id=”loginbtn” runat=”server” onclick=”loginbtn_click” text=”登录” /> <asp:label id=”resultlbl” runat=”server”></asp:label></asp:view> <asp:view id=”view2″ runat=”server”> <asp:gridview id=”msggridview” runat=”server” allowpaging=”true” autogeneratecolumns=”false” datakeynames=”id” datasourceid=”accessdatasource1″ horizontalalign=”center” width=”80%”> <columns> <asp:boundfield datafield=”id” headertext=”编号” insertvisible=”false” readonly=”true” sortexpression=”id”> <itemstyle horizontalalign=”center” /> </asp:boundfield> <asp:boundfield datafield=”author” headertext=”作者” sortexpression=”author”> <itemstyle horizontalalign=”center” /> </asp:boundfield> <asp:boundfield datafield=”msg” headertext=”留言内容” sortexpression=”msg” /> <asp:boundfield datafield=”date” headertext=”日期” sortexpression=”date”> <itemstyle horizontalalign=”center” /> </asp:boundfield> <asp:boundfield datafield=”ip” headertext=”作者ip” sortexpression=”ip”> <itemstyle horizontalalign=”center” /> </asp:boundfield> <asp:commandfield buttontype=”button” showdeletebutton=”true”> <itemstyle horizontalalign=”center” /> </asp:commandfield> </columns> </asp:gridview> <asp:accessdatasource id=”accessdatasource1″ runat=”server” conflictdetection=”compareallvalues” datafile=”~/app_data/guestbook.mdb” deletecommand=”delete from [guestbook] where [id] = ? and [author] = ? and [msg] = ? and [date] = ? and [ip] = ?” insertcommand=”insert into [guestbook] ([id], [author], [msg], [date], [ip]) values (?, ?, ?, ?, ?)” oldvaluesparameterformatstring=”original_{0}” selectcommand=”select [id], [author], [msg], [date], [ip] from [guestbook] order by [date] desc” updatecommand=”update [guestbook] set [author] = ?, [msg] = ?, [date] = ?, [ip] = ? where [id] = ? and [author] = ? and [msg] = ? and [date] = ? and [ip] = ?”> <deleteparameters> <asp:parameter name=”original_id” type=”int32″ /> <asp:parameter name=”original_author” type=”string” /> <asp:parameter name=”original_msg” type=”string” /> <asp:parameter name=”original_date” type=”datetime” /> <asp:parameter name=”original_ip” type=”string” /> </deleteparameters> <updateparameters> <asp:parameter name=”author” type=”string” /> <asp:parameter name=”msg” type=”string” /> <asp:parameter name=”date” type=”datetime” /> <asp:parameter name=”ip” type=”string” /> <asp:parameter name=”original_id” type=”int32″ /> <asp:parameter name=”original_author” type=”string” /> <asp:parameter name=”original_msg” type=”string” /> <asp:parameter name=”original_date” type=”datetime” /> <asp:parameter name=”original_ip” type=”string” /> </updateparameters> <insertparameters> <asp:parameter name=”id” type=”int32″ /> <asp:parameter name=”author” type=”string” /> <asp:parameter name=”msg” type=”string” /> <asp:parameter name=”date” type=”datetime” /> <asp:parameter name=”ip” type=”string” /> </insertparameters> </asp:accessdatasource> <asp:button id=”logoutbtn” runat=”server” text=”退出” onclick=”logoutbtn_click” /> </asp:view> </asp:multiview></div> </form> admin.aspx 源代码页面
using system; using system.data; using system.configuration; using system.collections; using system.web; using system.web.security; using system.web.ui; using system.web.ui.webcontrols; using system.web.ui.webcontrols.webparts; using system.web.ui.htmlcontrols;</textarea> public partial class admin : system.web.ui.page { protected void page_load(object sender, eventargs e) { } protected void loginbtn_click(object sender, eventargs e) { if (passwdtxt.text == “password”) { multiview1.activeviewindex = 1; } else { resultlbl.text = “密码不正确请重试”; } } protected void logoutbtn_click(object sender, eventargs e) { multiview1.activeviewindex = 0; } } css文件代码:
body { font-family:宋体 georgia; font-size: 12px; text-align:center; } #pagediv { margin-left:auto; margin-right:auto; } #msglist { margin-left:auto; margin-right:auto; } #msgdiv { background-color: #f8f8ff; border-bottom: #ff6600 1px dashed; border-top: #ff6600 1px dashed; } #msgcontent { font-size: 14px; margin: 10px 10px 10px 10px; padding: 10px 10px 10px 10px; font-family: georgia, 宋体; text-align: left; } /*结构完成*/ .author { font-size: 14px; text-align: left; font-family: georgia, 宋体; margin-top:5px; } a, a:link, a:visited, a:active { font-size: 14px; text-decoration: none; color: #9400d3; } a:hover { color: #ff6600; border-bottom: #808080 1px dashed; } img { vertical-align: middle; text-align: center; } 本文由作者按照 CC BY 4.0 进行授权