Suppose I have following table in my database:
Tbl_Persons:
Id Country Name
1 Australia Ben
2 Japan John
3 Korea Libby
4 Australia Raymond
I use following Query and bind the result using DataTable to a Gridview.
select id,Country,Name
from tbl_persons
where country='Australia'
In gridview I have two Bound Columns and 1 template column.
In template column I typically put an ImageButton and assign the ID field to image button using Command Argumnet property. And when user clicks on the imagebutton in the browser I'll get the command argument value in sever an do some operations with it.
<asp:GridView ID="GridView1" runat="server">
<Columns>
<asp:BoundField DataField="ountry" HeaderText="Country" />
<asp:BoundField DataField="Name" HeaderText="Name" />
<asp:TemplateField>
<ItemTemplate>
<asp:ImageButton ID="ImageButton1" runat="server"
CommandArgument='<%# Eval("Id") %>' />
</ItemTemplate>
</asp:TemplateField>
</Columns>
</asp:GridView>
As you know in runtime mode when user views the source of code in browser the values of command argument are not observable because they create in server. and user can't change the values using the browser and s开发者_运维问答end the changed values to the server.
But gridview is server side an has post back. So I use jquery and fill My gridview with appending tr and td tags in client side.
For ID field of my database because I don't have command argument in client side I assign the Id of each TD tag equals to the Id field.
But the user can change the Id values in the browser and send invalid data to the server and this is a disaster.
This is piece of my code:
script type="text/javascript">
function BindGridView() {
$.ajax({
type: "POST",
url: "Default.aspx/GetNames",
data: "{}",
contentType: "application/json",
dataType: "json",
success: function (data) {
for (var i = 0; i < data.d.length; i++) {
$("#NamesGridView").append("<tr><td id="+data.d[i].Id+">" + data.d[i].Country +
"</td><td>" + data.d[i].Name + "</td></tr>");
}
}
})
}
</script>
So what can I do to prevent user to changes the values? Are there any ways something like Command Argument in client side?
Imports System.Web Imports System.Web.Services Imports System.Web.Services.Protocols Imports System.Collections.Generic Imports System.Collections Imports System.Web.UI.Page
_ _ _ _ Public Class AutoCompleteService Inherits System.Web.Services.WebService
<WebMethod(EnableSession:=True)> _
<System.Web.Script.Services.ScriptMethod()> _
Public Function GetPhysicianCompletionList(ByVal prefixText As String, ByVal count As Integer, ByVal contextKey As String) As String()
Dim lstItem As New List(Of String)
Dim pag As New Page
Dim oCommon As Common = CType(Context.Session("CommonSetting"), Common)
Dim oDataSet As New System.Data.DataSet
Dim SQLConn As System.Data.SqlClient.SqlConnection = Nothing
Try
SQLConn = New System.Data.SqlClient.SqlConnection(General.ConnectionString)
SQLConn.Open()
Dim param As System.Data.SqlClient.SqlParameter() = SqlHelperParameterCache.GetSpParameterSet(SQLConn, "TempAutocompletePhysician")
' @AccountID AS INT
param(0).Value = oCommon.AccountID 'CInt(contextKey)
' @prefixText AS VARCHAR(50)
param(1).Value = prefixText
oDataSet = SqlHelper.ExecuteDataset(SQLConn, Data.CommandType.StoredProcedure, "TempAutocompletePhysician", param)
For Each oRow As System.Data.DataRow In oDataSet.Tables(0).Rows
lstItem.Add(oRow("Context").ToString)
If lstItem.Count = count Then
Exit For
End If
Next
Return lstItem.ToArray()
Catch ex As Exception
Return lstItem.ToArray()
Finally
If SQLConn IsNot Nothing AndAlso SQLConn.State = System.Data.ConnectionState.Open Then
SQLConn.Close()
SQLConn = Nothing
End If
oDataSet = Nothing
End Try
a
'Return lstItem.ToArray()
End Function
End Class
At this time your have to use web service, jquery call web service and send and receive data with use of JSON..
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论