ASP. NET intermediate learning 2

Download Image Processing

T_UsersTableAdapter adapter = new T_UsersTableAdapter ();

Var data = adapter. GetDataById (int. Parse (context. Session ["UserId"]. ToString ()));

Var user = data. Single ();

If (user. Level = 1)

{

String PicPath = "~ /Img/"+ filename;

If (PicPath. IndexOf ('.')! = 6)

) // There is a vulnerability risk to prevent users from illegally downloading the source code of the website by concatenating request parameters.

{// PicDownload2.ashx? FileName = ../PicDownload2.ashx. cs. You can download the file. Therefore, you need to determine whether the downloaded file path is in the img directory. If not, you cannot download the file.

Context. Response. WriteFile (PicPath );

}

}

 

 

 

 

In M seconds, the system automatically jumps to other pages:

1. <meta name = "refresh" content =" 3" Url1_ B .htm ">

2. JavaScript timer.

 

 

Select ISNULL (ErrorTimes, 100) from T_users

If the ErrorTimes field is null, set it to 100

 

WebForm 1

WebForm is divided into two files: aspx and aspx. cs and aspx are surface templates, page description files, html content, and better combination with aspx, so programmers do not need to fill the template as they did at the beginning, the space is defined in aspx, the inline javascript and css are all in aspx, and the server's C # code is defined in aspx. in cs, Aspx controls the page appearance, cs controls the program logic, and the cs method after aspx is called CodeBehind.

 

It is equivalent to the previous html + ashx mode. Aspx is the "template engine"

Cs can call controls in aspx, and aspx can also access fields and functions defined in cs, and write Complex C # code, for, and other C # code in aspx. (This is not recommended)

<% For (int I = 0; I <10; I ++) {%> hello! <% }%>

You can write some simple code on the page-the same as jsp.

 

<% = MyName %> "=" indicates the output expression. MyName is the attribute defined in the backend cs code.

<% = GetName (); %> getName () is a method. The membership level of the attribute method must be protected or public, but not private.

 

The relationship between Aspx and cs.

 

Relationship between aspx, cs, and dll.

 

Response. Write (this. GetType () + "<br/>"); // gets the class of the current object

Response. Write (this. GetType (). Assembly. Location + "<br/>"); // obtain the assembly address of the previous object.

Response. Write (this. GetType (). BaseType + "<br/>"); // gets the parent class of the current object

Response. Write (this. GetType (). BaseType. Assembly. Location + "<br/>"); // obtain the assembly address of the parent class of the current object

The class for executing the current page is a subclass of the background code class. The front and back ends are inherited.

 

Page class

 

Page members:

1. Request, Response, Server attributes: simplified call to context. Request, context. Response, context. Sever.

1. AppRelativeVirtualPath attribute: Obtain the path of the page relative to the application root path, for example :~ /Default. aspx

2. FindControl (crlId): locate the Control Based on the Control id. Generally, you can directly write the Control id in the code to reference the control, but for some occasions: you must use FindControl to reference the Control when using the template of ListView and custom controls. The return value of FindControl is Control (TextBox) FindControl ("TextBox" 1" ). Text = "aaa ";

3. IsPostBack, Session.

4. ResolveClientUrl (url) converts a virtual path to the path accessed by the client. For example, ResolveClientUrl ("~ /A/B. aspx ") the result is a/B/aspx, which is usually used to output html in the template of ListView and other controls. It is basically a simplified call to VirtualPathutitlity. ToAbsolute.

 

Introduction to basic controls on ASP. Net servers.

Aspx. Net Server Control is asp.net's HTML encapsulation. asp.net will render the server control into html code and output it to the browser. Server control is a very attractive and easy-to-use concept of asp.net. It is also the most criticized thing. However, to make the best of its usage, server-side controls are suitable for use in areas with low access frequency, such as the Intranet system and the background of the Internet system.

(If not, many unnecessary Code such as viewstate will be generated. In addition, the asp.net Server Control is submitted through post, and the get method is also acceptable, but it is almost useless, in many cases, especially when developing Internet programs, It is very troublesome to use post .)

There are limits on Asp.net applications. For example, developing an enterprise's invoicing system (used internally by the enterprise) is not an Internet system. The development of the Internet system is very convenient and simple in the background. As an Internet front-end, there is a trade-off between server controls.

 

Asp.net is simple and easy to use. We should adjust our mindset and use simple things to get out of complicated systems. This is what we need to do.

 

Most of the asp.net controls are inherited from the Control and WebControl classes, and almost all members are: 1. ClientID. Obtain the Control ID on the client.

Document. getElementById ('<% = TextBox1.ClientID %>'). onmouseover = function () {this. style. background = 'red ';}

When the client uses javascript, jquery, and other controls, the Control id must be obtained using the method '<% = TextBox1.ClientID %>. Good Habit (sometimes the client and server IDs are different .)

 

2. the Visible attribute indicates whether the control is Visible. If Visible = false, the control will not be rendered to HTML, which is different from the style. display = 'none' element in HTML.

 

3. css style attribute of the CssClass Control

4. Attributes is used to set additional properties for obtaining controls. It is the same as setAttribute () and getAttribute () in Dom.

Button1.Attributes [" 1" ]=”2.jpg ";

Button1.Attributes ["onmouseover"] = "alert ('Hello man ')";

 

Basic controls:

1. Label control, used to display text, rendering on the client to <span id = "Label 1" > Name </span> is different from div. div occupies an area while span is displayed wherever it is. If the AssociatedControlId attribute is set for the Label control, it is rendered as the Label of the corresponding control. Click Label to focus the associated control. <Label for = "TextBox 1" Id = "Label 1" > Name </Label>

2. the Literal control does not render any elements. Plain text is displayed on the client. After the Mode attribute is set to Encode, the text is automatically HTML encoded.

3. textBox Control, text box control, TextMode attribute values SingleLine, MultiLine, and Password are rendered into intput (type = text), textarea, input (type = password) when the AutoPostBack attribute is true, the Post will be generated when the user focus is removed from the TextBox. The implementation principle is the AutoPostBack when the Asp.net principle is introduced. use javascript to submit the form, _ doPostBack (); in ASP. when submitting a form in. Net, it is best to directly call the _ doPostBack (); TextChanged event, which is triggered when the text changes.

4. The RadioButton control is rendered as input (type = radio) and grouped by the GroupName attribute.

 

5. Button control. OnClientClick attribute: the code executed on the browser when the user clicks the button. Note that OnClientClick is a string attribute. The written code is javaScript code and runs on the browser. <Asp: Button ID = "btnDel" ruant = "server" onclientclick = "return confirm ('Do you really want to delete it? ') "Text =" delete "/>

 

6. LinkButton control. Render a hyperlink on the client: this is a special hyperlink: <a id = "LinkButton1" href = "javascript :__ doPostBack () "> LinkButton </a> click it to submit the form, which is equivalent to a button.

7. ImageButton control. Client rendering to input (type = image)

<Input type = "image" name = "ImageButton1" id = "ImageButton1" src = "../img/Abu.gif"/>

 

8. buttons, linkbuttons, ImageButton, and other controls all have CommandName and CommandArgument attributes and Command events. Multiple Button controls can share a Command time processing function, read the CommandNam and CommandArgument attributes of event object e to read the two parameters set by the clicked button and perform different operations. For example, edit or delete multiple rows of data. This method is most used in controls such as ListView.

 

9. The Panel control is generally rendered into a div. However, if the GroupingText attribute is set, it is rendered as fieldset.

<Fieldset> <legend> Panel component </legend> </fieldset>

 

10. hyperLink: it is convenient to reference resources in the site. It will automatically help you switch the path. If you reference an Internet address such as Baidu, you can directly use the <a> label to OK, reducing the burden on the server.

 

11. FileUpload file upload: rendering to: input (type = file)

<Input type = "file" name = "FileUpload1" id = "FileUpload1"/>

To prevent WebShell vulnerabilities: upload an executable page to the server and try to access it so that it can execute and destroy the website.