I have written a friend of the Forum, especially put the path into the data, and then read the field in the database on the server side, the path information is dynamically displayed on the client. If the direct to http://xxxx.xxxx.net/ShowForum.aspx? Id = 2 & rootid = 0 & username = myusername. The parameter information is directly displayed on the client. someone with ulterior motives may attack your server if it is displayed on the client.
Http://xxxx.xxxx.net/ShowForum.aspx? Bdefedga = dedscfdw & ahjdidesk = esoddesa & dsersdws = sdeesady
Below I will post the implemented C #. Net code in this way. If you want to reprint the code, please keep your copyright.
/*
* Description: The encrypted path information is output to the client.
* Auther: the sky is blue _ chongchong
* Email: yc_chongchong@tom.com
* Dates: 2005-01-18
* Copyright: chongchong2008 Yichang Hubei China
*/
Using system;
Using system. collections;
Using system. componentmodel;
Using system. drawing;
Using system. Web;
Using system. Web. sessionstate;
Using system. Web. UI;
Using system. Web. UI. webcontrols;
Using system. Web. UI. htmlcontrols;
Using system. IO;
Using system. text;
Using system. Text. regularexpressions;
Using system. Data. sqlclient;
Using system. configuration;
// Import the custom class library
Using _ 3layer. datalayer. datacommon;
Using _ 3layer. datalayer. datacommon. dataaccess;
Using library. classlibrary. crypt. Des;
Namespace chongchong. xml
Public class renderingxml: system. Web. UI. Page
{
/// <Summary>
/// Pre-generate an XML data source from the database
/// </Summary>
Private void prerenderxml ()
{
String strsql = "SELECT statement omitted ........................;
Mydatalayer. open ();
Renderingxml = "<? XML version = '1. 0' encoding = 'gb2312 '?> /R/N ";
Renderingxml + = "<XML>/R/N ";
Try
{
System. Data. sqlclient. sqldatareader mydr = (sqldatareader) mydatalayer. executereader (strsql );
While (mydr. Read ())
{
Renderingxml + = "<treenode id = '" + mydr ["boardid"] + "'>/R/N ";
Renderingxml + = "<nodetext>" + mydr ["boardname"] + "</nodetext>/R/N ";
Renderingxml + = "<title>" + mydr ["title"] + "</title>/R/N ";
Renderingxml + = "<nodeurl>" + encodehtml (encodeparameter (mydr ["Link"]. tostring () + "</nodeurl>/R/N ";
Renderingxml + = "<child>" + mydr ["children"] + "</child>/R/N ";
Renderingxml + = "<target>" + mydr ["target"] + "</Target>/R/N ";
Renderingxml + = "</treenode>/R/N ";
}
}
Catch (system. Data. sqlclient. sqlexception ee)
{
Return;
}
Finally
{
Mydatalayer. Close ();
}
Renderingxml + = "</XML> ";
Byte [] bytresult = encoding. Default. getbytes (renderingxml );
Response. contenttype = "text/XML ";
Response. binarywrite (bytresult );
}
/// <Summary>
/// Description: encryption path Parameter
/// </Summary>
/// <Param name = "sourparameter"> </param>
/// <Returns> </returns>
Private string encodeparameter (string sourparameter)
{
String startstring = string. empty;
String endstring = string. empty;
Stringbuilder destparameter = new stringbuilder ();
If (sourparameter = NULL | sourparameter. Equals (""))
{
Destparameter. append (string. Empty). tostring ();
}
Else
{
// Start the analysis path? Character
If (sourparameter. indexof ("? ") <0)
{
Destparameter. append (sourparameter). tostring ();
}
Else
{
// Start? Division path
String [] parampath = sourparameter. Split (New char [] {'? '});
Startstring = parampath [0]. tostring ();
Endstring = parampath [1]. tostring ();
// Start the Analysis Path
If (sourparameter. indexof ("&") <0)
{
// There is only one parameter, separated by a = sign, and the namevalue is directly encrypted by DES.
String [] paramnamevalue = endstring. Split (New char [] {'= '});
String paramname = mydes. Encrypt (paramnamevalue [0]. tostring (), mypolicey );
String paramvalue = mydes. Encrypt (paramnamevalue [1]. tostring (), mypolicey );
Destparameter. append (startstring). append ("? "). Append (paramname). append (" = "). append (paramvalue );
}
Else
{
// There are multiple parameters separated? Path after no.
String [] paramjoin = endstring. Split (New char [] {'&'});
Destparameter. append (startstring). append ("? "). Append (encodernamevalue (paramjoin). tostring ();
}
}
}
Return destparameter. tostring ();
}
/// <Summary>
/// Description: namevalue parameter in the encryption path
/// </Summary>
/// <Param name = "sournamevalue"> </param>
/// <Returns> </returns>
Private string encodernamevalue (string [] sournamevalue)
{
String [] paramnamevalue;
String paramname;
String paramvalue;
Stringbuilder sb = new stringbuilder ();
For (INT I = 0; I <= sournamevalue. Length-1; I ++)
{
// Separate each namevalue parameter with the = Sign
Paramnamevalue = sournamevalue [I]. Split (New char [] {'= '});
// Start to encrypt namevalue
Paramname = mydes. Encrypt (paramnamevalue [0]. tostring (), mypolicey );
Paramvalue = mydes. Encrypt (paramnamevalue [1]. tostring (), mypolicey );
// Store the encrypted path string
SB. append (paramname). append ("="). append (paramvalue );
// Whether the last namevalue parameter is added.
If (I <sournamevalue. length)
{
SB. append ("&");
}
}
Return sb. tostring ();
}
}