/// <summary>
/// HtmlEncode防止XSS
/// </summary>
public void ModelHtmlEncode(Models.BooksSearchArg arg)
{
arg.BookClassId = Server.HtmlEncode(arg.BookClassId);
arg.BookName = Server.HtmlEncode(arg.BookName);
arg.BookStatusCode = Server.HtmlEncode(arg.BookStatusCode);
arg.KeeperId = Server.HtmlEncode(arg.KeeperId);
}
/// <summary>
/// 以BookId搜尋此書
/// </summary>
public Models.Books GetBookDetail(int id)
{
//HtmlEncode
//id = Server.HtmlEncode(id);
//Models.BooksSearchArg arg = new Models.BooksSearchArg { BookId = Convert.ToInt32(id) };
Models.BooksSearchArg arg = new Models.BooksSearchArg { BookId = id };
Models.Books books = this.booksService.GetBooks(arg).FirstOrDefault();
ModelHtmlDecode(books);
return books;
}
public ActionResult Index(Models.BooksSearchArg arg)
{
//HtmlEncode
ModelHtmlEncode(arg);
//BookData
List<Models.Books>searchResult= this.booksService.GetBooks(arg);
foreach(Models.Books book in searchResult)
{
ModelHtmlDecode(book);
}
ViewBag.SearchResult = searchResult;
SetDropDownListItmes();
return View("Index");
}
