//*******************************************************
//
// The Page_Load event on this user control is used to obtain
// from a database a list of reviews about a specified
// product and then databind it to an asp:datalist control.
//
//*******************************************************
private void Page_Load(object sender, System.EventArgs e)
{
// Obtain and databind a list of all reviews of a product
IBuySpy.ReviewsDB productReviews = new IBuySpy.ReviewsDB();
MyList.DataSource = productReviews.GetReviews(ProductID);
MyList.DataBind();
// Update navigation link for users to add a new review
AddReview.NavigateUrl = "ReviewAdd.aspx?productID=" + ProductID.ToString();
}
//*******************************************************
//
// The ReviewAddBtn_Click event is used to add a new
// review into the IBuySpy Reviews database.
//
// Note that we are deliberately HtmlEncoding all text
// values *before* adding them to the database. This allows
// us to prevent hackers from adding images or hyperlinks
// into the message content.
//
//*******************************************************
private void ReviewAddBtn_Click(object sender, System.Web.UI.ImageClickEventArgs e)
{
// Only add the review if all fields on the page are valid
if (Page.IsValid == true)
{
// Obtain ProductID from Page State
int productID = (int)ViewState["productID"];
// Obtain Rating number of RadioButtonList
int rating = Int32.Parse(Rating.SelectedItem.Value);
// Add Review to ReviewsDB. HtmlEncode before entry
IBuySpy.ReviewsDB review = new IBuySpy.ReviewsDB();
review.AddReview(productID, Server.HtmlEncode(Name.Text), Server.HtmlEncode(Email.Text), rating, Server.HtmlEncode(Comment.Text));
// Redirect client back to the originating product details page
Response.Redirect("ProductDetails.aspx?ProductID=" + productID);
}
}