Esempio n. 1
0
        //*******************************************************
        //
        // The Page_Load event on this user control is used to obtain
        // from a database a list of reviews about a specified
        // product and then databind it to an asp:datalist control.
        //
        //*******************************************************

        private void Page_Load(object sender, System.EventArgs e)
        {
            // Obtain and databind a list of all reviews of a product
            IBuySpy.ReviewsDB productReviews = new IBuySpy.ReviewsDB();

            MyList.DataSource = productReviews.GetReviews(ProductID);
            MyList.DataBind();

            // Update navigation link for users to add a new review
            AddReview.NavigateUrl = "ReviewAdd.aspx?productID=" + ProductID.ToString();
        }
Esempio n. 2
0
        //*******************************************************
        //
        // The ReviewAddBtn_Click event is used to add a new
        // review into the IBuySpy Reviews database.
        //
        // Note that we are deliberately HtmlEncoding all text
        // values *before* adding them to the database.  This allows
        // us to prevent hackers from adding images or hyperlinks
        // into the message content.
        //
        //*******************************************************

        private void ReviewAddBtn_Click(object sender, System.Web.UI.ImageClickEventArgs e)
        {
            // Only add the review if all fields on the page are valid
            if (Page.IsValid == true)
            {
                // Obtain ProductID from Page State
                int productID = (int)ViewState["productID"];

                // Obtain Rating number of RadioButtonList
                int rating = Int32.Parse(Rating.SelectedItem.Value);

                // Add Review to ReviewsDB.  HtmlEncode before entry
                IBuySpy.ReviewsDB review = new IBuySpy.ReviewsDB();
                review.AddReview(productID, Server.HtmlEncode(Name.Text), Server.HtmlEncode(Email.Text), rating, Server.HtmlEncode(Comment.Text));

                // Redirect client back to the originating product details page
                Response.Redirect("ProductDetails.aspx?ProductID=" + productID);
            }
        }