protected void ShowPageInfo(Pagedb db) { bool valid = true; string pageid = Request.QueryString["pageid"]; if (String.IsNullOrEmpty(pageid)) { valid = false; } show_pagetitle.InnerHtml = ""; show_pagebody.InnerHtml = ""; //We will attempt to get the record we need if (valid) { HTTP_Page page_record = db.FindPage(Int32.Parse(pageid)); show_pagetitle.InnerHtml = page_record.GetPagetitle(); show_pagebody.InnerHtml = page_record.GetPagebody(); edit_page.InnerHtml = "<div><a href =\"EditPage.aspx?pageid=" + pageid + "\">Edit</a></div>"; } else { valid = false; } if (!valid) { error_summary.InnerHtml = "There was an error finding that article."; } }
//Show the information of the article that needs editting protected void ShowPageInfo(Pagedb db) { bool valid = true; string pageid = Request.QueryString["pageid"]; if (String.IsNullOrEmpty(pageid)) { valid = false; } show_pagetitle.InnerHtml = ""; show_pagebody.InnerHtml = ""; if (valid) { HTTP_Page page_record = db.FindPage(Int32.Parse(pageid)); show_pagetitle.InnerHtml = page_record.GetPagetitle(); show_pagebody.InnerHtml = page_record.GetPagebody(); } else { valid = false; } //Problem //1. Edit page did not work //Reason: the query in Pagedb.cs is wrong //Solution/status: fixed //2. The pagebody did not update //Reason: Because of the "'" apostrope that make the wrong query //Solution/status + Future reference: Look into SQL parameterized query C# ASP.NET }
public void Update_Page(int pageid, HTTP_Page new_page) { string query = "update pages set pagetitle='{0}', pagebody='{1}' where pageid={2}"; query = String.Format(query, new_page.GetPagetitle(), new_page.GetPagebody(), pageid); MySqlConnection Connect = new MySqlConnection(ConnectionString); MySqlCommand cmd = new MySqlCommand(query, Connect); try { Connect.Open(); cmd.ExecuteNonQuery(); Debug.WriteLine("Executed query " + query); } catch (Exception ex) { Debug.WriteLine("Something went wrong in the Update_Page Method!"); Debug.WriteLine(ex.ToString()); } Connect.Close(); }
//adding a new page public void Add_Page(HTTP_Page new_page) { string query = "insert into pages (pagetitle, pagebody, authorid) values('{0}', '{1}', '{2}')"; query = string.Format(query, new_page.GetPagetitle(), new_page.GetPagebody(), new_page.GetAuthorid()); MySqlConnection Connect = new MySqlConnection(ConnectionString); MySqlCommand cmd = new MySqlCommand(query, Connect); try { Connect.Open(); cmd.ExecuteNonQuery(); } catch (Exception ex) { Debug.WriteLine("Something went wrong in the Add_Page Method!"); Debug.WriteLine(ex.ToString()); } Connect.Close(); }