protected void Page_Load(object sender, EventArgs e) { /******************judege the role*************************/ string s_role = Session["loginRole"].ToString(); string s_staffID = Session["loginID"].ToString(); if (s_role != "rep" && s_role != "emp") { Response.Redirect("Login.aspx"); //it should alert() or redirect to an error page; } /******************Judge if the url query is empty***********************/ int reqID = Int32.Parse(Request.QueryString["reqID"]); if (reqID.ToString() == null) { Response.Redirect("Emp_MyRequisition.aspx"); } this.reqID = reqID; /****************judge the staffID************************/ RequisitionDAO rdao = new RequisitionDAO(); string url_staffID = rdao.getStaffIDByReqID(reqID); if (url_staffID == null) { Response.Redirect("Emp_MyRequisition"); } if (url_staffID != s_staffID) { Response.Redirect("Login.aspx"); //it should alert() or redirect to an error page; } reSubmit.Enabled = true; RequisitionItemDAO ridao = new RequisitionItemDAO(); string status = rdao.getStatusByReqID(reqID); //get status if (status == null) //this requisition doesn't exist { Response.Redirect("Emp_MyRequisition.aspx"); } else if (status == "pending") { reSubmit.Enabled = false; } this.status = status; initPendingDataGrid(); }