Exemplo n.º 1
0
        protected void button5_ServerClick(object sender, EventArgs e)
        {
            BLL.Member member   = new BLL.Member();
            string     password = Common.GetStringOfForm("txtPassword");//txtPassword.Text.Trim();

            if (!member.CompareLoginPassword(UserLoginInfo.UserID, password))
            {
                //Label1.Text = "对不起,您输入的旧密码有误!";
                CommonManager.Web.RegJs(this, "alert('对不起,您输入的旧密码有误!');location.href=location.href;", true);
                BindInfo();
                return;
            }

            //昵称可以输入任何字符,所以要对它进行HTML编码,防止恶意木马脚本字符串;过滤"'"为"''",避免SQL注入式攻击
            string nickname = Server.HtmlEncode(Common.GetStringOfForm("nickname").Replace("'", "''"));
            string sex      = Common.FilterString(Common.GetStringOfForm("sex"));
            string pwd      = Common.FilterString(Common.GetStringOfForm("pwd"));
            string email    = Common.FilterString(Common.GetStringOfForm("email"));
            string mobile   = Common.FilterString(Common.GetStringOfForm("mobile"));
            string logoid   = Common.FilterString(Common.GetStringOfForm("hidLogoID"));
            string qqnum    = Common.FilterString(Common.GetStringOfForm("qqnum"));

            logoid = member.SetLogoID(Convert.ToInt32(sex.Trim()), Convert.ToInt32(logoid.Trim())).ToString();

            string _address  = Server.HtmlEncode(CommonManager.Web.RequestForm("txtAddress", ""));
            string _province = CommonManager.Web.RequestForm("hidProvince", "");
            string _city     = CommonManager.Web.RequestForm("hidCity", "");
            string _occu     = CommonManager.Web.RequestForm("txtOccuPation", "");

            //int iRows = member.UpdateBaseInfo(UserLoginInfo.UserID, pwd, nickname, int.Parse(logoid), int.Parse(sex), email, mobile, qqnum);
            int iRows = member.UpdateBaseInfo(UserLoginInfo.UserID, pwd, nickname, int.Parse(logoid), int.Parse(sex), email, mobile, _occu, _province, _city, _address, qqnum);

            if (iRows > 0)
            {
                //Label1.Text = "资料修改成功!" + DateTime.Now;
                CommonManager.Web.RegJs(this, "alert('资料修改成功!');location.href=location.href;", true);
                BindInfo();

                /*if (Convert.ToInt32(logoid.Trim()) <= BLL.Member.LogoId_Const2)
                 * {
                 *  //trImgType.Attributes.Add("style", "display:none");
                 *  //tbCust.Attributes.Add("style", "display:none");
                 * }*/
            }
            else
            {
                //Label1.Text = "抱歉,资料修改失败,可能是服务器繁忙,请稍候再试!";
                CommonManager.Web.RegJs(this, "alert('抱歉,资料修改失败,可能是服务器繁忙,请稍候再试!');location.href=location.href;", true);
            }
        }
Exemplo n.º 2
0
        protected void button5_ServerClick(object sender, EventArgs e)
        {
            BLL.Member member = new BLL.Member();
            string password = Common.GetStringOfForm("txtPassword");//txtPassword.Text.Trim();
            if (!member.CompareLoginPassword(UserLoginInfo.UserID, password))
            {
                //Label1.Text = "�Բ���������ľ���������";
                CommonManager.Web.RegJs(this, "alert('�Բ���������ľ���������');location.href=location.href;", true);
                BindInfo();
                return;
            }

            //�dzƿ��������κ��ַ�������Ҫ��������HTML���룬��ֹ����ľ��ű��ַ���������"'"Ϊ"''"������SQLע��ʽ����
            string nickname = Server.HtmlEncode(Common.GetStringOfForm("nickname").Replace("'", "''"));
            string sex = Common.FilterString(Common.GetStringOfForm("sex"));
            string pwd = Common.FilterString(Common.GetStringOfForm("pwd"));
            string email = Common.FilterString(Common.GetStringOfForm("email"));
            string mobile = Common.FilterString(Common.GetStringOfForm("mobile"));
            string logoid = Common.FilterString(Common.GetStringOfForm("hidLogoID"));
            string qqnum = Common.FilterString(Common.GetStringOfForm("qqnum"));
            logoid = member.SetLogoID(Convert.ToInt32(sex.Trim()), Convert.ToInt32(logoid.Trim())).ToString();

            string _address = Server.HtmlEncode( CommonManager.Web.RequestForm( "txtAddress", "" ) );
            string _province = CommonManager.Web.RequestForm( "hidProvince", "" );
            string _city = CommonManager.Web.RequestForm( "hidCity", "" );
            string _occu = CommonManager.Web.RequestForm( "txtOccuPation", "" );

            //int iRows = member.UpdateBaseInfo(UserLoginInfo.UserID, pwd, nickname, int.Parse(logoid), int.Parse(sex), email, mobile, qqnum);
            int iRows = member.UpdateBaseInfo( UserLoginInfo.UserID, pwd, nickname, int.Parse( logoid ), int.Parse( sex ), email, mobile, _occu, _province, _city, _address,qqnum);
            if (iRows > 0)
            {
                //Label1.Text = "�����޸ijɹ���" + DateTime.Now;
                CommonManager.Web.RegJs(this, "alert('�����޸ijɹ���');location.href=location.href;", true);
                BindInfo();
                /*if (Convert.ToInt32(logoid.Trim()) <= BLL.Member.LogoId_Const2)
                {
                    //trImgType.Attributes.Add("style", "display:none");
                    //tbCust.Attributes.Add("style", "display:none");
                }*/
            }
            else
            {
                //Label1.Text = "��Ǹ�������޸�ʧ�ܣ������Ƿ�������æ�����Ժ����ԣ�";
                CommonManager.Web.RegJs(this, "alert('��Ǹ�������޸�ʧ�ܣ������Ƿ�������æ�����Ժ����ԣ�');location.href=location.href;", true);
            }
        }