using System; using System.Data; using System.Text; using System.Web.UI.WebControls; using CwhASPNETBase; public partial class news_info : System.Web.UI.Page { public string first = "", first1 = "",idnn="0"; public string wznr = ""; public string title = ""; public string addtime; public string yhtitle, yhkey, yhdesc, typename; DataOperation DAOP = new DataOperation(); protected void Page_Load(object sender, EventArgs e) { if (!string.IsNullOrEmpty(Request.QueryString["newsid"])) { if (Request.QueryString["newsid"].ToString().Length > 9) { Response.Redirect("http://www.baidu.com"); } else { if (SqlFilter(Request.QueryString["newsid"].ToString())) { Response.Redirect("http://www.baidu.com"); } else { idnn = CheckParameter(Request.QueryString["newsid"].ToString(), "string"); } } } BINDS(); databind2(); aa(); bb(); } private void aa() { StringBuilder sb11 = new StringBuilder(); string sql11 = "SELECT top 1 * FROM news WHERE newsid > '" + idnn + "' ORDER BY addtime"; DataTable dt11 = DAOP.getDataTable(sql11); int count1 = dt11.Rows.Count; if (count1 == 0) { sb11.Append("

上一篇:已是第一篇

"); } else { sb11.Append("

上一篇:" + dt11.Rows[0]["title"].ToString() + "

"); } first = sb11.ToString(); } private void bb() { StringBuilder sb22 = new StringBuilder(); string sql22 = "SELECT top 1 * FROM news WHERE newsid < '" + idnn + "' ORDER BY addtime desc"; DataTable dt22 = DAOP.getDataTable(sql22); int count2 = dt22.Rows.Count; if (count2 == 0) { sb22.Append("

下一篇:已是最后一篇

"); } else { sb22.Append("

下一篇:" + dt22.Rows[0]["title"].ToString() + "

"); } first1 = sb22.ToString(); } private void BINDS() { StringBuilder sb1 = new StringBuilder(); string sqln = ""; if (!string.IsNullOrEmpty(idnn)) { sqln = "SELECT newsid,title,addtime,content_nr,yhtitle,yhkey,yhdesc FROM news WHERE newsid='" + idnn + "'"; } else { sqln = "SELECT top 1 newsid,title,addtime,content_nr,yhtitle,yhkey,yhdesc FROM news order by newsid desc"; } DataTable dtn = DAOP.getDataTable(sqln); int countn = dtn.Rows.Count; if (countn == 1) { title = dtn.Rows[0][1].ToString(); addtime = dtn.Rows[0][2].ToString(); sb1.Append(dtn.Rows[0][3].ToString()); yhtitle = dtn.Rows[0][4].ToString(); yhkey = dtn.Rows[0][5].ToString(); yhdesc = dtn.Rows[0][6].ToString(); } wznr = sb1.ToString(); } public void databins(string sql, Repeater r) { r.DataSource = DAOP.getDataSet(sql).Tables[0].DefaultView; r.DataBind(); } public void databind2() { } public string CheckParameter(string InputString, string DataType) { if (DataType.ToLower() == "string") { return InputString.Replace("'", "''"); } else if (DataType.ToLower() == "number") { try { Convert.ToInt64(InputString); return InputString; } catch { return "不是数字类型"; } } else if (DataType.ToLower() == "date") { return InputString.Replace("'", "''"); } else { return InputString.Replace("'", "''"); } } public string len(string str, int len) { string lens = ""; if (!string.IsNullOrEmpty(str)) { if (str.Length > len) { lens = str.Substring(0, len) + "..."; return lens; } else { return str; } } else { return str; } } public static bool SqlFilter(string InText) { string word = "and|exec|insert|select|delete|update|chr|mid|master|or|truncate|char|declare|join"; if (InText == null) { return false; } else { foreach (string i in word.Split('|')) { if ((InText.ToLower().IndexOf(i + "") > -1) || (InText.ToLower().IndexOf("" + i) > -1)) { return true; } } return false; } } }