我认为我的上传在星期五正常工作,但是当我今天上午测试网站时,它无法正常工作。我的上传应该会进入上传/文件,然后进入与上传的产品ID相对应的文件。我上传的文件没有进入正确的文件夹
例如:我的测试产品是ProductID 519.我想上传一个文档,以便上传/ 519。当我将鼠标悬停在上传的文件上时,它显示uploads/519/PhoneList.xls - 这是正确的。但是,当我在Visual Studio 2010中检查我的解决方案资源管理器时,文件显示在519文件之外,因为519PhoneList.xls
有人可以告诉我为什么会发生这种情况,并帮助我弄清楚如何解决它?我试过删除一个/这里和那里,但我找不到合适的地方修复。
Protected Sub SubmitDocument_Click(ByVal sender As Object, ByVal e As EventArgs) Handles SubmitDocument.Click
DocumentModal.Hide()
'Builds the full absolute URL to be inserted into the database.
Dim hostURL As String = Request.Url.Scheme & "://" & Request.Url.Host & ":" & Request.Url.Port & Request.ApplicationPath
Dim sqlFileHREF As String = Nothing
Dim MarketingTitle As String = DocumentTitle.Text
'SQL INSERT: Marketing Table
sqlFileHREF = "INSERT INTO Marketing (ProductID, MarketingTypeID, MarketingTitle, MarketingData) VALUES (" & ProductID.Value & " ,4, '" & DocumentTitle.Text & "', '" & hostURL & "uploads/" & ProductID.Value & "/" & DocumentUpload.FileName & "')"
sqlFileHREF.Replace("'", "''")
DocumentUpload.PostedFile.SaveAs(Server.MapPath("/uploads/" & ProductID.Value & DocumentUpload.PostedFile.FileName))
'Create SQL Connection
Dim SqlConnection As New SqlConnection("Server=off-db1;uid=productsDB_admin;pwd=*****;database=Products")
SqlConnection.Open()
Dim sqlCommand As New SqlCommand(sqlFileHREF, SqlConnection)
sqlCommand.ExecuteNonQuery()
SqlConnection.Close()
Response.Redirect(Request.RawUrl)
End Sub
<!-- Add a Document -->
<li>
<asp:LinkButton ID="DocumentButton" runat="server">Document</asp:LinkButton>
<asp:Panel ID="DocumentPanel" runat="server" CssClass="modalPopup" Style="display:none">
Title:<asp:TextBox ID="DocumentTitle" runat="server"></asp:TextBox>
<asp:FileUpload ID="DocumentUpload" runat="server" />
<asp:Label ID="DocumentLabel" runat="server"></asp:Label>
<asp:Button ID="SubmitDocument" runat="server" Text="Upload" onclick="SubmitDocument_Click" /><asp:Button ID="CancelDocument" runat="server" Text="Cancel" /><asp:HiddenField ID="filename" runat="server" />
</asp:Panel>
<asp:ModalPopupExtender ID="DocumentModal" runat="server" DropShadow="True" DynamicServicePath="" Enabled="True" PopupControlID="DocumentPanel" TargetControlID="DocumentButton"></asp:ModalPopupExtender>
</li>
你插入的数据是危险的方式。你应该阅读关于SQL注入。 – David
谢谢@David,我会的。 – jlg