edit_comment.aspx

Bug管理系统

<%@ Page language="C#" validateRequest="false" %>
<!--
Copyright 2002-2005 Corey Trager
Distributed under the terms of the GNU General Public License
-->
<!-- #include file = "inc.aspx" -->

<script language="C#" runat="server">

int id;
int bug_id;
String sql;

DbUtil dbutil;
Security security;


///////////////////////////////////////////////////////////////////////
void Page_Load(Object sender, EventArgs e)
{

	Util.do_not_cache(Response);
	dbutil = new DbUtil();
	security = new Security();

	if (Util.get_setting("AllowCommentDeletionForNonAdmins","1") == "1")
	{
		security.check_security(dbutil, Request, Response, Security.ANY_USER_OK_EXCEPT_GUEST);
	}
	else
	{
		security.check_security(dbutil, Request, Response, Security.MUST_BE_ADMIN);
	}


	title.InnerText = Util.get_setting("AppTitle","BugTracker.NET") + " - " 
		+ "edit comment";

	msg.InnerText = "";

	string var = Request.QueryString["id"];
	id = Convert.ToInt32(var);

	var = Request.QueryString["bug_id"];
	bug_id = Convert.ToInt32(var);


	if (!IsPostBack)
	{

		// Get this entry's data from the db and fill in the form

		sql = @"select bc_comment from bug_comments where bc_id = $id";
		sql = sql.Replace("$id", Convert.ToString(id));
		DataRow dr = dbutil.get_datarow(sql);
		comment.Value = HttpUtility.HtmlEncode((string) dr["bc_comment"]);


	}

}

void Page_Unload(Object sender, EventArgs e)
{
	if (dbutil != null) {dbutil.close();}
}

///////////////////////////////////////////////////////////////////////
Boolean validate()
{

	Boolean good = true;

	if (comment.Value.Length == 0)
	{
		msg.InnerText = "Comment cannot be blank.";
		return false;
	}

	return good;
}

///////////////////////////////////////////////////////////////////////
void on_update (Object sender, EventArgs e)
{

	Boolean good = validate();

	if (good)
	{

		sql = @"update bug_comments set bc_comment = N'$c' where bc_id = $id";
		sql = sql.Replace("$c", HttpUtility.HtmlDecode(comment.Value.Replace("'", "''")));
		sql = sql.Replace("$id", Convert.ToString(id));
		dbutil.execute_nonquery(sql);
		Response.Redirect ("edit_bug.aspx?id=" + Convert.ToString(bug_id));

	}

}

</script>

<html>
<head>
<title id="title" runat="server">btnet edit comment</title>
<link rel="StyleSheet" href="btnet.css" type="text/css">
</head>
<body>
<% security.write_menu(Response, Util.get_setting("PluralBugLabel","bugs")); %>


<div class=align><table border=0><tr><td>
<a href=edit_bug.aspx?id=<% Response.Write(Convert.ToString(bug_id));%>>back to <% Response.Write(Util.get_setting("SingularBugLabel","bug")); %></a>
<form class=frm runat="server">
	<table border=0>

	<tr>
	<td colspan=3>
	<textarea rows=8 cols=80 runat="server" class=txt id="comment"></textarea>
	</tr>

	<tr><td colspan=3 align=left>
	<span runat="server" class=err id="msg">&nbsp;</span>
	</td></tr>

	<tr>
	<td colspan=2 align=center>
	<input runat="server" class=btn type=submit id="sub" value="Update" OnServerClick="on_update">
	<td>&nbsp</td>
	</td>
	</tr>
	</td></tr></table>
</form>
</td></tr></table></div>
</body>
</html>