bbs_edit.aspx.cs

OA系统,数据库为SQLSever 。net c#

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class BBS_BBS_Edit : System.Web.UI.Page
{
    WebService webService = new WebService();
    string strSql;
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["UserID"] == null || Session["UserLevel"] == null)
        {
            Response.Redirect("~/Error.aspx");
        }
        if (!Page.IsPostBack)
        {
            strSql = "Select BM_Title,BM_Content,BM_AddPersonID from z_BbsMessage where BM_ID='" + Request.QueryString["bid"] + "';";
            DataTable table = webService.ExcuteSelect(strSql);
            this.tbTitle.Text = table.Rows[0]["BM_Title"].ToString();
            this.tbContent.Text = table.Rows[0]["BM_Content"].ToString();
            if(table.Rows[0]["BM_AddPersonID"].ToString()!=Session["UserID"].ToString())
            {
                Response.Redirect("~/Error.aspx");
            }
        }
    }
    protected void btnSubmit_Click(object sender, EventArgs e)
    {
        strSql = "Update z_BbsMessage set BM_Title='" + this.tbTitle.Text + "',BM_Content='" + this.tbContent.Text + "',BM_ModifyDate='" + DateTime.Now + "' where BM_ID='" + Request.QueryString["bid"] + "';";
        webService.ExcuteSql(strSql);
        Response.Redirect("BBS_Info.aspx?bid="+Request.QueryString["bid"]);
    }
    protected void btnCancel_Click(object sender, EventArgs e)
    {
        Response.Redirect("BBS_Info.aspx?bid=" + Request.QueryString["bid"]);
    }
}