能不能说的清楚一点我的如下:
string title="hdskfj";
string content1=Encode.sqlEncode(Encode.clearCSS(reply.Value));
DateTime time=DateTime.Now;
sql="insert into bbs(title,authorid,content,followid,messagetime,kind,answer) values('"+title1+"','"+1+"','"+content1+"','"+tieid+"','"+time+"','"+1+"','"+0+"')";
con=new SqlConnection(myConst.ConnString);
con.Open();
com=new SqlCommand(sql,con);
com.ExecuteNonQuery();
下面的是度的代码:
sql="select content,MessageTime from bbs where FollowId="+tieid; con=new SqlConnection(myConst.ConnString);
con.Open();
com=new SqlCommand(sql,con);
reader=com.ExecuteReader();
while(reader.Read())
{
Response.write(reader.Getstring(0));
}
结果是没有显示输入时的格式。
为什么?????
string title="hdskfj";
string content1=Encode.sqlEncode(Encode.clearCSS(reply.Value));
DateTime time=DateTime.Now;
sql="insert into bbs(title,authorid,content,followid,messagetime,kind,answer) values('"+title1+"','"+1+"','"+content1+"','"+tieid+"','"+time+"','"+1+"','"+0+"')";
con=new SqlConnection(myConst.ConnString);
con.Open();
com=new SqlCommand(sql,con);
com.ExecuteNonQuery();
下面的是度的代码:
sql="select content,MessageTime from bbs where FollowId="+tieid; con=new SqlConnection(myConst.ConnString);
con.Open();
com=new SqlCommand(sql,con);
reader=com.ExecuteReader();
while(reader.Read())
{
Response.write(reader.Getstring(0));
}
结果是没有显示输入时的格式。
为什么?????
content = content.Replace("<","<");
content = content.Replace(">",">");
content = content.Replace(" "," ");
content = content.Replace("\n","<br>");
content = content.Replace( "'","''" ).Trim();************************************************************************
先进行字符转换,再写入数据库。
content1=Encode.sqlEncode(Server.HtmlEncode(content.InnerText));
其中
public static string sqlEncode(string str)
{
str = str.Replace("\'", "\'\'");
str = str.Replace("\"", "\"\""); return str;
}
还是不行嘛!!