SqlConnection myConnection = new SqlConnection(DataBaseDB.DataBaseDB1.ConnectionString);
String cmdText = "SELECT * FROM Notice WHERE NewsID='" + nNewsID.ToString() + "'";
SqlCommand Command = new SqlCommand("select Body from Notice WHERE NewsID='" + nNewsID.ToString() + "'", myConnection); SqlCommand myCommand = new SqlCommand(cmdText, myConnection);
myConnection.Open();
string BodyText = (string)Command.ExecuteScalar();
SqlDataReader recu = myCommand.ExecuteReader(CommandBehavior.CloseConnection);
while (recu.Read()) {
sTitle.Text = recu["Title"].ToString();
sBody.Text = System.Web.HttpUtility.HtmlEncode(BodyText); }
recu.Close();
String cmdText = "SELECT * FROM Notice WHERE NewsID='" + nNewsID.ToString() + "'";
SqlCommand Command = new SqlCommand("select Body from Notice WHERE NewsID='" + nNewsID.ToString() + "'", myConnection); SqlCommand myCommand = new SqlCommand(cmdText, myConnection);
myConnection.Open();
string BodyText = (string)Command.ExecuteScalar();
SqlDataReader recu = myCommand.ExecuteReader(CommandBehavior.CloseConnection);
while (recu.Read()) {
sTitle.Text = recu["Title"].ToString();
sBody.Text = System.Web.HttpUtility.HtmlEncode(BodyText); }
recu.Close();
转换html..HttpUtility.HtmlEncode换成HttpUtility.HtmlDecode