开发者

Strange behaviour on postback in ASP.NET

I'm working on a website with a login form. To log in, a postback is used to an OnClick handler in the codebehind.

Somehow, the value returned from the Text-property of the username and password te开发者_Python百科xtboxes is ten times the value I entered, separated by commas. I checked my entire code for double ID's (which seems to be the most common problem causing this behaviour), but I found each ID defined only once.

In the ASPX file I have this:

<asp:Label ID="lblFeedback" ForeColor="Red" Font-Bold="true" runat="server" Visible="false" /><br />
        <asp:Panel ID="pnlLogin" runat="server">
            <table style="border-style: none;">
                <tr>
                    <td>
                        <asp:Label ID="lblUsername" AssociatedControlID="txtUsername" runat="server" />
                    </td>
                    <td>
                        <asp:TextBox ID="txtUsername" runat="server" /><br />
                    </td>
                </tr>
                <tr>
                    <td>
                        <asp:Label ID="lblPassword" AssociatedControlID="txtPassword" runat="server" />
                    </td>
                    <td>
                        <asp:TextBox ID="txtPassword" runat="server" TextMode="password" /><br />
                    </td>
                </tr>
                <tr>
                    <td>
                    </td>
                    <td>
                        <asp:Button ID="btnLogin" OnClick="btnLogin_Click" runat="server" />
                    </td>
                </tr>
            </table>
        </asp:Panel>

The OnClick handler in the Codebehind:

protected void btnLogin_Click(object sender, EventArgs e)
    {
        string username = Util.Escape(txtUsername.Text);
        string password = Util.Escape(txtPassword.Text);

        WebsiteUser user = WebsiteUser.Create(username, password);
        if (user != null)
        {
            //Set some session variables and redirect to user profile
        }
        else
        {
            lblFeedback.Text = Localizer.Translate("INVALID_LOGIN");
            lblFeedback.ForeColor = Color.Red;
            lblFeedback.Visible = true;
            pnlLogin.Visible = true;
        }
    }

The website is running on ASP.NET 2.0 on ISS 5.1 (Win XP Pro)


The code all looks okay. Some of the things that I would consider is your Util.Escape function. You could use HttpServerUtility.HtmlDecode if you are concerned about malicious entry. You could also go with the asp:login control as it provides all the features you are interested in.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜