adding comments like facebook with ASP.NET

I'm developing an blog using ASP.NET, and I want that the user can be able to add comments.

So I want to implement the idea of facebook on adding comments.

The comment will be stored in the database, so I will be able to load it with the page if the user goes to another web page.

You have any idea how can I do this thing ( Ajax, Javascript, jQuery, Ajax Toolkit ) ?

EDIT:

I found this :

<body>

<form id="form1" runat="server">

<p>

<textarea id="textArea"></textarea>

</p>

<input type="submit" value="Commenter"/>

<br />

</form>

<p>Add some Test to the page</p>

</bo开发者_运维问答dy>

and script.js :

window.onload = initAll;

function initAll() {

document.getElementsByTagName("form")[0].onsubmit = addNode;

}

function addNode() {

var inText = document.getElementById("textArea").value;

var newText = document.createTextNode(inText);

var newGraf = document.createElement("p");

newGraf.appendChild(newText);

var docBody = document.getElementsByTagName("body")[0];

docBody.appendChild(newGraf);

return false;

}

But how can I save the comment in the database, because an input button can't do this !

You don't necessarily need to use JavaScript to do this, although if you wish to do this asynchronously to provide a more responsive user experience then you will need JavaScript.

Using ASP.NET web forms, there are a number of ways this could be set up on the server side. You could use

1. Page methods
2. ASMX web services
3. WCF services

And call them using JavaScript from the client side. Inside of the server side code is where you will connect to the database, perform your CRUD operation and return a response back to the client that made the AJAX call.

A note on security - you'll want to sanitise the comments and mitigate SQL injection, XSS, XSRF and other types of injection attacks. The Anti-XSS library (soon to be superceded by the Web Protection library) is a good tool to leverage to do this and offers a better approach to encoding than the standard encoding in ASP.NET

Generally, if you are using GridView to display those blog post, simply add a template field into the Gridview. Inside the template filed, you put a Textbox and a Button.

When user click on the button, use your code behind to find the postID, and textbox, and save it to database, and then remember to bind the data to the gridview again.

Here is some sample code.

protected void btnBuy_Click(object sender, ImageClickEventArgs e)
{
    ImageButton btnBuy = (ImageButton)sender; //Find which button is clicked.
    //If that is a button, use Button btnBuy = (Button)Sender;

    GridViewRow row = (GridViewRow)btnBuy.NamingContainer; //Find which gridview row     //containes the clicked button

    Label lblPostID = (Label)row.FindControl("lblPostID"); //Find the post ID
    TextBox txtComment = (TextBox)row.FindControl("txtComments"); //Find the textbox

    //Save the data to database.
    //Put your code here.

    //Bind the gridview with the data source which got some new data.
    GridView1.DataSource = yourDataSource;
    GridView1.DataBind();
}