简单的留言本

<%@ Page Language="C#" AutoEventWireup="true"  CodeFile="Default.aspx.cs" Inherits="_Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>无标题页</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
        姓名：<asp:TextBox ID="txtUserName" runat="server"></asp:TextBox><br />
        <br />
        留言：<asp:TextBox ID="txtMessage" runat="server" Height="159px" TextMode="MultiLine"
            Width="296px"></asp:TextBox><br />
        <br />
        <asp:Button ID="btnSendMessage" runat="server" Text="发表留言" OnClick="btnSendMessage_Click" /><br />
        <br />
        <asp:Repeater ID="rptMessage" runat="server">
        <ItemTemplate>
            <table width="600px" style="border:solid 1px #666666; font-size:11pt; background-color:#f0f0f0">
                <tr>
                    <td align="left" width="400px">
                    <%# Eval("Message") %>
                    </td>
                    <td align="right" width="200px">
                    <%# Eval("PostTime") %>-<%# Eval("UserName") %>
                    </td>
                </tr>
                <tr>
                    <td colspan="2" align="right">
                    <hr width="300px" />
                    管理员回复：<%# Eval("IsReplied").ToString()=="false" ? "暂无" : Eval("Reply") %>
                    </td>
                    
                </tr>
            </table>
        </ItemTemplate>
        </asp:Repeater>
    </div>
    </form>
</body>
</html>

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Collections;
using System.Data.SqlClient;

public partial class _Default : System.Web.UI.Page 
{
    //连接字符串
    private string connString = "server=.\\sqlexpress;database=GuestBook;uid=sa;pwd=123456;";

    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            //第一次请求
            BindData();
        }
    }

    //发表留言
    protected void btnSendMessage_Click(object sender, EventArgs e)
    {
        using (SqlConnection conn=new SqlConnection(connString))
        {
            //使用参数化sql防止sql注入
            string sql = "insert into GuestBook(UserName,PostTime,Message,IsReplied,Reply) values(@UserName,@PostTime,@Message,@IsReplied,@Reply)";
            conn.Open();
            using (SqlCommand comm=new SqlCommand(sql,conn))
            {
                comm.Parameters.AddWithValue("@UserName",txtUserName.Text);
                comm.Parameters.AddWithValue("@PostTime",DateTime.Now);
                comm.Parameters.AddWithValue("@Message",txtMessage.Text);
                comm.Parameters.AddWithValue("@IsReplied",0);
                comm.Parameters.AddWithValue("@Reply","");
                comm.ExecuteNonQuery();
            }
        }
        BindData();
    }

    //绑定数据
    private void BindData()
    {
        DataSet ds = new DataSet();
        using (SqlConnection conn=new SqlConnection(connString))
        {
            string sql = "select * from GuestBook order by PostTime Desc";
            using (SqlDataAdapter sda=new SqlDataAdapter(sql,conn))
            {
                sda.Fill(ds);
            }
        }
        rptMessage.DataSource = ds;
        rptMessage.DataBind();
    }
}