I need to retrieve a record from a database, display it on a web page (I'm using ASP.NET) but store the ID (primary key) from that record somewhere so I can go back to the database later with that ID (perhaps to do an update).
我需要从数据库中检索记录,将其显示在网页上(我使用的是ASP.NET),但是将记录中的ID(主键)存储在某处,这样我以后可以使用该ID返回数据库(也许要做更新)。
I know there are probably a few ways to do this, such as storing the ID in ViewState or a hidden field, but what is the best method and what are the reasons I might choose this method over any others?
我知道可能有几种方法可以做到这一点,比如在ViewState或隐藏字段中存储ID,但最好的方法是什么,以及我可能选择这种方法的原因是什么?
7 个解决方案
#1
6
It depends.
Do you care if anyone sees the record id? If you do then both hidden fields and viewstate are not suitable; you need to store it in session state, or encrypt viewstate.
如果有人看到记录ID,你关心吗?如果你这样做,那么隐藏的字段和viewstate都不合适;您需要将其存储在会话状态,或加密viewstate。
Do you care if someone submits the form with a bogus id? If you do then you can't use a hidden field (and you need to look at CSRF protection as a bonus)
如果有人提交伪造身份证明表格,您是否在乎?如果你这样做,你就不能使用隐藏的字段(你需要将CSRF保护作为奖励)
Do you want it unchangable but don't care about it being open to viewing (with some work)? Use viewstate and set enableViewStateMac="true" on your page (or globally)
你想要它是不可改变的,但不关心它是否可以观看(有一些工作)?使用viewstate并在页面上设置enableViewStateMac =“true”(或全局)
Want it hidden and protected but can't use session state? Encrypt your viewstate by setting the following web.config entries
想要隐藏和保护但不能使用会话状态?通过设置以下web.config条目来加密您的视图状态
<pages enableViewState="true" enableViewStateMac="true" />
<machineKey ... validation="3DES" />
#2
2
Do you want the end user to know the ID? For example if the id value is a standard 1,1 seed from the database I could look at the number and see how many customers you have. If you encrypt the value (as the viewstate can) I would find it much harder to decypher the key (but not impossible).
您希望最终用户知道ID吗?例如,如果id值是数据库中的标准1,1种子,我可以查看数字并查看您拥有的客户数量。如果你加密了这个值(就像viewstate那样),我会发现把密钥去除更加困难(但并非不可能)。
The alternative is to store it in the session, this will put a (very small if its just an integer) performance hit on your application but mean that I as a user never see that primary key. It also exposes the object to other parts of your application, that you may or may not want it to be exposed to (session objects remain until cleared, a set time (like 5 mins) passes or the browser window is closed - whichever happens sooner.
另一种方法是将它存储在会话中,这将在您的应用程序中放置一个(非常小,如果它只是一个整数)性能命中,但意味着我作为用户永远不会看到该主键。它还将对象暴露给应用程序的其他部分,您可能希望或不希望它被暴露(会话对象保持到清除,设置时间(如5分钟)通过或浏览器窗口关闭 - 以较快者为准。
View state values cause extra load on the client after every post back, because the viewstate not only saves objects for the page, but remembers objects if you use the back button. That means after every post back it viewstate gets slightly bigger and harder to use. They will only exist on he page until the browser goes to another page.
查看状态值会在每次回发后导致客户端上出现额外负载,因为视图状态不仅会保存页面的对象,还会在使用后退按钮时记住对象。这意味着在每个帖子之后它的viewstate变得更大,更难使用。它们将仅存在于页面上,直到浏览器转到另一页面。
Whenever I store an ID in the page like this, I always create a property
每当我像这样在页面中存储ID时,我总是创建一个属性
public int CustomerID {
get { return ViewState("CustomerID"); }
set { ViewState("CustomerID") = value; }
}
or
Public Property CustomerID() As Integer
Get
Return ViewState("CustomerID")
End Get
Set(ByVal value As Integer)
ViewState("CustomerID") = value
End Set
End Property
That way if you decide to change it from Viewstate to a session variable or a hidden form field, it's just a case of changing it in the property reference, the rest of the page can access the variable using "Page.CustomerID".
这样,如果您决定将其从Viewstate更改为会话变量或隐藏的表单字段,只需在属性引用中更改它,页面的其余部分可以使用“Page.CustomerID”访问变量。
#3
0
ViewState is an option. It is only valid for the page that you are on. It does not carry across requests to other resources like the Session object.
ViewState是一个选项。它仅对您所在的页面有效。它不会传递对Session对象等其他资源的请求。
Hidden fields work too, but you are leaking and little bit of information about your application to anyone smart enough to view the source of your page.
隐藏字段也可以工作,但是您正在泄漏一些关于您的应用程序的信息给任何足够聪明的人来查看您的页面来源。
You could also store your entire record in ViewState and maybe avoid another round trip to th server.
您还可以将整个记录存储在ViewState中,并避免再次往返服务器。
#4
0
I personally am very leery about putting anything in the session. Too many times our worker processes have cycled and we lost our session state.
我个人对于在会议中提出任何内容非常谨慎。我们的工作进程已经循环多次,我们失去了会话状态。
As you described your problem, I would put it in a hidden field or in the viewstate of the page.
在您描述问题时,我会将其放在隐藏字段或页面的视图状态中。
Also, when determining where to put data like this, always look at the scope of the data. Is it scoped to a single page, or to the entire session? If the answer is 'session' for us, we put it in a cookie. (Disclaimer: We write intranet apps where we know cookies are enabled.)
此外,在确定这样放置数据的位置时,请始终查看数据的范围。它是作为单个页面还是整个会话的范围?如果答案是“会话”,我们将其放入cookie中。 (免责声明:我们编写内部网应用程序,我们知道已启用cookie。)
#5
0
If its a simple id will choose to pass it in querystring, that way you do not need to do postbacks and page is more accessible for users and search engines.
如果它的一个简单id将选择以查询字符串传递它,那么你不需要做回发,并且页面对于用户和搜索引擎更容易访问。
#6
-1
Session["MyId"]=myval;
It would be a little safer and essentially offers the same mechanics as putting it in the viewstate
它会更安全,并且基本上提供与将其放入视图状态相同的机制
#7
-1
I tend to stick things like that in hidden fields just do a little
我倾向于在隐藏的领域中坚持这样的事情
<asp:label runat=server id=lblThingID visible=false />
#1
6
It depends.
Do you care if anyone sees the record id? If you do then both hidden fields and viewstate are not suitable; you need to store it in session state, or encrypt viewstate.
如果有人看到记录ID,你关心吗?如果你这样做,那么隐藏的字段和viewstate都不合适;您需要将其存储在会话状态,或加密viewstate。
Do you care if someone submits the form with a bogus id? If you do then you can't use a hidden field (and you need to look at CSRF protection as a bonus)
如果有人提交伪造身份证明表格,您是否在乎?如果你这样做,你就不能使用隐藏的字段(你需要将CSRF保护作为奖励)
Do you want it unchangable but don't care about it being open to viewing (with some work)? Use viewstate and set enableViewStateMac="true" on your page (or globally)
你想要它是不可改变的,但不关心它是否可以观看(有一些工作)?使用viewstate并在页面上设置enableViewStateMac =“true”(或全局)
Want it hidden and protected but can't use session state? Encrypt your viewstate by setting the following web.config entries
想要隐藏和保护但不能使用会话状态?通过设置以下web.config条目来加密您的视图状态
<pages enableViewState="true" enableViewStateMac="true" />
<machineKey ... validation="3DES" />
#2
2
Do you want the end user to know the ID? For example if the id value is a standard 1,1 seed from the database I could look at the number and see how many customers you have. If you encrypt the value (as the viewstate can) I would find it much harder to decypher the key (but not impossible).
您希望最终用户知道ID吗?例如,如果id值是数据库中的标准1,1种子,我可以查看数字并查看您拥有的客户数量。如果你加密了这个值(就像viewstate那样),我会发现把密钥去除更加困难(但并非不可能)。
The alternative is to store it in the session, this will put a (very small if its just an integer) performance hit on your application but mean that I as a user never see that primary key. It also exposes the object to other parts of your application, that you may or may not want it to be exposed to (session objects remain until cleared, a set time (like 5 mins) passes or the browser window is closed - whichever happens sooner.
另一种方法是将它存储在会话中,这将在您的应用程序中放置一个(非常小,如果它只是一个整数)性能命中,但意味着我作为用户永远不会看到该主键。它还将对象暴露给应用程序的其他部分,您可能希望或不希望它被暴露(会话对象保持到清除,设置时间(如5分钟)通过或浏览器窗口关闭 - 以较快者为准。
View state values cause extra load on the client after every post back, because the viewstate not only saves objects for the page, but remembers objects if you use the back button. That means after every post back it viewstate gets slightly bigger and harder to use. They will only exist on he page until the browser goes to another page.
查看状态值会在每次回发后导致客户端上出现额外负载,因为视图状态不仅会保存页面的对象,还会在使用后退按钮时记住对象。这意味着在每个帖子之后它的viewstate变得更大,更难使用。它们将仅存在于页面上,直到浏览器转到另一页面。
Whenever I store an ID in the page like this, I always create a property
每当我像这样在页面中存储ID时,我总是创建一个属性
public int CustomerID {
get { return ViewState("CustomerID"); }
set { ViewState("CustomerID") = value; }
}
or
Public Property CustomerID() As Integer
Get
Return ViewState("CustomerID")
End Get
Set(ByVal value As Integer)
ViewState("CustomerID") = value
End Set
End Property
That way if you decide to change it from Viewstate to a session variable or a hidden form field, it's just a case of changing it in the property reference, the rest of the page can access the variable using "Page.CustomerID".
这样,如果您决定将其从Viewstate更改为会话变量或隐藏的表单字段,只需在属性引用中更改它,页面的其余部分可以使用“Page.CustomerID”访问变量。
#3
0
ViewState is an option. It is only valid for the page that you are on. It does not carry across requests to other resources like the Session object.
ViewState是一个选项。它仅对您所在的页面有效。它不会传递对Session对象等其他资源的请求。
Hidden fields work too, but you are leaking and little bit of information about your application to anyone smart enough to view the source of your page.
隐藏字段也可以工作,但是您正在泄漏一些关于您的应用程序的信息给任何足够聪明的人来查看您的页面来源。
You could also store your entire record in ViewState and maybe avoid another round trip to th server.
您还可以将整个记录存储在ViewState中,并避免再次往返服务器。
#4
0
I personally am very leery about putting anything in the session. Too many times our worker processes have cycled and we lost our session state.
我个人对于在会议中提出任何内容非常谨慎。我们的工作进程已经循环多次,我们失去了会话状态。
As you described your problem, I would put it in a hidden field or in the viewstate of the page.
在您描述问题时,我会将其放在隐藏字段或页面的视图状态中。
Also, when determining where to put data like this, always look at the scope of the data. Is it scoped to a single page, or to the entire session? If the answer is 'session' for us, we put it in a cookie. (Disclaimer: We write intranet apps where we know cookies are enabled.)
此外,在确定这样放置数据的位置时,请始终查看数据的范围。它是作为单个页面还是整个会话的范围?如果答案是“会话”,我们将其放入cookie中。 (免责声明:我们编写内部网应用程序,我们知道已启用cookie。)
#5
0
If its a simple id will choose to pass it in querystring, that way you do not need to do postbacks and page is more accessible for users and search engines.
如果它的一个简单id将选择以查询字符串传递它,那么你不需要做回发,并且页面对于用户和搜索引擎更容易访问。
#6
-1
Session["MyId"]=myval;
It would be a little safer and essentially offers the same mechanics as putting it in the viewstate
它会更安全,并且基本上提供与将其放入视图状态相同的机制
#7
-1
I tend to stick things like that in hidden fields just do a little
我倾向于在隐藏的领域中坚持这样的事情
<asp:label runat=server id=lblThingID visible=false />