我有一个禁用的 TextBox,我正在使用 JavaScript 在客户端编辑它的值。当我尝试在服务器端检索值时,它不会反射(reflect)在客户端所做的更改。如果我将 TextBox 的 enabled 属性设置为 true,我可以检索该值,但用户能够放置焦点并编辑 TextBox。
有没有一种明智的方法可以防止用户将焦点放在 TextBox 上并对其进行编辑?
最佳答案
使用文本框的只读属性。
编辑:根据 OP 的评论,这可能无法解决问题。
编辑 2:来自 DotNetSlackers:
So what's the difference between these two properties and why do both exist? There are two differences between these two properties, a trivial difference and a subtle, profound one:
- The two properties emit different markup. When you set Enabled to False, the TextBox injects the attribute disabled="disabled" intoits rendered HTML. When you set the ReadOnly property to True, the attribute readonly="readonly" is injected.
- According to the W3C spec on HTML forms, disabled controls areNOT "successful," while read-only controls MAY BE "successful." A "successful" control is one whose name/value pair is sent back to the browser through the POST headers or querystring. Therefore, disabled controls are NOT sent back to the ASP.NET page, while read-only controls may be, depending on the User Agent. (In my tests,both IE 6and FireFox 1.5 send along the read-only TextBox input.)
......
If you encountered this problem in ASP.NET version 1.x you might have found the TextBox's ReadOnly property and used that instead of setting Enabled to False. You could still have a page's ViewState disabled and set a read-only TextBox Web control's Text property programmatically because the TextBox value is sent back through the form submission for read-only controls. However, in ASP.NET version 2.0, things change just a bit, as noted by Rick Strahlin his blog entry ASP.NET 2.0 ReadOnly behavior change when EnableViewState is false. With 2.0, the TextBox control'sReadOnly property's behavior has changed slightly. From the technical docs:
当回发发生时,将 ReadOnly 属性设置为 true 的 TextBox 控件的 Text 值发送到服务器,但服务器不处理只读文本框。这可以防止恶意用户更改只读的文本值。 Text 属性的值保留在回发之间的 View 状态中,除非被服务器端代码修改。
What happens is that the client sends along the value of the read-only TextBox through the form values, but the ASP.NET 2.0 engine does not take that value and assign it to the Text property of the TextBox on postback to help protect against a malicious user changing the read-only TextBox value themselves. But this brings us back to our earlier problem - if the value isn't specified in the postback (or is ignored, in this case) and ViewState is disabled, the value will be lost. Eep.
Rick'sworkaround was to just manually read the value from the request headers (this .TextBox1.Text = Request[this.TextBox1.UniqueID];), which poses a security risk and introduces the problem that 2.0 addresses. The optimal approach is to requery the value from the database (or wherever you initially got the programmatically-set value for the read-only TextBox).
The moral of this blog post is that if you have read-only data you can use either disabled or read-only form fields, it really doesn't matter whether or not you receive back the value of the form field in the form's submissions. It shouldn't matter because you shouldn't be trusting/using that data to begin with! If you have read-only data, don't re-read it from a data stream that the end user can tinker with!
关于c# - 检索 asp :TextBox 的值,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/803003/