?using System;
using System.Data;
using System.Data.OleDb;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class Admin_Admin_Vote : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["UserID"] == "" || Session["UserID"] == null)
        {
            Response.Write("<script language=javascript>window.alert('為了系統安全，請您重新登陸');window.location.href=('Admin_Login.aspx')</script>");
        }
        if (!IsPostBack)
        {
            this.BindVoteListData();
        }
    }
    private void BindVoteListData()
    {
        OleDbConnection myconn = DB.CreateDB();
        OleDbCommand cmd = new OleDbCommand("select * from vote", myconn);
        DataSet ds = new DataSet();
        OleDbDataAdapter da = new OleDbDataAdapter(cmd);
        da.Fill(ds, "vote");
        ItemList.DataTextField = "VoteItem";
        ItemList.DataValueField = "VoteID";
        ItemList.DataSource = ds;
        ItemList.DataBind();

        myconn.Close();
    }
    protected void AddBtn_Click(object sender, EventArgs e)
    {
        string VoteItem =FunStr(Request["Item"]);
        OleDbConnection myconn = DB.CreateDB();
        myconn.Open();
        OleDbCommand cmd = new OleDbCommand("insert into vote(VoteItem) values('"+VoteItem+"')", myconn);
        cmd.ExecuteNonQuery();
        myconn.Close();
        this.BindVoteListData();
    }
    protected void deleteBtn_Click(object sender, ImageClickEventArgs e)
    {
        string VoteID = this.ItemList.SelectedValue.ToString();
        OleDbConnection myconn = DB.CreateDB();
        myconn.Open();
        OleDbCommand cmd = new OleDbCommand("delete * from vote where VoteID="+VoteID, myconn);
        cmd.ExecuteNonQuery();
        myconn.Close();
        this.BindVoteListData();
    }
    public static string FunStr(string str)
    {
        str = str.Replace("&", "&amp;");
        str = str.Replace("<", "&lt;");
        str = str.Replace(">", "&gt");
        str = str.Replace("'", "''");
        str = str.Replace("*", "");
        str = str.Replace("\n", "<br/>");
        str = str.Replace("\r\n", "<br/>");
        //str   =   str.Replace("?","");   
        str = str.Replace("select", "");
        str = str.Replace("insert", "");
        str = str.Replace("update", "");
        str = str.Replace("delete", "");
        str = str.Replace("create", "");
        str = str.Replace("drop", "");
        str = str.Replace("delcare", "");
        str = str.Replace("   ", "&nbsp;");

        str = str.Trim();
        if (str.Trim().ToString() == "")
            str = "無";
        return str;
    } 
}