avoid local host ID to be edited by customers

i have an orderdetails page wherein customers can view their history page. And this is the url:

when i change the ID from 13 to lets say 14, it still shows the details on whats inside ID#14. What i want to happen is to have an error when customers try to change the localhost ID. Or to restrict the ID to be edited? Really dont have any idea on what to do. Encryption?

By the way here is the orderdetails code behind: (this is in user control)

public partial class ucCustomerOrder1 : System.Web.UI.UserControl
{
    public bool CanIUpdateStatus;

    public string TransactionNoText
    {
        get { return txtTransactionNo.Text; }
        set { txtTransactionNo.Text = value; }
    }
    public bool IsAuthorizedToAddStatus
    {
        set { CanIUpdateStatus = value; }
    }
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            if (Session["IslandGasAdmin/ST"] == null)
            {
                txtTransactionNo.ReadOnly = true;
                btnGo.Visible = false;
            }
            else
            {
                txtTransactionNo.ReadOnly = false;
                btnGo.Visible = true;
            }
            if (txtTransactionNo.Text != string.Empty)
            {
                ShowOrderDetails(rblOrderDetails.SelectedValue, Convert.ToInt32(txtTransactionNo.Text));
            }
            else
            {
                rblOrderDetails.Visible = false;
                Panel1.Visible = false;
                Panel2.Visible = false;
                Panel3.Visible = false;
                Panel4.Visible = false;
            }
        }
    }

    private void ShowOrderDetails(string PanelId, int OrderNo)
    {
        Panel1.Visible = false;
        Panel2.Visible = false;
        Panel3.Visible = false;
        Panel4.Visible = false;
        rblOrderDetails.Visible = false;

        if (IsOrderNoValid(OrderNo))
        {
            rblOrderDetails.Visible = true;
            if (PanelId == "1")
            {
                ShoppingCart k = new ShoppingCart
                {
                    Flag = OrderNo
                };
                DataTable dtCustomerDetails = k.GetOrderList();

                if (dtCustomerDetails.Rows.Count > 0)
                {
                    Panel1.Visible = true;
                    lblCustomerName.Text = Convert.ToString(dtCustomerDetails.Rows[0]["CustomerName"]);
                    lblCustomerPhoneNo.Text = Convert.ToString(dtCustomerDetails.Rows[0]["CustomerPhoneNo"]);
                    lblCustomerEmailID.Text = Convert.ToString(dtCustomerDetails.Rows[0]["CustomerEmailID"]);
                    lblTotalPrice.Text = String.Format("{0:#,000.00}",dtCustomerDetails.Rows[0]["TotalPrice"]);
                    lblTotalProducts.Text = Convert.ToString(dtCustomerDetails.Rows[0]["TotalProducts"]);
                    txtCustomerAddress.Text = Convert.ToString(dtCustomerDetails.Rows[0]["CustomerAddress"]);
                    lblPaymentMethod.Text = Convert.ToString(dtCustomerDetails.Rows[0]["PaymentMethod"]);
                }
            }
            if (PanelId == "2")
            {
                Panel2.Visible = true;

                ShoppingCart k = new ShoppingCart()
                {
                    Flag = OrderNo
                };

                dlProducts.DataSource = k.GetTransactionDetails(); ;
                dlProducts.DataBind();
            }
            if (PanelId == "3")
            {
                Panel3.Visible = true;
                DropDownStatus.Visible = CanIUpdateStatus;
                txtStatus.Visible = false;
                //txtStatus.Visible = CanIUpdateStatus;
                btnAdd.Visible = CanIUpdateStatus;
                GetSetOrderStatus(0);
            }
        }
        else
        {
            Panel4.Visible = true;
        }
    }
    private bool IsOrderNoValid(int OrderNo)
    {
        ShoppingCart k = new ShoppingCart
        {
            Flag = OrderNo
        };
        DataTable dtCustomerDetails = k.GetOrderList();

        if (dtCustomerDetails.Rows.Count > 0)
            return true;
        else
            return false;
    }
    private void GetSetOrderStatus(int Flag)
    {
        ShoppingCart k = new ShoppingCart
        {
            OrderStatus = DropDownStatus.SelectedValue,
            OrderNo = txtTransactionNo.Text,
            Flag = Flag
        };
        DataTable dt = k.GetSetOrderStatus();

        gvOrderStatus.DataSource = dt;
        gvOrderStatus.DataBind();
        //txtStatus.Text = string.Empty;
        //DropDownStatus.SelectedValue = string.Empty;

    }

please do help me, thank you

标签： c# asp.net url encryption localhost

0条回答

avoid local host ID to be edited by customers

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间