Partial Class basin Inherits System.Web.UI.Page Private Sub basin_Load(sender As Object, e As EventArgs) Handles Me.Load If Page.IsPostBack = False Then SqlDataSource1.SelectCommand = "SELECT TOP 15 id,TARIH,YAYINADI,RESIM FROM BASIN ORDER BY TARIH DESC" Repeater1.DataBind() End If End Sub Private Sub ara_ServerClick(sender As Object, e As EventArgs) Handles ara.ServerClick If bastar.Text.Trim = "" And bittar.Text.Trim = "" And kelime.Text.Trim = "" Then SqlDataSource1.SelectCommand = "SELECT TOP 15 id,TARIH,YAYINADI,RESIM FROM BASIN ORDER BY TARIH DESC" Repeater1.DataBind() Exit Sub End If Dim bastarvalue As Date Date.TryParse(bastar.Text, bastarvalue) Dim bittarvalue As Date Date.TryParse(bittar.Text, bittarvalue) Session.LCID = 1033 Dim sorgu As String = "SELECT id,TARIH,YAYINADI,RESIM FROM BASIN WHERE 1=1 " If bastar.Text.Trim <> "" Then sorgu += " AND TARIH >= '" & bastarvalue & "' " If bittar.Text.Trim <> "" Then sorgu += " AND TARIH <= '" & bittarvalue & "' " '--kelime araması varsa Dim sql As String = "" If kelime.Text.Trim <> "" Then Dim kelimeler() As String = kelime.Text.Split(" "c) Dim gelen As String = "" If kelimeler.Length > 1 Then For i As Integer = 0 To kelimeler.Length - 1 gelen = guvenlik(kelimeler(i).ToString()) sql &= " (YAYINADI LIKE '%" & gelen.ToLower & "%' OR YAYINADI LIKE '%" & gelen.ToUpper & "%') AND " Next sql = sql.Substring(0, sql.Length - 4) ElseIf kelimeler.Length = 1 Then gelen = guvenlik(kelimeler(0).ToString()) sql &= " (YAYINADI LIKE '%" & gelen.ToLower & "%' OR YAYINADI LIKE '%" & gelen.ToUpper & "%') " End If End If '--kelime araması varsa // If sql <> "" Then sorgu &= " AND " & sql sorgu += " ORDER BY TARIH DESC" SqlDataSource1.SelectCommand = sorgu Repeater1.DataBind() Session.LCID = 1055 End Sub Private Function guvenlik(ByVal cevir As String) As String cevir = Regex.Replace(cevir, ",", "") cevir = Regex.Replace(cevir, "/", "") cevir = Regex.Replace(cevir, vbLf, "") cevir = Regex.Replace(cevir, "/?", "") cevir = Regex.Replace(cevir, "/*", "") cevir = Regex.Replace(cevir, "'", "") cevir = Regex.Replace(cevir, "&", "") cevir = Regex.Replace(cevir, "<", "") cevir = Regex.Replace(cevir, ">", "") cevir = Regex.Replace(cevir, "=", "") cevir = Regex.Replace(cevir, ">", "") cevir = Regex.Replace(cevir, "<", "") cevir = Regex.Replace(cevir, "--", "") cevir = Regex.Replace(cevir, "char ", "") cevir = Regex.Replace(cevir, "delete ", "") cevir = Regex.Replace(cevir, "insert ", "") cevir = Regex.Replace(cevir, "update ", "") cevir = Regex.Replace(cevir, "select ", "") cevir = Regex.Replace(cevir, "truncate ", "") cevir = Regex.Replace(cevir, "union ", "") cevir = Regex.Replace(cevir, "script ", "") Return cevir End Function End Class