Validating server side with asp.net and c# -


currently have website simple signup form in html, code:

<div class="grid_6 push_3 block alpha">          <div class="grid_6 form_block alpha  omega">             <label>שם משתמש</label>         </div>          <div class="grid_6 form_block alpha  omega">             <input type="text" id="username" name="username" pattern="^\s{4,}$" required />         </div>           <div class="grid_6 alpha omega  form_block">             <label>סיסמא</label>         </div>          <div class="grid_6 form_block alpha  omega">             <input type="password" id="password" name="password" pattern="^\s{6,}$" required title="סיסמא צריכה להכיל לפחות 6 תווים" />         </div>           <div class="grid_6 alpha omega  form_block">             <label>וודא סיסמא</label>         </div>          <div class="grid_6 form_block alpha  omega">             <input type="password" id="password2" pattern="^\s{6,}$" required />         </div>           <div class="grid_6 alpha omega  form_block">             <label>כתובת אימייל</label>         </div>          <div class="grid_6 form_block alpha  omega">             <input id="email" name="email" type="email" required pattern="[^@]+@[^@]+\.[a-za-z]{2,6}" />         </div>           <div class="grid_6 alpha omega  form_block">             <label>וודא כתובת אימייל</label>         </div>          <div class="grid_6 form_block alpha  omega">             <input type="email" id="email2" required pattern="[^@]+@[^@]+\.[a-za-z]{2,6}" />         </div>          <div class="grid_6 form_block alpha  omega">             <input name="submit" type="submit" onclick="return validateform()" value="שלח" />         </div>      </div>

(its being wrapped in tags master page, master:

<%@ master language="c#" autoeventwireup="true" codefile="masterpage.master.cs" inherits="masterpage" %>  <!doctype html>  <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server">     <title></title>     <link href="css/reset.css" rel="stylesheet" />     <link href="css/text.css" rel="stylesheet" />     <link href="css/963_9_10_10.css" rel="stylesheet" />     <link href="css/style.css" rel="stylesheet" />     <asp:contentplaceholder id="head" runat="server">     </asp:contentplaceholder> </head> <body dir="rtl"> <form runat="server">         <div class="container_9">              <div class="header grid_9">                 <a href="default.aspx"><h1>סיכומים.נט</h1></a>             </div>             <!-- end header -->              <nav>                 <ul class="clearfix grid_6 push_3">                    <a href="literature.aspx"> <li class="grid_1 alpha literature">ספרות</li></a>                    <a href="language.aspx"> <li class="grid_1 language">לשון</li></a>                     <a href="civics.aspx"><li class="grid_1 civics">אזרחות</li></a>                     <a href="history.aspx"><li class="grid_1 history">היסטוריה</li></a>                    <a href="bible.aspx"> <li class="grid_1 bible">תנך</li></a>                    <a href="english.aspx"> <li class="grid_1 omega english">אנגלית</li></a>                 </ul>             </nav>              <div class="grid_3 pull_6" id="search">              <input type="text" id="search_box" placeholder="הקלד מילות חיפוש"/>             <input type="submit" value="חפש" id="search_button"/>             </div>               <asp:contentplaceholder id="contentplaceholder1" runat="server">             </asp:contentplaceholder>              <footer class="grid_9">               2013 © כל הזכויות שמורות לסיכומים.נט             </footer>          </div>         <!-- end container -->  </form>    </body> </html>

i have signup.aspx.cs file inserts signup information database follows:

public partial class signup : system.web.ui.page {     protected void page_load(object sender, eventargs e)     {         if (request.form["submit"] != null) {             register1();         }      }      public void register1()     {            string sql = "insert [userinfo] ([username], [password], [email]) values (n'" + request.form["username"] + "', n'" + request.form["password"] + "', n'" + request.form["email"] + "')";         database.updatedata(sql);     } }

i think i'm doing right far (i'm beginner in beyond html/css) correct me if i've made errors.

what want validate form input server-side before insert database. want check obeys rules, char-lengths, matching fields , forth - , username/email isn't taken already.

i'm doing basic javascript validation understand isn't sufficient security wise.

an explanation (as simple possible) have go doing now, great. ideally return signup page , list errors @ top of form in customizable way.

thanks

the regularexpressionvalidator , comparevalidator going friends here.

for example:

<asp:regularexpressionvalidator id="valemail" controltovalidate="email"  validationexpression="[^@]+@[^@]+\.[a-za-z]{2,6}"  enableclientscript="false" errormessage="the email invalid!"  runat="server" />

and:

<asp:comparevalidator id="valemails" controltovalidate="email" controltocompare="email2" type="string" enableclientscript="false" text="the email addresses must match!"  runat="server" />

optionally, can wrap them neatly in validationsummary control.

finally, check page.isvalid in codebehind.

protected void page_load(object sender, eventargs e) {     if (request.form["submit"] != null && page.isvalid)      {         register1();     } }

you can read other validation controls here.

finally, fix sql it's not vulnerable sql injection:

string sql = "insert [userinfo] ([username], [password], [email]) values (n'" + request.form["username"].replace("'","''") + "', n'" + request.form["password"].replace("'","''") + "', n'" + request.form["email"].replace("'","''") + "')";

Comments

Post a Comment

Popular posts from this blog

blackberry 10 - how to add multiple markers on the google map just by url? -

i have android application, want convert blackberry 10 , google map needed in app,but blackberry 10 not support googlemap , blackberry developer web site supply way replace it.the sample below: @override public void oncreate(bundle savedinstancestate) { super.oncreate(savedinstancestate); setcontentview(r.layout.main); webview webview = (webview) findviewbyid(r.id.mywebview); webview.getsettings().setjavascriptenabled(true); webview.loadurl("http://maps.google.com/?ll=36.97, -122&lci=bike&z=13&t=p"); } i cannot understand it,i not know how add multiple markers on googlemap via url? can me? this worked me map shown in webview.
Read more

php - guestbook returning database data to flash -

i've been struggling problem long , unable make work, hope can me it. first, know php files correct , mysql database works fine. in flash, able submit comment database comments not display. did many tests such making returned_database flash separately , worked fine - can see old comments. long combine submitting 1 , returning 1 together, flash doesn't show comments more. put lower version flash effects on frame thinking doesn't collaborate returning flash, submitting flash works fine. since pretty complex problem hard me copy actionscript code because on different frames in flash. if has ideas fixing maybe can send file you?
Read more

delphi - Dynamic file type icon -

i want register file type in windows , make program delphi draw icon of file according contents (something custom icon format). how can this? thanks nortd , user539484 comments, searched internet "shell icon handler delphi" , found sample here , , shell+ components has component this.
Read more