[英]How to use multiple client side validation for both email and contact (same TextBox ) in asp.net c#?
how to use one TextBox
and multiple validations i tried this如何使用一个TextBox
和多个验证我试过这个
private Boolean checkemail() // for checking email in database
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);//sql connection string
Boolean emailavailable = false;
String myquery = "Select * from [test].[dbo].[MYFORM] where email='"+ TXTEmail.Text+"'";
SqlCommand cmd = new SqlCommand();
cmd.CommandText = myquery;
cmd.Connection = conn;
SqlDataAdapter da = new SqlDataAdapter();
da.SelectCommand = cmd;
DataSet ds = new DataSet(); //dataset
da.Fill(ds);
if (ds.Tables[0].Rows.Count > 0)
{
emailavailable = true;
}
conn.Close();
return emailavailable;
}
c# code for the email check in database用于在数据库中检查电子邮件的 C# 代码
First point: let's get back to the basics: js validation第一点:让我们回到基础: js验证
Server side validation is performed by a web server, after input has been sent to the server.服务器端验证由 Web 服务器在输入发送到服务器后执行。
Client side validation is performed by a web browser, before input is sent to a web server.在将输入发送到 Web 服务器之前,客户端验证由 Web 浏览器执行。
For example: Client side validation would include email formating (is it a valid email?) and checks like empty fields that the server needs etc.例如:客户端验证将包括电子邮件格式(它是有效的电子邮件吗?)并检查服务器需要的空字段等。
Server side validation would check that the email is not yet used in another form by another user (like your case here) and it occurs in your backend system.服务器端验证将检查电子邮件是否尚未被其他用户以另一种形式使用(例如您在此处的情况),并且它发生在您的后端系统中。
Second point: SqlInjection.第二点: SqlInjection。 As mentioned in the comments, use parameters for sql sanitization.如评论中所述,使用参数进行 sql 清理。 It's a pretty basic exploit.这是一个非常基本的漏洞利用。
private Boolean checkemail() // for checking email in database
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);//sql connection string
Boolean emailavailable = false;
String myquery = "Select * from [test].[dbo].[MYFORM] where email = @email";
SqlCommand cmd = new SqlCommand();
cmd.Parameters.Add("@email", SqlDbType.Text);
cmd.Parameters["@email"].Value = TXTEmail.Text;
cmd.CommandText = myquery;
cmd.Connection = conn;
SqlDataAdapter da = new SqlDataAdapter();
da.SelectCommand = cmd;
DataSet ds = new DataSet(); //dataset
da.Fill(ds);
if (ds.Tables[0].Rows.Count > 0)
{
emailavailable = true;
}
conn.Close();
return emailavailable;
}
Third point: Multiple checks第三点:多重检查
If I understand what you are saying, you want to query with two parameters.如果我明白你在说什么,你想用两个参数进行查询。 Use the sql or operator like this:像这样使用 sql 或运算符:
String myquery = "Select * from [test].[dbo].[MYFORM] where email = @email or contact = @contact";
cmd.Parameters.Add("@email", SqlDbType.Text);
cmd.Parameters["@email"].Value = TXTEmail.Text;
cmd.Parameters.Add("@contact ", SqlDbType.Text);
cmd.Parameters["@contact "].Value = TXTEmail.Text;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.