如何在 asp.net c# 中对电子邮件和联系人(相同的 TextBox)使用多客户端验证?
[英]How to use multiple client side validation for both email and contact (same TextBox ) in asp.net c#?
问题描述
how to use one TextBox and multiple validations i tried this
如何使用一个TextBox和多个验证我试过这个
private Boolean checkemail() // for checking email in database
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);//sql connection string
Boolean emailavailable = false;
String myquery = "Select * from [test].[dbo].[MYFORM] where email='"+ TXTEmail.Text+"'";
SqlCommand cmd = new SqlCommand();
cmd.CommandText = myquery;
cmd.Connection = conn;
SqlDataAdapter da = new SqlDataAdapter();
da.SelectCommand = cmd;
DataSet ds = new DataSet(); //dataset
da.Fill(ds);
if (ds.Tables[0].Rows.Count > 0)
{
emailavailable = true;
}
conn.Close();
return emailavailable;
}
c# code for the email check in database用于在数据库中检查电子邮件的 C# 代码
1 个解决方案
解决方案1
0 2020-02-25 06:51:07
First point: let's get back to the basics: js validation第一点:让我们回到基础: js验证
Server side validation is performed by a web server, after input has been sent to the server.
Client side validation is performed by a web browser, before input is sent to a web server.
For example: Client side validation would include email formating (is it a valid email?) and checks like empty fields that the server needs etc.例如:客户端验证将包括电子邮件格式(它是有效的电子邮件吗?)并检查服务器需要的空字段等。
Server side validation would check that the email is not yet used in another form by another user (like your case here) and it occurs in your backend system.服务器端验证将检查电子邮件是否尚未被其他用户以另一种形式使用(例如您在此处的情况),并且它发生在您的后端系统中。
Second point: SqlInjection.第二点: SqlInjection。 As mentioned in the comments, use parameters for sql sanitization.如评论中所述,使用参数进行 sql 清理。 It's a pretty basic exploit.这是一个非常基本的漏洞利用。
private Boolean checkemail() // for checking email in database
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);//sql connection string
Boolean emailavailable = false;
String myquery = "Select * from [test].[dbo].[MYFORM] where email = @email";
SqlCommand cmd = new SqlCommand();
cmd.Parameters.Add("@email", SqlDbType.Text);
cmd.Parameters["@email"].Value = TXTEmail.Text;
cmd.CommandText = myquery;
cmd.Connection = conn;
SqlDataAdapter da = new SqlDataAdapter();
da.SelectCommand = cmd;
DataSet ds = new DataSet(); //dataset
da.Fill(ds);
if (ds.Tables[0].Rows.Count > 0)
{
emailavailable = true;
}
conn.Close();
return emailavailable;
}
Third point: Multiple checks第三点:多重检查
If I understand what you are saying, you want to query with two parameters.如果我明白你在说什么,你想用两个参数进行查询。 Use the sql or operator like this:像这样使用 sql 或运算符:
String myquery = "Select * from [test].[dbo].[MYFORM] where email = @email or contact = @contact";
cmd.Parameters.Add("@email", SqlDbType.Text);
cmd.Parameters["@email"].Value = TXTEmail.Text;
cmd.Parameters.Add("@contact ", SqlDbType.Text);
cmd.Parameters["@contact "].Value = TXTEmail.Text;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.