插入错误值的记录 [英] Inserting the record for false values

问题描述

Hi
我已经在Javascript中对注册表单进行了验证，并且在插入电子邮件值时，它会插入格式中未包含的所有错误值。

Hi I Have did validation of Registration form in Javascript and while inserting email values it is inserting for all the false values not included in in format.

<pre<br />
<br />
What I have tried:<br />
<br />
<pre lang="c#"><pre>lang="c#"><pre>protected void btnSub_Click(object sender, EventArgs e)<br />
        {<br />
            Page.ClientScript.RegisterStartupScript(this.GetType(), null, "getvalue();", true);<br />
            string codeBehindValue = hdnResultValue.Value;<br />
            message();<br />
            if ((txtname.Text.Length > 0) & (txtDept.Text.Length > 0) & (txtSalary.Text.Length > 0) & (txtSalary.Text.Length > 0) & (txtPhone.Text.Length > 0) & (txtPin.Text.Length > 0)) <br />
            {<br />
                cn.Open();<br />
                <br />
                SqlCommand cmd = new SqlCommand("INSERT INTO FormRegistration1 (Name, Department,Salary,DOJ,DOB, Age,Country,Stat,Phone,Email,Pincode)  VALUES ('" + txtname.Text + "','" + txtDept.Text + "','" + txtSalary.Text + "','" + txtDate.Text + "','" + TextBox1.Text + "','" + codeBehindValue + "','" + DDlCountry.SelectedValue + "','" + Ddlstate.SelectedValue + "','" + txtPhone.Text + "','" + TxtEmail.Text + "','" + txtPin.Text + "' )", cn);<br />
<br />
                cmd.ExecuteNonQuery();<br />
                cn.Close();<br />
                <br />
                alert();<br />
            }<br />
            else { ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "alertMessage", "alert('Please fill all the details and click submit')", true); }<br />
<br />
        }</pre></pre>

我的方法

my Method

<pre>public void message()
        {
            if (txtname.Text.Length > 0)
            {
                Label1.Text = "";
            }
            else { Label1.Text = "*"; }

            if (txtDept.Text.Length > 0)
            {
                Label2.Text = "";
            }
            else { Label2.Text = "*"; }

            if (txtSalary.Text.Length > 0)
            {
                Label3.Text = "";
            }
            else { Label3.Text = "*"; }

            if (txtPhone.Text.Length > 0)
            {
                Label4.Text = "";
            }
            else { Label4.Text = "*"; }

            if (txtPin.Text.Length > 0)
            {
                Label6.Text = "";
            }
            else { Label6.Text = "*"; }

            if (TxtEmail.Text.Length > 0)
            {
                string email = TxtEmail.Text;
                Regex regex = new Regex(@"^([\w\.\-]+)@([\w\-]+)((\.(\w){2,10})+)$");
                Match match = regex.Match(email);
                if (match.Success)
                    Label5.Text = "";
                else
                    Label5.Text = "Invalid Email Format";
            }
            else 
            { 
                Label5.Text = "*"; 
            }
        }

推荐答案

）;
匹配匹配=正则表达式。匹配（电子邮件）;
if （match.Success）
Label5.Text = ;
else
Label5.Text = 无效的电子邮件格式;
}
else
{
Label5.Text = *;
}
}

"); Match match = regex.Match(email); if (match.Success) Label5.Text = ""; else Label5.Text = "Invalid Email Format"; } else { Label5.Text = "*"; } }

你没有显示用于验证的JavaScript代码，显然它没能完成这项工作。那个message（）方法是做服务器端验证，但它的目的似乎只是决定是否p根据各个验证的结果为相应的标签设置*或不。随后的if语句重复了应该在message（）方法中完成的事情：

You did not show the JavaScript code for validation, apparently it failed to do the job. That message() method is doing the server-side validation, but its purpose seems to just decide whether to print an * or not for the respective labels based on the outcomes of the individual validations. The subsequent if statement that follows is repeating what should have already be done in the message() method:

if ((txtname.Text.Length > 0) & (txtDept.Text.Length > 0) & (txtSalary.Text.Length > 0) & (txtSalary.Text.Length > 0) & (txtPhone.Text.Length > 0) & (txtPin.Text.Length > 0)) 

但是这个if语句没有包含电子邮件模式的验证，具有讽刺意味。这就是为什么即使电子邮件无效，它仍继续执行数据库操作。取而代之的是，你可以让message（）方法返回一个true或false的bool，例如：

but this if statement did not include the validation for email pattern, ironically. That's why it went ahead to execute the database operation even when the email is not valid. In place of this, you could have make the message() method returns a bool of true or false, e.g.

private bool message()
{
    bool isValid = true;

    if (txtname.Text.Trim().Length > 0)
    {
    	Label1.Text = "";
    }
    else 
    { 
	    Label1.Text = "*";
        isValid = false;
    }

    if (txtDept.Text.Trim().Length > 0)
    {
    	Label2.Text = "";
    }
    else 
    { 
	    Label2.Text = "*";
        isValid = false;
    }

    // repeat likewise to other elements

    return isValid
}

请注意我已修剪了Text输入摆脱任何学习和尾随白色空间。根据message（）方法的返回值，然后使用if语句确定是否继续数据库操作：

Note that I have trimmed the Text inputs to get rid of any learning and trailing white spaces. Based on the returned value of the message() method, then use if statement to determine whether to proceed with the database operation:

if (message())
{
   cn.Open()
   // your sql code

最后但并非最不重要的是，你将参数直接注入sql语句，冒险 SQL注入 [ ^ ]，改为使用参数化查询。

Last but not least, you are injecting parameter directly into the sql statement, that risks SQL Injection[^], use parameterized query instead.

这篇关于插入错误值的记录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！