Difference between revisions of "Create register for ASP.Net Web App"
(→Adding the code to handle the form) |
(→Creating the Page) |
||
| Line 6: | Line 6: | ||
<form method="post"> | <form method="post"> | ||
Username: <input type="Text" name="user"> | Username: <input type="Text" name="user"> | ||
| + | Email: <input type=Email" name="email"> | ||
Password: <input type="Password" name="pass1"> | Password: <input type="Password" name="pass1"> | ||
Confirm: <input type="Password" name="pass2"> | Confirm: <input type="Password" name="pass2"> | ||
Revision as of 14:47, 19 October 2024
Creating the Page
Add a new Razor Page and call it `register`.
Now add the following HTML form:
<form method="post">
Username: <input type="Text" name="user">
Email: <input type=Email" name="email">
Password: <input type="Password" name="pass1">
Confirm: <input type="Password" name="pass2">
<input type="submit">
</form>
Adding the code to handle the form
The code below initially gets the data from the form and stores it in some local variables. My `User` table essentially has an additional field called `status`. This is so we can approve users or have users with different access ability. Status of 0 could be unverified. The code below will also check that password and the confirm password are equal.
public IActionResult OnPost()
{
string username = Request.Form["user"];
string email = Request.Form["email"];
string pass1 = Request.Form["pass1"];
string pass2 = Request.Form["pass2"];
int status = 0;
if (pass1 == pass2)
{
using var connection = GetConnection;
connection.Open();
string sql = "insert into test values(@p1, @p2, @p3, @p4);";
using var Command = new MySqlCommand(sql, connection);
Command.Parameters.AddWithValue("@p1", username);
Command.Parameters.AddWithValue("@p2", pass1);
Command.Parameters.AddWithValue("@p3", email);
Command.Parameters.AddWithValue("@p4", status);
Command.ExecuteNonQuery();
connection.Close();
}
return Page();
}
The code above uses `parameterised` SQL, add in the parameters in this way will protect from SQL Injection attacks. The data fields taken from the form is treated as a single item and are never treated as SQL.
