Difference between revisions of "Create register for ASP.Net Web App"
(→Adding the code to handle the form) |
(→Adding the code to handle the form) |
||
| Line 13: | Line 13: | ||
==Adding the code to handle the form== | ==Adding the code to handle the form== | ||
| + | The code below initially gets the data from the form and stores it in some local variables. My `User` table essentially has an additional field called `status`. This is so we can approve users or have users with different access ability. Status of 0 could be unverified. The code below will also check that password and the confirm password are equal. | ||
| + | |||
<syntaxhighlight lang=c#> | <syntaxhighlight lang=c#> | ||
public IActionResult OnPost() | public IActionResult OnPost() | ||
{ | { | ||
string username = Request.Form["user"]; | string username = Request.Form["user"]; | ||
| + | string email = Request.Form["email"]; | ||
string pass1 = Request.Form["pass1"]; | string pass1 = Request.Form["pass1"]; | ||
string pass2 = Request.Form["pass2"]; | string pass2 = Request.Form["pass2"]; | ||
| Line 26: | Line 29: | ||
connection.Open(); | connection.Open(); | ||
| − | string sql = "insert into test values(@p1, @p2, @p3);"; | + | string sql = "insert into test values(@p1, @p2, @p3, @p4);"; |
using var Command = new MySqlCommand(sql, connection); | using var Command = new MySqlCommand(sql, connection); | ||
Command.Parameters.AddWithValue("@p1", username); | Command.Parameters.AddWithValue("@p1", username); | ||
Command.Parameters.AddWithValue("@p2", pass1); | Command.Parameters.AddWithValue("@p2", pass1); | ||
| − | Command.Parameters.AddWithValue("@p3", status); | + | Command.Parameters.AddWithValue("@p3", email); |
| + | Command.Parameters.AddWithValue("@p4", status); | ||
Command.ExecuteNonQuery(); | Command.ExecuteNonQuery(); | ||
| Line 39: | Line 43: | ||
} | } | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| + | |||
| + | The code above uses `parameterised` SQL, add in the parameters in this way will protect from SQL Injection attacks. The data fields taken from the form is treated as a single item and are never treated as SQL. | ||
Revision as of 14:45, 19 October 2024
Creating the Page
Add a new Razor Page and call it `register`.
Now add the following HTML form:
<form method="post">
Username: <input type="Text" name="user">
Password: <input type="Password" name="pass1">
Confirm: <input type="Password" name="pass2">
<input type="submit">
</form>
Adding the code to handle the form
The code below initially gets the data from the form and stores it in some local variables. My `User` table essentially has an additional field called `status`. This is so we can approve users or have users with different access ability. Status of 0 could be unverified. The code below will also check that password and the confirm password are equal.
public IActionResult OnPost()
{
string username = Request.Form["user"];
string email = Request.Form["email"];
string pass1 = Request.Form["pass1"];
string pass2 = Request.Form["pass2"];
int status = 0;
if (pass1 == pass2)
{
using var connection = GetConnection;
connection.Open();
string sql = "insert into test values(@p1, @p2, @p3, @p4);";
using var Command = new MySqlCommand(sql, connection);
Command.Parameters.AddWithValue("@p1", username);
Command.Parameters.AddWithValue("@p2", pass1);
Command.Parameters.AddWithValue("@p3", email);
Command.Parameters.AddWithValue("@p4", status);
Command.ExecuteNonQuery();
connection.Close();
}
return Page();
}
The code above uses `parameterised` SQL, add in the parameters in this way will protect from SQL Injection attacks. The data fields taken from the form is treated as a single item and are never treated as SQL.
