Create register for ASP.Net Web App

From TRCCompSci - AQA Computer Science
Revision as of 14:45, 19 October 2024 by Admin (talk | contribs) (Adding the code to handle the form)
Jump to: navigation, search

Creating the Page

Add a new Razor Page and call it `register`.

Now add the following HTML form: 

	<form method="post">
		Username: <input type="Text" name="user">
		Password: <input type="Password" name="pass1">
		Confirm:  <input type="Password" name="pass2">
		<input type="submit">
	</form>

Adding the code to handle the form

The code below initially gets the data from the form and stores it in some local variables. My `User` table essentially has an additional field called `status`. This is so we can approve users or have users with different access ability. Status of 0 could be unverified. The code below will also check that password and the confirm password are equal. 

public IActionResult OnPost()
{
	string username = Request.Form["user"];
	string email = Request.Form["email"];
	string pass1 = Request.Form["pass1"];
	string pass2 = Request.Form["pass2"];
	int status = 0;

	if (pass1 == pass2)
	{
		using var connection = GetConnection;

		connection.Open();
		string sql = "insert into test values(@p1, @p2, @p3, @p4);";
		using var Command = new MySqlCommand(sql, connection);
		Command.Parameters.AddWithValue("@p1", username);
		Command.Parameters.AddWithValue("@p2", pass1);
		Command.Parameters.AddWithValue("@p3", email);
		Command.Parameters.AddWithValue("@p4", status);

		Command.ExecuteNonQuery();
		connection.Close();
	}

	return Page();
}

The code above uses `parameterised` SQL, add in the parameters in this way will protect from SQL Injection attacks. The data fields taken from the form is treated as a single item and are never treated as SQL.

Retrieved from ‘http://www.trccompsci.online/mediawiki/index.php?title=Create_register_for_ASP.Net_Web_App&oldid=8996