.NET + C# - 验证不停止写入数据库
.NET + C# - Validation not stopping writing to database
我制作了这个非常非常简单的注册和登录页面。但我的验证不起作用。这是 .NET 和 C#。
谁能告诉我这是怎么回事?出了什么问题?
http://cego.kimprtf.dk/register
这是.NET:
<asp:RequiredFieldValidator ID="RequiredFieldValidator1" CssClass="mistake" runat="server" ErrorMessage="You need to say your name!" ControlToValidate="firstName" ForeColor="Red"></asp:RequiredFieldValidator>
<asp:RequiredFieldValidator ID="RequiredFieldValidator2" CssClass="mistake" runat="server" ErrorMessage="We need your last name please!" ControlToValidate="lastName" ForeColor="Red"></asp:RequiredFieldValidator>
<asp:RequiredFieldValidator ID="RequiredFieldValidator3" CssClass="mistake" runat="server" ErrorMessage="You don't have an Email?" ControlToValidate="emailAdress" ForeColor="Red"></asp:RequiredFieldValidator>
<asp:RegularExpressionValidator ID="RegularExpressionValidator1" ForeColor="Red" runat="server" ErrorMessage="That's not a real Email!" ControlToValidate="emailAdress" ValidationExpression="\w+([-+.']\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*" CssClass="mistake"></asp:RegularExpressionValidator>
<asp:CompareValidator ID="CompareValidator2" ForeColor="Red" CssClass="mistake" runat="server" ErrorMessage="Email must match!" ControlToCompare="emailAdress" ControlToValidate="ConfirmEmail"></asp:CompareValidator>
<asp:RequiredFieldValidator ID="RequiredFieldValidator4" ForeColor="Red" CssClass="mistake" runat="server" ErrorMessage="You need a username!" ControlToValidate="Username"></asp:RequiredFieldValidator>
<asp:RequiredFieldValidator ID="RequiredFieldValidator5" ForeColor="Red" CssClass="mistake" runat="server" ErrorMessage="You need a password!" ControlToValidate="Password"></asp:RequiredFieldValidator>
<asp:CompareValidator ID="CompareValidator1" ForeColor="Red" CssClass="mistake" runat="server" ErrorMessage="Password must match please!" ControlToCompare="Password" ControlToValidate="ConfirmPassword"></asp:CompareValidator>
<asp:TextBox ID="firstName" placeholder="First Name *" CssClass="form-control" runat="server"></asp:TextBox>
<asp:TextBox ID="lastName" placeholder="Last Name *" CssClass="form-control" runat="server"></asp:TextBox>
<asp:TextBox ID="emailAdress" placeholder="Email Adress *" CssClass="form-control" runat="server"></asp:TextBox>
<asp:TextBox ID="ConfirmEmail" placeholder="Confirm Email Adress *" CssClass="form-control" runat="server"></asp:TextBox>
<asp:TextBox ID="Username" placeholder="Username" CssClass="form-control" runat="server"></asp:TextBox>
<asp:TextBox ID="Password" placeholder="Password" CssClass="form-control" runat="server" TextMode="Password"></asp:TextBox>
<asp:TextBox ID="ConfirmPassword" placeholder="Confirm Password" CssClass="form-control" runat="server" TextMode="Password"></asp:TextBox>
<asp:Button ID="SubmitData" CssClass="btn btn-primary" runat="server" Text="Register" OnClick="SubmitData_Click" />
然后是 C#:
protected void SubmitData_Click(object sender, EventArgs e)
{
try
{
Guid newGUID = Guid.NewGuid();
/* Connection string til Registerings formen */
SqlConnection con = new SqlConnection("Data Source=mssql4.unoeuro.com;Persist Security Info=True;User ID=kimprtf_dk;Password=123kima5");
/* INSERT COMMAND */
SqlCommand cmd = new SqlCommand("INSERT INTO kimprtf_dk_db.dbo.Trytry (UserID, firstName, lastName, EmailAdress, Username, Password) VALUES (@ID, @firstName, @lastName, @EmailAdress, @Username, @Password);", con);
cmd.Parameters.AddWithValue("@ID", newGUID.ToString());
cmd.Parameters.AddWithValue("@firstName", firstName.Text);
cmd.Parameters.AddWithValue("@lastName", lastName.Text);
cmd.Parameters.AddWithValue("@EmailAdress", emailAdress.Text);
cmd.Parameters.AddWithValue("@Username", Username.Text);
cmd.Parameters.AddWithValue("@Password", Password.Text);
/* Åbner connection string'en */
con.Open();
/* Execute Non Queries */
cmd.ExecuteNonQuery();
/* Lukker connection string'en */
con.Close();
/* Skriver til client hvis succesfuldt oprettet */
Response.Write("Your registration is successful!");
}
catch (Exception ex)
{
Response.Write("Error: " + ex.ToString());
}
/* Clear textboxene som er defineret under (Husk at den skal være i click eventet) */
if (IsPostBack)
{
firstName.Text = "";
lastName.Text = "";
emailAdress.Text = "";
ConfirmEmail.Text = "";
Username.Text = "";
Password.Text = "";
}
}
我在这里做错了什么?
- 金.
您没有在服务器端 post 返回事件处理代码中检查页面是否已通过验证。在 将数据提交到数据库之前,您应该在点击事件处理程序 中包含对 Page.IsValid 的检查,例如
if(Page.IsValid)
{
//try/catch block
}
else
{
//display error text, etc.
}
您还应该在您的数据库模式中强制执行您的用户要求,这样即使开发人员在提交给数据库之前没有验证数据,数据库本身将拒绝记录无效。
我制作了这个非常非常简单的注册和登录页面。但我的验证不起作用。这是 .NET 和 C#。
谁能告诉我这是怎么回事?出了什么问题?
http://cego.kimprtf.dk/register
这是.NET:
<asp:RequiredFieldValidator ID="RequiredFieldValidator1" CssClass="mistake" runat="server" ErrorMessage="You need to say your name!" ControlToValidate="firstName" ForeColor="Red"></asp:RequiredFieldValidator>
<asp:RequiredFieldValidator ID="RequiredFieldValidator2" CssClass="mistake" runat="server" ErrorMessage="We need your last name please!" ControlToValidate="lastName" ForeColor="Red"></asp:RequiredFieldValidator>
<asp:RequiredFieldValidator ID="RequiredFieldValidator3" CssClass="mistake" runat="server" ErrorMessage="You don't have an Email?" ControlToValidate="emailAdress" ForeColor="Red"></asp:RequiredFieldValidator>
<asp:RegularExpressionValidator ID="RegularExpressionValidator1" ForeColor="Red" runat="server" ErrorMessage="That's not a real Email!" ControlToValidate="emailAdress" ValidationExpression="\w+([-+.']\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*" CssClass="mistake"></asp:RegularExpressionValidator>
<asp:CompareValidator ID="CompareValidator2" ForeColor="Red" CssClass="mistake" runat="server" ErrorMessage="Email must match!" ControlToCompare="emailAdress" ControlToValidate="ConfirmEmail"></asp:CompareValidator>
<asp:RequiredFieldValidator ID="RequiredFieldValidator4" ForeColor="Red" CssClass="mistake" runat="server" ErrorMessage="You need a username!" ControlToValidate="Username"></asp:RequiredFieldValidator>
<asp:RequiredFieldValidator ID="RequiredFieldValidator5" ForeColor="Red" CssClass="mistake" runat="server" ErrorMessage="You need a password!" ControlToValidate="Password"></asp:RequiredFieldValidator>
<asp:CompareValidator ID="CompareValidator1" ForeColor="Red" CssClass="mistake" runat="server" ErrorMessage="Password must match please!" ControlToCompare="Password" ControlToValidate="ConfirmPassword"></asp:CompareValidator>
<asp:TextBox ID="firstName" placeholder="First Name *" CssClass="form-control" runat="server"></asp:TextBox>
<asp:TextBox ID="lastName" placeholder="Last Name *" CssClass="form-control" runat="server"></asp:TextBox>
<asp:TextBox ID="emailAdress" placeholder="Email Adress *" CssClass="form-control" runat="server"></asp:TextBox>
<asp:TextBox ID="ConfirmEmail" placeholder="Confirm Email Adress *" CssClass="form-control" runat="server"></asp:TextBox>
<asp:TextBox ID="Username" placeholder="Username" CssClass="form-control" runat="server"></asp:TextBox>
<asp:TextBox ID="Password" placeholder="Password" CssClass="form-control" runat="server" TextMode="Password"></asp:TextBox>
<asp:TextBox ID="ConfirmPassword" placeholder="Confirm Password" CssClass="form-control" runat="server" TextMode="Password"></asp:TextBox>
<asp:Button ID="SubmitData" CssClass="btn btn-primary" runat="server" Text="Register" OnClick="SubmitData_Click" />
然后是 C#:
protected void SubmitData_Click(object sender, EventArgs e)
{
try
{
Guid newGUID = Guid.NewGuid();
/* Connection string til Registerings formen */
SqlConnection con = new SqlConnection("Data Source=mssql4.unoeuro.com;Persist Security Info=True;User ID=kimprtf_dk;Password=123kima5");
/* INSERT COMMAND */
SqlCommand cmd = new SqlCommand("INSERT INTO kimprtf_dk_db.dbo.Trytry (UserID, firstName, lastName, EmailAdress, Username, Password) VALUES (@ID, @firstName, @lastName, @EmailAdress, @Username, @Password);", con);
cmd.Parameters.AddWithValue("@ID", newGUID.ToString());
cmd.Parameters.AddWithValue("@firstName", firstName.Text);
cmd.Parameters.AddWithValue("@lastName", lastName.Text);
cmd.Parameters.AddWithValue("@EmailAdress", emailAdress.Text);
cmd.Parameters.AddWithValue("@Username", Username.Text);
cmd.Parameters.AddWithValue("@Password", Password.Text);
/* Åbner connection string'en */
con.Open();
/* Execute Non Queries */
cmd.ExecuteNonQuery();
/* Lukker connection string'en */
con.Close();
/* Skriver til client hvis succesfuldt oprettet */
Response.Write("Your registration is successful!");
}
catch (Exception ex)
{
Response.Write("Error: " + ex.ToString());
}
/* Clear textboxene som er defineret under (Husk at den skal være i click eventet) */
if (IsPostBack)
{
firstName.Text = "";
lastName.Text = "";
emailAdress.Text = "";
ConfirmEmail.Text = "";
Username.Text = "";
Password.Text = "";
}
}
我在这里做错了什么? - 金.
您没有在服务器端 post 返回事件处理代码中检查页面是否已通过验证。在 将数据提交到数据库之前,您应该在点击事件处理程序 中包含对 Page.IsValid 的检查,例如
if(Page.IsValid)
{
//try/catch block
}
else
{
//display error text, etc.
}
您还应该在您的数据库模式中强制执行您的用户要求,这样即使开发人员在提交给数据库之前没有验证数据,数据库本身将拒绝记录无效。