API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 5th, 2016
72
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.78 KB | None | 0 0
raw download clone embed print report
  1. int x = 0;
  2. {
  3. connect.Open(); //connect is an SqlConnection object
  4. x = command.ExecuteNonQuery();
  5. }
  6.  
  7. x = command.ExecuteNoneQuery;
  8.  
  9. System.Data.SqlClient.SqlException: Incorrect syntax near ','.
  10.  
  11. protected void Page_Load(object sender, EventArgs e)
  12. {
  13. /*
  14. info used -
  15.  
  16. "user_name" : user name
  17. "name" : name
  18. "last name" : "last_name"
  19. "password" : password
  20. "validate password" : password_validation
  21. "date" : birth_date
  22. "gender" : radioGroup
  23. "email" : email
  24.  
  25. */
  26.  
  27. //variables ---------------------------------------------------------------------------------------------------------
  28.  
  29. string user_name = (string)Request.Form["user_name"];
  30. string name = (string)Request.Form["name"];
  31. string last_name = (string)Request.Form["last_name"];
  32. string password = (string)Request.Form["password"];
  33. string date = (string)Request.Form["birth_date"];
  34. string radioGroup = (string)Request.Form["radioGroup"];
  35. string email = (string)Request.Form["email"];
  36.  
  37. int year=0, month=0, day=0;
  38.  
  39. try
  40. {
  41. year = GetYear(date);
  42. month = GetMonth(date);
  43. day = GetDay(date);
  44. }
  45. catch(FormatException exception) //what happens when the date format is incorrect.
  46. {
  47. Session["lastException"] = exception;
  48. Response.Redirect("handleExceptions.aspx");
  49. }
  50. if (radioGroup == null) Response.Redirect("register.html");
  51.  
  52.  
  53.  
  54.  
  55. bool gender = false;
  56.  
  57. try
  58. {
  59. gender = radioGroup.Equals("male") ? true : (radioGroup.Equals("female") ? false : ThrowException());
  60. }
  61. catch(Exception exception)
  62. {
  63. Session["lastException"] = exception;
  64. Response.Redirect("handleExceptions.aspx");
  65. }
  66. bool b = SqlInjection(name, last_name, password, date, email);
  67.  
  68. if (b) Response.Redirect("register.html");
  69.  
  70. //variables ---------------------------------------------------------------------------------------------------------
  71.  
  72.  
  73.  
  74. //submit ---------------------------------------------------------------------------------------------------------
  75. SqlConnection connect = new SqlConnection(@"Data Source=(LocalDB)MSSQLLocalDB;AttachDbFilename=C:UsersthkiwOneDriveDocumentsilan.mdf;Integrated Security=True;Connect Timeout=30");
  76. SqlCommand command = new SqlCommand("INSERT INTO profiles(userName , name , lastName , password , birthYear , birthMonth , birthDay , gender , email)" +
  77. "VALUES(" + user_name + "," + name +"," + last_name + "," + password + "," +
  78. year +","+ "," + month + "," + "day" + "," +
  79. (gender ? "1": "0") +","+email + ")"
  80.  
  81. , connect); //GENDER is bit so 1 -true , 0 - false; (gender doesn't seem to convert automatically...)
  82. int x = 0;
  83.  
  84. //try
  85. {
  86. connect.Open();
  87. x = command.ExecuteNonQuery();
  88. }
  89. /*catch (SqlException exception)
  90. {
  91. Session["lastException"] = exception;
  92. Session["source"] = "register.aspx";
  93.  
  94. Response.Redirect("handleExceptions.aspx");
  95. }
  96. catch (Exception exception)
  97. {
  98. Session["lastException"] = exception;
  99. Session["source"] = "register.aspx";
  100.  
  101. Response.Redirect("handleExceptions.aspx");
  102. }*/
  103. connect.Close();
  104.  
  105. Response.Write("SUCCESS - number of rows affected : " + x);
  106.  
  107. /*
  108. Session["email"]
  109. */
  110. }
  111.  
  112. CREATE TABLE [dbo].[profiles] (
  113. [userName] NCHAR (10) NOT NULL,
  114. [name] NCHAR (10) NULL,
  115. [lastName] NCHAR (10) NULL,
  116. [birthDay] INT NULL,
  117. [birthMonth] INT NULL,
  118. [birthYear] INT NULL,
  119. [password] NCHAR (15) NULL,
  120. [gender] BIT NOT NULL,
  121. [email] NCHAR(20) NOT NULL,
  122. PRIMARY KEY CLUSTERED ([userName] ASC)
  123. );
  124.  
  125. function isName(string){
  126.  
  127. try{
  128. for (var i = 0 ; i < string.length ; i++) {
  129. if(!((string[i] >= 'a' && string[i] <= 'z') || (string[i] >= 'A' && string[i] <= 'Z'))){
  130. return false;
  131. }
  132. }
  133.  
  134. return true;
  135. }
  136. catch (e) {
  137. window.alert(e.Message);
  138. }
  139. }
  140.  
  141. function isIdenticle(string1, string2) {
  142.  
  143. try{
  144. if (string1.length != string2.length) return false;
  145. for (var i = 0; i < string1.length ; i++) if (string1[i] != string2[i]) return false;
  146.  
  147. return true;
  148. }
  149. catch (e) {
  150. window.alert(e.Message);
  151. }
  152. }
  153.  
  154.  
  155. //email
  156.  
  157. function isEmail(email) {
  158.  
  159. try {
  160. window.alert("reached is email");
  161.  
  162. var ending = getAfterChar(email, '@');
  163. var after2 = getAfterChar(email, '.');
  164.  
  165. if (hasChar(email, "@") &&
  166. ending.length >= 7 && //the email's ending is bigger than 3 ( 7-4=3)
  167. after2.length >= 3 &&
  168. hasChar(ending, ".")) return true;
  169. return false;
  170. }
  171. catch (e) {
  172. window.alert(e.Message);
  173. }
  174. }
  175. //email end
  176.  
  177.  
  178. function isValidLength(valuesAndLengths) {
  179.  
  180. for(key in valuesAndLengths){
  181. if(key.length > valuesAndLengths[key]) return false;
  182. }
  183.  
  184. return true;
  185. }
  186.  
  187. function basicInfoValidation() {
  188.  
  189. try{
  190.  
  191. var user_name = document.getElementsByName('user_name')[0].value;
  192. var name = document.getElementsByName('name')[0].value;
  193. var last_name = document.getElementsByName('last_name')[0].value;
  194. var password = document.getElementsByName("password")[0].value;
  195. var validate_password = document.getElementsByName("password_validation")[0].value;
  196. var gender = document.getElementsByName("radioGroup")[0].value;
  197. var email = document.getElementsByName("email")[0].value;
  198. var date = document.getElementsByName("birth_date")[0].value;
  199.  
  200. var bol1 = isName(user_name);
  201. var bol2 = isName(name);
  202. var bol3 = isIdenticle(password, validate_password);
  203. var bol4 = isEmail(email);
  204. var bol5 = isValidLength({email:15 , password:15 , name:15 , last_name:15 , user_name:15});
  205.  
  206. if (!bol1) {
  207. window.alert("the name is not valid - characters only!");
  208. }
  209. if (!bol2) {
  210. window.alert("wrong password validation");
  211. }
  212. if (!bol3) {
  213. window.alert("wrong password validation!");
  214. }
  215. if (!bol4) {
  216. window.alert("email is not valid");
  217. }
  218. if (!bol5) {
  219. window.alert("the length of one of the variables is unvalid , max length - 15");
  220. }
  221.  
  222. return bol1 && bol2 && bol3 && bol4 && bol5;
  223. }
  224.  
  225. <form method="post" action="register.aspx" onsubmit="try{return basicInfoValidation();} catch(e){window.alert(e.message);}">
  226.  
  227. <div class="main">
  228. <br />
  229. <table>
  230.  
  231. <tr>
  232. <td colspan="2"><h1>Registeration</h1></td>
  233. </tr>
  234.  
  235. <tr>
  236. <td>
  237. user name:
  238. </td>
  239. <td>
  240. <input type="text" id="user_name" name="user_name"/>
  241. </td>
  242. </tr>
  243.  
  244. <tr>
  245. <td>
  246. name:
  247. </td>
  248. <td>
  249. <input type="text" id="name" name="name"/>
  250. </td>
  251. </tr>
  252.  
  253. <tr>
  254. <td>
  255. last name
  256. </td>
  257. <td>
  258. <input type="text" id="last_name" name="last_name"/>
  259. </td>
  260. </tr>
  261.  
  262. <tr>
  263. <td>
  264. password:
  265. </td>
  266. <td>
  267. <input type="password" id="password" name="password"/>
  268. </td>
  269. </tr>
  270.  
  271. <tr>
  272. <td>
  273. validate password:
  274. </td>
  275. <td>
  276. <input type="password" id="password_validation" name="password_validation"/>
  277. </td>
  278. </tr>
  279.  
  280. <tr>
  281. <td>
  282. birth day:
  283. </td>
  284. <td>
  285. <input type="date" id="birth_date" name="birth_date" style="width: 100%;text-align:center;" />
  286. </td>
  287. </tr>
  288.  
  289. <tr>
  290. <td>
  291. email:
  292. </td>
  293. <td>
  294. <input type="text" name="email"/>
  295. </td>
  296. </tr>
  297.  
  298. <tr>
  299. <td>gender:</td>
  300. <td>
  301. male: <input type="radio" name="radioGroup" value="male"/> &nbsp;
  302. female: <input type="radio" name="radioGroup" value="female"/>
  303. </td>
  304. </tr>
  305. <tr>
  306. <td colspan="2">
  307. <input type="submit" value="submit me"/>
  308. </td>
  309. </tr>
  310. </table>
  311. <br />
  312. </div>
  313. </form>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!