Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- int x = 0;
- {
- connect.Open(); //connect is an SqlConnection object
- x = command.ExecuteNonQuery();
- }
- x = command.ExecuteNoneQuery;
- System.Data.SqlClient.SqlException: Incorrect syntax near ','.
- protected void Page_Load(object sender, EventArgs e)
- {
- /*
- info used -
- "user_name" : user name
- "name" : name
- "last name" : "last_name"
- "password" : password
- "validate password" : password_validation
- "date" : birth_date
- "gender" : radioGroup
- "email" : email
- */
- //variables ---------------------------------------------------------------------------------------------------------
- string user_name = (string)Request.Form["user_name"];
- string name = (string)Request.Form["name"];
- string last_name = (string)Request.Form["last_name"];
- string password = (string)Request.Form["password"];
- string date = (string)Request.Form["birth_date"];
- string radioGroup = (string)Request.Form["radioGroup"];
- string email = (string)Request.Form["email"];
- int year=0, month=0, day=0;
- try
- {
- year = GetYear(date);
- month = GetMonth(date);
- day = GetDay(date);
- }
- catch(FormatException exception) //what happens when the date format is incorrect.
- {
- Session["lastException"] = exception;
- Response.Redirect("handleExceptions.aspx");
- }
- if (radioGroup == null) Response.Redirect("register.html");
- bool gender = false;
- try
- {
- gender = radioGroup.Equals("male") ? true : (radioGroup.Equals("female") ? false : ThrowException());
- }
- catch(Exception exception)
- {
- Session["lastException"] = exception;
- Response.Redirect("handleExceptions.aspx");
- }
- bool b = SqlInjection(name, last_name, password, date, email);
- if (b) Response.Redirect("register.html");
- //variables ---------------------------------------------------------------------------------------------------------
- //submit ---------------------------------------------------------------------------------------------------------
- SqlConnection connect = new SqlConnection(@"Data Source=(LocalDB)MSSQLLocalDB;AttachDbFilename=C:UsersthkiwOneDriveDocumentsilan.mdf;Integrated Security=True;Connect Timeout=30");
- SqlCommand command = new SqlCommand("INSERT INTO profiles(userName , name , lastName , password , birthYear , birthMonth , birthDay , gender , email)" +
- "VALUES(" + user_name + "," + name +"," + last_name + "," + password + "," +
- year +","+ "," + month + "," + "day" + "," +
- (gender ? "1": "0") +","+email + ")"
- , connect); //GENDER is bit so 1 -true , 0 - false; (gender doesn't seem to convert automatically...)
- int x = 0;
- //try
- {
- connect.Open();
- x = command.ExecuteNonQuery();
- }
- /*catch (SqlException exception)
- {
- Session["lastException"] = exception;
- Session["source"] = "register.aspx";
- Response.Redirect("handleExceptions.aspx");
- }
- catch (Exception exception)
- {
- Session["lastException"] = exception;
- Session["source"] = "register.aspx";
- Response.Redirect("handleExceptions.aspx");
- }*/
- connect.Close();
- Response.Write("SUCCESS - number of rows affected : " + x);
- /*
- Session["email"]
- */
- }
- CREATE TABLE [dbo].[profiles] (
- [userName] NCHAR (10) NOT NULL,
- [name] NCHAR (10) NULL,
- [lastName] NCHAR (10) NULL,
- [birthDay] INT NULL,
- [birthMonth] INT NULL,
- [birthYear] INT NULL,
- [password] NCHAR (15) NULL,
- [gender] BIT NOT NULL,
- [email] NCHAR(20) NOT NULL,
- PRIMARY KEY CLUSTERED ([userName] ASC)
- );
- function isName(string){
- try{
- for (var i = 0 ; i < string.length ; i++) {
- if(!((string[i] >= 'a' && string[i] <= 'z') || (string[i] >= 'A' && string[i] <= 'Z'))){
- return false;
- }
- }
- return true;
- }
- catch (e) {
- window.alert(e.Message);
- }
- }
- function isIdenticle(string1, string2) {
- try{
- if (string1.length != string2.length) return false;
- for (var i = 0; i < string1.length ; i++) if (string1[i] != string2[i]) return false;
- return true;
- }
- catch (e) {
- window.alert(e.Message);
- }
- }
- //email
- function isEmail(email) {
- try {
- window.alert("reached is email");
- var ending = getAfterChar(email, '@');
- var after2 = getAfterChar(email, '.');
- if (hasChar(email, "@") &&
- ending.length >= 7 && //the email's ending is bigger than 3 ( 7-4=3)
- after2.length >= 3 &&
- hasChar(ending, ".")) return true;
- return false;
- }
- catch (e) {
- window.alert(e.Message);
- }
- }
- //email end
- function isValidLength(valuesAndLengths) {
- for(key in valuesAndLengths){
- if(key.length > valuesAndLengths[key]) return false;
- }
- return true;
- }
- function basicInfoValidation() {
- try{
- var user_name = document.getElementsByName('user_name')[0].value;
- var name = document.getElementsByName('name')[0].value;
- var last_name = document.getElementsByName('last_name')[0].value;
- var password = document.getElementsByName("password")[0].value;
- var validate_password = document.getElementsByName("password_validation")[0].value;
- var gender = document.getElementsByName("radioGroup")[0].value;
- var email = document.getElementsByName("email")[0].value;
- var date = document.getElementsByName("birth_date")[0].value;
- var bol1 = isName(user_name);
- var bol2 = isName(name);
- var bol3 = isIdenticle(password, validate_password);
- var bol4 = isEmail(email);
- var bol5 = isValidLength({email:15 , password:15 , name:15 , last_name:15 , user_name:15});
- if (!bol1) {
- window.alert("the name is not valid - characters only!");
- }
- if (!bol2) {
- window.alert("wrong password validation");
- }
- if (!bol3) {
- window.alert("wrong password validation!");
- }
- if (!bol4) {
- window.alert("email is not valid");
- }
- if (!bol5) {
- window.alert("the length of one of the variables is unvalid , max length - 15");
- }
- return bol1 && bol2 && bol3 && bol4 && bol5;
- }
- <form method="post" action="register.aspx" onsubmit="try{return basicInfoValidation();} catch(e){window.alert(e.message);}">
- <div class="main">
- <br />
- <table>
- <tr>
- <td colspan="2"><h1>Registeration</h1></td>
- </tr>
- <tr>
- <td>
- user name:
- </td>
- <td>
- <input type="text" id="user_name" name="user_name"/>
- </td>
- </tr>
- <tr>
- <td>
- name:
- </td>
- <td>
- <input type="text" id="name" name="name"/>
- </td>
- </tr>
- <tr>
- <td>
- last name
- </td>
- <td>
- <input type="text" id="last_name" name="last_name"/>
- </td>
- </tr>
- <tr>
- <td>
- password:
- </td>
- <td>
- <input type="password" id="password" name="password"/>
- </td>
- </tr>
- <tr>
- <td>
- validate password:
- </td>
- <td>
- <input type="password" id="password_validation" name="password_validation"/>
- </td>
- </tr>
- <tr>
- <td>
- birth day:
- </td>
- <td>
- <input type="date" id="birth_date" name="birth_date" style="width: 100%;text-align:center;" />
- </td>
- </tr>
- <tr>
- <td>
- email:
- </td>
- <td>
- <input type="text" name="email"/>
- </td>
- </tr>
- <tr>
- <td>gender:</td>
- <td>
- male: <input type="radio" name="radioGroup" value="male"/>
- female: <input type="radio" name="radioGroup" value="female"/>
- </td>
- </tr>
- <tr>
- <td colspan="2">
- <input type="submit" value="submit me"/>
- </td>
- </tr>
- </table>
- <br />
- </div>
- </form>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement