用asp.net和c#验证服务器端
本文关键字:验证 服务器端 asp net | 更新日期: 2023-09-27 18:14:48
目前我有一个简单的html注册表单的网站,这是代码:
<div class="grid_6 push_3 block alpha">
<div class="grid_6 form_block alpha omega">
<label>שם משתמש</label>
</div>
<div class="grid_6 form_block alpha omega">
<input type="text" id="username" name="username" pattern="^'S{4,}$" required />
</div>
<div class="grid_6 alpha omega form_block">
<label>סיסמא</label>
</div>
<div class="grid_6 form_block alpha omega">
<input type="password" id="password" name="password" pattern="^'S{6,}$" required title="סיסמא צריכה להכיל לפחות 6 תווים" />
</div>
<div class="grid_6 alpha omega form_block">
<label>וודא סיסמא</label>
</div>
<div class="grid_6 form_block alpha omega">
<input type="password" id="password2" pattern="^'S{6,}$" required />
</div>
<div class="grid_6 alpha omega form_block">
<label>כתובת אימייל</label>
</div>
<div class="grid_6 form_block alpha omega">
<input id="email" name="email" type="email" required pattern="[^@]+@[^@]+'.[a-zA-Z]{2,6}" />
</div>
<div class="grid_6 alpha omega form_block">
<label>וודא כתובת אימייל</label>
</div>
<div class="grid_6 form_block alpha omega">
<input type="email" id="email2" required pattern="[^@]+@[^@]+'.[a-zA-Z]{2,6}" />
</div>
<div class="grid_6 form_block alpha omega">
<input name="submit" type="submit" onclick="return validateForm()" value="שלח" />
</div>
</div>
(它实际上是在母版页的标签中包装的,这是母版:
)<%@ Master Language="C#" AutoEventWireup="true" CodeFile="MasterPage.master.cs" Inherits="MasterPage" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
<link href="css/reset.css" rel="stylesheet" />
<link href="css/text.css" rel="stylesheet" />
<link href="css/963_9_10_10.css" rel="stylesheet" />
<link href="css/style.css" rel="stylesheet" />
<asp:ContentPlaceHolder ID="head" runat="server">
</asp:ContentPlaceHolder>
</head>
<body dir="rtl">
<form runat="server">
<div class="container_9">
<div class="header grid_9">
<a href="Default.aspx"><h1>סיכומים.נט</h1></a>
</div>
<!-- END HEADER -->
<nav>
<ul class="clearfix grid_6 push_3">
<a href="literature.aspx"> <li class="grid_1 alpha literature">ספרות</li></a>
<a href="language.aspx"> <li class="grid_1 language">לשון</li></a>
<a href="civics.aspx"><li class="grid_1 civics">אזרחות</li></a>
<a href="history.aspx"><li class="grid_1 history">היסטוריה</li></a>
<a href="bible.aspx"> <li class="grid_1 bible">תנך</li></a>
<a href="english.aspx"> <li class="grid_1 omega english">אנגלית</li></a>
</ul>
</nav>
<div class="grid_3 pull_6" id="search">
<input type="text" id="search_box" placeholder="הקלד מילות חיפוש"/>
<input type="submit" value="חפש" id="search_button"/>
</div>
<asp:ContentPlaceHolder ID="ContentPlaceHolder1" runat="server">
</asp:ContentPlaceHolder>
<footer class="grid_9">
2013 © כל הזכויות שמורות לסיכומים.נט
</footer>
</div>
<!-- END CONTAINER -->
</form>
</body>
</html>
我还有一个sign .aspx.cs文件,它将注册信息插入数据库,如下所示:
public partial class signup : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (Request.Form["submit"] != null) {
register1();
}
}
public void register1()
{
string sql = "INSERT INTO [userinfo] ([username], [password], [email]) VALUES (N'" + Request.Form["username"] + "', N'" + Request.Form["password"] + "', N'" + Request.Form["email"] + "')";
Database.UpdateData(sql);
}
}
我认为到目前为止我做的一切都是正确的(我是html/css以外的初学者),但如果我犯了任何错误,请纠正我。
我现在想做的是验证我的表单输入服务器端之前,我插入到我的数据库。我想检查它是否遵守我所有的规则,字符长度,匹配字段等-而且用户名/电子邮件还没有被占用。
我目前正在做一些基本的javascript验证,但我知道这是不够的安全明智。
(尽可能简单地)解释一下我现在要做什么,那就太好了。理想情况下,我想返回到注册页面,并以可定制的方式在表单的顶部列出错误。谢谢
RegularExpressionValidator和CompareValidator将成为你的朋友。
例如:<asp:RegularExpressionValidator id="valEmail" ControlToValidate="email"
ValidationExpression="[^@]+@[^@]+'.[a-zA-Z]{2,6}"
EnableClientScript="false" ErrorMessage="The email is invalid!"
runat="server" />
:
<asp:CompareValidator id="valEmails"
ControlToValidate="email" ControlToCompare="email2" Type="String"
EnableClientScript="false" Text="The email addresses must match!"
runat="server" />
可选地,您可以将它们整齐地包装在ValidationSummary控件中。
最后,查看Page。
protected void Page_Load(object sender, EventArgs e)
{
if (Request.Form["submit"] != null && Page.IsValid)
{
register1();
}
}
您可以在这里阅读其他验证控件。
最后,修复你的SQL,使其不容易受到SQL注入:
string sql = "INSERT INTO [userinfo] ([username], [password], [email]) VALUES (N'" + Request.Form["username"].Replace("'","''") + "', N'" + Request.Form["password"].Replace("'","''") + "', N'" + Request.Form["email"].Replace("'","''") + "')";
您可能希望使用Asp.net服务器验证控件和验证摘要控件
通过使用这个控件,你可以确保所有的规则都将被遵循。您可以使用
在服务器端检查它。if(page.IsValid)
{
//Code goes here
}