Asp.net advanced tutorial (4): Practice (part I)

Asp.net form verification (I) based on forum user operations)

With the previous knowledge, we have to go into practice. All my friends who have done ASP know that form verification is a headache. experienced web programmers say that the client does not trust the server or the server does not trust the client.

What does this mean? During form verification, the server-side program cannot assume that the client program is correct without detection. In this way, if the client closes JavaScript, an error may occur, however, if you only perform server-side detection, You need to submit it to the server and then return it. This reduces the efficiency and is inconvenient for users. Therefore, only the client and server can perform verification twice. Now Asp.net provides a new form verification mechanism. I will give a brief introduction to the following examples. For more information about how to verify webcontrol provided by Asp.net, refer to my ASP + preliminary tutorial.

Make preparations before verifying the form. We mentioned earlier that Asp.net development needs to change programming thinking, that is, to consider issues with object-oriented thinking. We have constructed BBS objects, now let's take a look at another important object in the next forum system: users. It can be said that the main body of the forum system is the user. If there is no user, there will be no forums,
Therefore, there are many operations around users, such as adding/Deleting Users, querying/modifying user information, etc. In some forums, there is also a point mechanism, which determines the points based on the number of user logins or the number of speeches, indicates the user's activity level. So how should we construct the forum user object? Let's take a look at the following class definitions:

Namespace myownclass
{
Using system;
Using myownclass;
Using system. Data. SQL;
Using system. Web. util;

//////////////////////////////////////// ////////////////////////////
//
// Class Name: bbsuser
//
// Description: forum user class, which constructs a forum user object
//
// Date: 2000/02/03
//
//////////////////////////////////////// ///////////////////////////
Public class bbsuser
{
// Create an enumeration type, User Creation method, creation or modification
Public Enum createtype
{
Create = 0,
Modify
}

// Private member variable
Private int m_intid; // user ID
Private string m_strusername; // User Name
Private string m_strpassword; // Password
Private string m_stremail; // user email
Private string m_strhomepage; // personal homepage
Private string m_strsignature; // Signature

// Attribute, all read-only
Public int ID
{
Get
{
Return m_intid;
}
}

Public String Username
{
Get
{
Return m_strusername;
}
}

Public String Password
{
Get
{
Return m_strpassword;
}
}

Public String email
{
Get
{
Return m_stremail;
}
}

Public String Homepage
{
Get
{
Return m_strhomepage;
}
}

Public String Signature
{
Get
{
Return m_strsignature;
}
}
// Constructor
Public bbsuser ()
{
//
// Todo: Add constructor logic here
//
M_strusername = "";
M_strpassword = "";
M_stremail = "";
M_strhomepage = "";
M_strsignature = "";
}

// Query user information by user name
Public bool getuser (string a_strusername)
{
// If the user name contains single quotes, an exception is thrown.
If (a_strusername.indexof ("'")! =-1)
{
Throw (new exception ("the user name contains invalid characters "));
}

Bool bexists = false;

Myconnection myconn = new myconnection ();
Try
{
Myconn. open ();
Sqlcommand mycommand = new sqlcommand ();
Mycommand. activeconnection = myconn;
Mycommand. commandtext = "select * From bbsuser where

Username = '"+ a_strusername + "'";

Sqldatareader myreader;
Mycommand. Execute (Out myreader );

If (myreader. Read ())
{
M_intid = (INT) myreader ["ID"];
M_strusername = myreader ["username"]. tostring ();
M_strpassword = myreader ["password"]. tostring ();
M_stremail = myreader ["email"]. tostring ();
M_strhomepage = myreader ["Homepage"]. tostring ();
M_strsignature = myreader ["signature"]. tostring ();
Bexists = true;
}
Else
{
Bexists = false;
}

Myreader. Close ();
Myconn. Close ();

}
Catch (sqlexception e) // if an exception occurs
{

Throw (new exception ("database exception:" + E. Message ));

}

// Return results
Return bexists;
}

// Reload, search for users by user ID
Public bool getuser (INT a_intuserid)
{

Bool bexists = false;

Myconnection myconn = new myconnection ();
Try
{
Myconn. open ();
Sqlcommand mycommand = new sqlcommand ();
Mycommand. activeconnection = myconn;
Mycommand. commandtext = "select * From bbsuser where id =" +

A_intuserid.tostring ();

Sqldatareader myreader;
Mycommand. Execute (Out myreader );

If (myreader. Read ())
{
M_intid = (INT) myreader ["ID"];
M_strusername = myreader ["username"]. tostring ();
M_strpassword = myreader ["password"]. tostring ();
M_stremail = myreader ["email"]. tostring ();
M_strhomepage = myreader ["Homepage"]. tostring ();
M_strsignature = myreader ["signature"]. tostring ();
Bexists = true;
}
Else
{
Bexists = false;
}

Myreader. Close ();
Myconn. Close ();

}
Catch (sqlexception e) // if an exception occurs
{

Throw (new exception ("database exception:" + E. Message ));

}

// Return results
Return bexists;
}

// Create a user
Public void createuser (bbsuser. createtype a_enumcreatetype, string

A_strusername,
String a_strpassword,

String a_stremail,
String a_strhomepage,

String a_strsignature)
{
// Monitoring parameter Validity
If (a_strusername.indexof ("'")! =-1 | a_strpassword.indexof ("'")

! =-1
| A_stremail.indexof ("'")! =-1 |

A_strhomepage.indexof ("'")! =-1
| A_strsignature.indexof ("'")! =-1)
{
Throw (new exception ("contains invalid characters "));
}

Try
{
Myownclass. myconnection myconn = new myconnection ();
Sqlcommand mycmd = new sqlcommand ();

// Determine whether to create a user or modify user data
If (a_enumcreatetype = bbsuser. createtype. Create)
{
Mycmd. commandtext = "insert into bbsuser (username,

Password, email, homepage, signature )"
+ "Values ('" + a_strusername + "','"

+ A_strpassword + "','"
+ A_stremail + "','" + a_strhomepage

+ "','" + A_strsignature + "')";
}
Else
{
Mycmd. commandtext = "Update bbsuser set email = '" +

A_stremail
+ "', Homepage ='" + a_strhomepage + "',

Signature = '"
+ A_strsignature + "'where username = '" +

A_strusername + "'";
}
Myconn. open ();
Mycmd. activeconnection = myconn;
Mycmd. executenonquery ();
Myconn. Close ();

}
Catch (sqlexception exp)
{
Throw (new exception ("Database Error:" + exp. Message ));
}

}

// Retrieve the password
Public void GetPassword (string a_strusername, string a_stremail)
{

If (getuser (a_strusername) & m_stremail = a_stremail)
{
// Send email
System. Web. util. mailmessage mymail = new mailmessage ();
Mymail. From = "lyp@server1.domain ";
Mymail. Subject = "retrieve your password ";
Mymail. Body = "remember your password:" + m_strpassword;
Mymail. To = a_stremail;
Smtpmail. Send (mymail );
}
Else
{
Throw (new exception ("this user does not exist "));
}
}

}
}

Through the previous study, you may already be able to understand most of the content of this class definition, including member variables, attributes, and methods, here, we only need to explain the following two parts:

Public Enum createtype
{
Create = 0,
Modify
}

This code is used to create an enumeration variable of the bbsuser class. It is easy for anyone who has written the C program to understand it. The function of setting up this enumeration variable is to simplify the memory, replace the value with a name that is easy to remember. For example, if the above definition is used as the first parameter in the createuser method, bbsuser. createtype. the actual value of create is 0, which indicates that the purpose of this method is to create a user, and if it is bbsuser. createtype. modify indicates the purpose of modifying user data. Obviously, statements like if (a_enumcreatetype = bbsuser. createtype. Create) are easier to remember than statements like if (a_intcreatetype = 1), minimizing the possibility of errors.

Another thing to explain is: You may have noticed that there are two getuser methods in the class definition. The scope and return values are the same, but the parameter types are different. Yes, this approach is called override. It is only a basic method for implementing polymorphism in object-oriented programming languages. What are the benefits of doing so? The correct method should be called by the class based on different parameters. This may be abstract. For example, the getuser method is used to obtain user information, the user name can be used to obtain information, or the user ID can be used to obtain information. If function Overloading is not required, we need to create two functions, which may be getuserfromname (string a_strname ), the other is getuserformid (INT a_intid). During the call, you need to determine which method to call, as shown in the following code:

If (bbsuser. ID! = "")
{
Getuserfromid (bbsuser. ID );
}
Else if (bbsuser. Name! = "")
{
Getuserfromname (bbsuser. Name );
}

I'm afraid I don't need to talk about the above two methods. Now that we have created a bbsuser object, we can use it to perform operations on users.