Asp.net advanced tutorial (4)-Practice

Asp.net form verification (I) based on forum user operations)

With the previous knowledge, we have to go into practice. All my friends who have done asp know that form verification is a headache.

The Web programmer believes that the client does not trust the server or the server does not trust the client. What do you mean?

It means that when form verification is performed, the server-side program cannot assume that the client program is correct without detection, so that if the client is closed

Javascript may cause errors. If only server-side detection is performed, it must be submitted to the server and then returned.

And is inconvenient for users. Therefore, only the client and server can perform verification twice. Now asp.net provides a new form

For more information about the verification mechanism, see the following.

Refer to my asp + elementary tutorial.
Make preparations before verifying the form. As mentioned above, asp.net development requires transformation of programming thinking, that is

We have already constructed the bbs object. Now let's look at another important part of the next forum system.

Object: user. It can be said that the main body of the forum system is the user. If there is no user, there will be no forums.

For example, adding/Deleting Users, querying/modifying user information, and some forums also have a point mechanism, based on the number of user logins or

The number of speeches to determine the points, which indicates the user's activity. So how should we construct the forum user object? Look

The following class definition:
Namespace MyOwnClass
{
Using System;
Using MyOwnClass;
Using System. Data. SQL;
Using System. Web. Util;

//////////////////////////////////////// ////////////////////////////
//
// Class Name: BBSUser
//
// Description: forum user class, which constructs a forum user object
//
// Date: 2000/02/03
//
//////////////////////////////////////// ///////////////////////////
Public class BBSUser
{
// Create an enumeration type, User Creation method, creation or modification
Public enum CreateType
{
Create = 0,
Modify
}

// Private member variable
Private int m_intID; // user ID
Private string m_strUserName; // User Name
Private string m_strPassword; // Password
Private string m_strEmail; // user email
Private string m_strHomepage; // personal homepage
Private string m_strSignature; // Signature

// Attribute, all read-only
Public int ID
{
Get
{
Return m_intID;
}
}

Public string UserName
{
Get
{
Return m_strUserName;
}
}

Public string Password
{
Get
{
Return m_strPassword;
}
}

Public string Email
{
Get
{
Return m_strEmail;
}
}

Public string Homepage
{
Get
{
Return m_strHomepage;
}
}

Public string Signature
{
Get
{
Return m_strSignature;
}
}
// Constructor
Public BBSUser ()
{
//
// TODO: Add Constructor Logic here
//
M_strUserName = "";
M_strPassword = "";
M_strEmail = "";
M_strHomepage = "";
M_strSignature = "";
}

// Query user information by user name
Public bool GetUser (string a_strUserName)
{
// If the user name contains single quotes, an exception is thrown.
If (a_strUserName.IndexOf ("")! =-1)
{
Throw (new Exception ("the user name contains invalid characters "));
}

Bool bExists = false;

MyConnection myConn = new MyConnection ();
Try
{
MyConn. Open ();
SQLCommand myCommand = new SQLCommand ();
MyCommand. ActiveConnection = myConn;
MyCommand. CommandText = "select * from BBSUser where

UserName = "+ a_strUserName + "";

SQLDataReader myReader;
MyCommand. Execute (out myReader );

If (myReader. Read ())
{
M_intID = (int) myReader ["ID"];
M_strUserName = myReader ["UserName"]. ToString ();
M_strPassword = myReader ["password"]. ToString ();
M_strEmail = myReader ["Email"]. ToString ();
M_strHomepage = myReader ["Homepage"]. ToString ();
M_strSignature = myReader ["Signature"]. ToString ();
BExists = true;
}
Else
{
BExists = false;
}

MyReader. Close ();
MyConn. Close ();

}
Catch (SQLException e) // if an exception occurs
{

Throw (new Exception ("database Exception:" + e. Message ));

}

// Return results
Return bExists;
}

// Reload, search for users by user ID
Public bool GetUser (int a_intUserID)
{

Bool bExists = false;

MyConnection myConn = new MyConnection ();
Try
{
MyConn. Open ();
SQLCommand myCommand = new SQLCommand ();
MyCommand. ActiveConnection = myConn;
MyCommand. CommandText = "select * from BBSUser where id =" +

A_intUserID.ToString ();

SQLDataReader myReader;
MyCommand. Execute (out myReader );

If (myReader. Read ())
{
M_intID = (int) myReader ["ID"];
M_strUserName = myReader ["UserName"]. ToString ();
M_strPassword = myReader ["password"]. ToString ();
M_strEmail = myReader ["Email"]. ToString ();
M_strHomepage = myReader ["Homepage"]. ToString ();
M_strSignature = myReader ["Signature"]. ToString ();
BExists = true;
}
Else
{
BExists = false;
}

MyReader. Close ();
MyConn. Close ();

}
Catch (SQLException e) // if an exception occurs
{

Throw (new Exception ("database Exception:" + e. Message ));

}

// Return results
Return bExists;
}

// Create a user
Public void CreateUser (BBSUser. CreateType a_enumCreateType, string

A_strUserName,
String a_strPassword,

String a_strEmail,
String a_strHomepage,

String a_strSignature)
{
// Monitoring parameter Validity
If (a_strUserName.IndexOf ("")! =-1 | a_strPassword.IndexOf ("")

! =-1
| A_strEmail.IndexOf ("")! =-1 |

A_strHomepage.IndexOf ("")! =-1
| A_strSignature.IndexOf ("")! =-1)
{
Throw (new Exception ("contains invalid characters "));
}

Try
{
MyOwnClass. MyConnection myConn = new MyConnection ();
SQLCommand myCmd = new SQLCommand ();

// Determine whether to create a user or modify user data
If (a_enumCreateType = BBSUser. CreateType. Create)
{
MyCmd. CommandText = "insert into BBSUser (UserName,

Password, Email, Homepage, Signature )"
+ "Values (" + a_strUserName + ","

+ A_strPassword + ","
+ A_strEmail + "," + a_strHomepage

+ "," + A_strSignature + ")";
}
Else
{
MyCmd. CommandText = "update BBSUser set Email =" +

A_strEmail
+ ", Homepage =" + a_strHomepage + ",

Signature ="
+ A_strSignature + "where username =" +

A_strUserName + "";
}
MyConn. Open ();
MyCmd. ActiveConnection = myConn;
MyCmd. ExecuteNonQuery ();
MyConn. Close ();

}
Catch (SQLException exp)
{
Throw (new Exception ("Database Error:" + exp. Message ));
}

}

// Retrieve the password
Public void GetPassword (string a_strUserName, string a_strEmail)
{

If (GetUser (a_strUserName) & m_strEmail = a_strEmail)
{
// Send Email
System. Web. Util. MailMessage myMail = new MailMessage ();
MyMail. From = "lyp@server1.domain ";
MyMail. Subject = "retrieve your password ";
MyMail. Body = "remember your password:" + m_strPassword;
MyMail. To = a_strEmail;
SmtpMail. Send (myMail );
}
Else
{
Throw (new Exception ("this user does not exist "));
}
}

}
}

Through the previous study, you may already be able to understand most of the content of this class definition, which are member variables, those are attributes

Some methods can be understood. Here, we only need to explain the following two parts. First, let's look at this Code:

Public enum CreateType
{
Create = 0,
Modify
}
This code is used to create an enumeration variable of the BBSUser class. It is easy for anyone who has written c Programs to understand it.

The function is to simplify the memory and replace the value with a name that is easy to remember. For example, if the above definition is used as the first parameter in the CreateUser method

The actual value of BBSUser. CreateType. Create is 0, which indicates that the purpose of this method is to Create a user.

BBSUser. CreateType. Modify indicates the purpose of modifying user data. Obviously, if (a_enumCreateType =

Statements such as BBSUser. CreateType. Create) are easier to remember and minimize than statements with if (a_intCreateTYpe = 1 ).

Possible error.

Another thing to explain is: You may have noticed that there are two GetUser method definitions in the class definition, their scopes and

The return values are the same, but the parameter types are different. That's right. This is called override, and it can only be an object-oriented language.