Guestbook v2.0 (+ Admin)
Auteur: Abbas Abbas
Dit is de tweede versie van het gastenboek dat ik hier eerder al eens had gepost. Het is volledig herschreven en er zit nu ook een admin gedeelte bij. Het grote verschil met de vorige versie is dat er gebruik gemaakt wordt van een ASP.NET Repeater Control in plaats van telkens een Label. Voor de reactie is er ook een wijziging, nu wordt er gevalideerd met de Validator Controls van ASP.NET en het formuliertje zit in een CustomControl die in de Guestbook pagina wordt ingeladen. Het admin gedeelte maakt gebruik van een GridView om alle items te tonen, alle items kunnen dan ook gewijzigd/verwijderd worden (logisch voor een admin gedeelte). Er zit ook een aparte klasse bij om alle database werk en ander validatiewerk te scheiden van de andere code. De database is een MS SQL Database.
Zo ziet de projectstructuur eruit:
http://www.dump.../20331.png
Hier is de afbeelding van hoe de tabel eruit ziet:
http://www.dump.../20332.png
Edit:
De functie "SecureInput" deed niet echt veel aangezien ik vergeten was om de HtmlEncode() methode erbij te zetten. Je moet enkel in de pagina Deafult.aspx letten op de eerste regel, hier staat de eigenschap ValidateRequest nu op false. Anders krijg je de melding "A potential dangerous request... bla bla" als je HTML of JavaScript probeert in te voegen. Daarom bevat de functie SecureInput nu wél de methode HttpUtility.HtmlEncode() waardoor de speciale tekens omgezet worden in hun ASCII waarde. Ook moet je dan in die klasse "using System.Web;" toevoegen.
Mijn excuses!
Code:
Hieronder volgt de code voor de tabel:
CREATE TABLE TblGuestBook
(
Id int IDENTITY (1, 1) PRIMARY KEY,
Naam nvarchar(25) NOT NULL,
Email nvarchar(50) NOT NULL,
Bericht text NOT NULL,
Datum nvarchar(20) NOT NULL,
IP nvarchar(15) NOT NULL
)
CREATE TABLE TblGuestBook
(
Id int IDENTITY ( 1 , 1 ) PRIMARY KEY ,
Naam nvarchar( 25 ) NOT NULL ,
Email nvarchar( 50 ) NOT NULL ,
Bericht text NOT NULL ,
Datum nvarchar( 20 ) NOT NULL ,
IP nvarchar( 15 ) NOT NULL
)
Default.aspx
<%@ Page Language="C#" ValidateRequest="false" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>
<%@ Register Src="~/ReactieControl.ascx" TagPrefix="asp" TagName="Reactie" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Gastenboek v2.0</title>
</head>
<body>
<form id="formGb" runat="server">
<div>
<asp:Repeater ID="repeatItems" runat="server">
<HeaderTemplate><h4>WELKOM OP HET GASTENBOEK!</h4></HeaderTemplate>
<AlternatingItemTemplate>
<div style="background-color:#CCFFFF">
<asp:Label ID="lblNaam" runat="server" Text='<%# String.Format("Poster : {0} | ", DataBinder.Eval(Container.DataItem, "Naam")) %>' />
<asp:Label ID="lblDatum" runat="server" Text='<%# String.Format("Gepost op : {0}<br />", DataBinder.Eval(Container.DataItem, "Datum")) %>' />
<asp:Label ID="lblBericht" runat="server" Text='<%# String.Format("Bericht :<br />{0}", DataBinder.Eval(Container.DataItem, "Bericht")) %>' />
</div>
</AlternatingItemTemplate>
<ItemTemplate>
<div style="background-color:#CCCCFF">
<asp:Label ID="lblNaam" runat="server" Text='<%# String.Format("Poster : {0} | ", DataBinder.Eval(Container.DataItem, "Naam")) %>' />
<asp:Label ID="lblDatum" runat="server" Text='<%# String.Format("Gepost op : {0}<br />", DataBinder.Eval(Container.DataItem, "Datum")) %>' />
<asp:Label ID="lblBericht" runat="server" Text='<%# String.Format("Bericht :<br />{0}", DataBinder.Eval(Container.DataItem, "Bericht")) %>' />
</div>
</ItemTemplate>
</asp:Repeater>
<br /><br /><br />
<asp:Reactie ID="reactieControl" runat="server" />
</div>
</form>
</body>
</html>
<%@ Page Language = "C#" ValidateRequest= "false" AutoEventWireup= "true" CodeFile= "Default.aspx.cs" Inherits= "_Default" %>
<%@ Register Src = "~/ReactieControl.ascx" TagPrefix= "asp" TagName= "Reactie" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html = "http://www.w3.org/1999/xhtml" > <form id = "formGb" runat= "server" > <asp:Repeater ID = "repeatItems" runat= "server" >
<HeaderTemplate><h4 WELKOM OP HET GASTENBOEK!
</ h4 / HeaderTemplate> <AlternatingItemTemplate>
<div style = "background-color:#CCFFFF" > <asp:Label ID = "lblNaam" runat= "server" Text = '<%# String.Format("Poster : {0} | ", DataBinder.Eval(Container.DataItem, "Naam")) %> ' />
<asp:Label ID = "lblDatum" runat= "server" Text = '<%# String.Format("Gepost op : {0}<br /> ", DataBinder.Eval(Container.DataItem, "Datum")) %>' />
<asp:Label ID = "lblBericht" runat= "server" Text = '<%# String.Format("Bericht :<br /> {0}", DataBinder.Eval(Container.DataItem, "Bericht")) %>' />
</ AlternatingItemTemplate>
<ItemTemplate>
<div style = "background-color:#CCCCFF" > <asp:Label ID = "lblNaam" runat= "server" Text = '<%# String.Format("Poster : {0} | ", DataBinder.Eval(Container.DataItem, "Naam")) %> ' />
<asp:Label ID = "lblDatum" runat= "server" Text = '<%# String.Format("Gepost op : {0}<br /> ", DataBinder.Eval(Container.DataItem, "Datum")) %>' />
<asp:Label ID = "lblBericht" runat= "server" Text = '<%# String.Format("Bericht :<br /> {0}", DataBinder.Eval(Container.DataItem, "Bericht")) %>' />
</ ItemTemplate>
</ asp:Repeater>
<asp:Reactie ID = "reactieControl" runat= "server" / >
Default.aspx.cs
using System;
using Guestbook;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
repeatItems.DataSource = Database.GetData("SELECT Naam, Bericht, Datum FROM TblGuestBook ORDER BY Id DESC");
repeatItems.DataBind();
}
}
using System ;
using Guestbook ;
public partial class _Default : System.Web .UI .Page
{
protected void Page_Load( object sender, EventArgs e)
{
repeatItems.DataSource = Database.GetData ( "SELECT Naam, Bericht, Datum FROM TblGuestBook ORDER BY Id DESC" ) ;
repeatItems.DataBind ( ) ;
}
}
Admin.aspx
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Admin.aspx.cs" Inherits="Admin" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Guestbook v2.0 - Admin</title>
</head>
<body>
<form id="frmAdmin" runat="server">
<div>
<asp:GridView ID="gridAdmin" runat="server" AutoGenerateColumns="False" DataKeyNames="Id" OnRowEditing="gridAdmin_RowEditing" OnRowUpdating="gridAdmin_RowUpdating" OnRowCancelingEdit="gridAdmin_RowCancelingEdit" OnRowDeleting="gridAdmin_RowDeleting">
<Columns>
<asp:TemplateField HeaderText="ID" SortExpression="Id">
<ItemTemplate>
<asp:Label ID="lblId" runat="server" Text='<%# Bind("Id") %>' />
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="Naam" SortExpression="Naam">
<EditItemTemplate>
<asp:TextBox ID="txtNaam" runat="server" Text='<%# Eval("Naam") %>' />
</EditItemTemplate>
<ItemTemplate>
<asp:Label ID="lblNaam" runat="server" Text='<%# Bind("Naam") %>' />
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="E-mail" SortExpression="Email">
<EditItemTemplate>
<asp:TextBox ID="txtEmail" runat="server" Text='<%# Eval("Email") %>' />
</EditItemTemplate>
<ItemTemplate>
<asp:Label ID="lblEmail" runat="server" Text='<%# Bind("Email") %>' />
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="Bericht" SortExpression="Bericht">
<EditItemTemplate>
<asp:TextBox ID="txtBericht" runat="server" Text='<%# Eval("Bericht") %>' />
</EditItemTemplate>
<ItemTemplate>
<asp:Label ID="lblBericht" runat="server" Text='<%# Bind("Bericht") %>' />
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="Datum" SortExpression="Datum">
<EditItemTemplate>
<asp:TextBox ID="txtDatum" runat="server" Text='<%# Eval("Datum") %>' />
</EditItemTemplate>
<ItemTemplate>
<asp:Label ID="lblDatum" runat="server" Text='<%# Bind("Datum") %>' />
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="IP adres" SortExpression="IP">
<EditItemTemplate>
<asp:TextBox ID="txtIP" runat="server" Text='<%# Eval("IP") %>' />
</EditItemTemplate>
<ItemTemplate>
<asp:Label ID="lblIP" runat="server" Text='<%# Bind("IP") %>' />
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="Edit">
<EditItemTemplate>
<asp:LinkButton ID="lnkUpdate" runat="server" CausesValidation="True" CommandName="Update" Text="Update" />
<asp:LinkButton ID="lnkCancel" runat="server" CausesValidation="False" CommandName="Cancel" Text="Cancel" />
</EditItemTemplate>
<ItemTemplate>
<asp:LinkButton ID="lnkEdit" runat="server" CausesValidation="False" CommandName="Edit" Text="Edit" />
</ItemTemplate>
</asp:TemplateField>
<asp:CommandField HeaderText="Delete" ShowDeleteButton="True" ShowHeader="True" />
</Columns>
</asp:GridView>
</div>
</form>
</body>
</html>
<%@ Page Language = "C#" AutoEventWireup= "true" CodeFile= "Admin.aspx.cs" Inherits= "Admin" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html = "http://www.w3.org/1999/xhtml" > <form id = "frmAdmin" runat= "server" > <asp:GridView ID = "gridAdmin" runat= "server" AutoGenerateColumns= "False" DataKeyNames= "Id" OnRowEditing= "gridAdmin_RowEditing" OnRowUpdating= "gridAdmin_RowUpdating" OnRowCancelingEdit= "gridAdmin_RowCancelingEdit" OnRowDeleting= "gridAdmin_RowDeleting" >
<Columns>
<asp:TemplateField HeaderText= "ID" SortExpression= "Id" >
<ItemTemplate>
<asp:Label ID = "lblId" runat= "server" Text = '<%# Bind("Id") %> ' />
</ ItemTemplate>
</ asp:TemplateField>
<asp:TemplateField HeaderText= "Naam" SortExpression= "Naam" >
<EditItemTemplate>
<asp:TextBox ID = "txtNaam" runat= "server" Text = '<%# Eval("Naam") %> ' />
</ EditItemTemplate>
<ItemTemplate>
<asp:Label ID = "lblNaam" runat= "server" Text = '<%# Bind("Naam") %> ' />
</ ItemTemplate>
</ asp:TemplateField>
<asp:TemplateField HeaderText= "E-mail" SortExpression= "Email" >
<EditItemTemplate>
<asp:TextBox ID = "txtEmail" runat= "server" Text = '<%# Eval("Email") %> ' />
</ EditItemTemplate>
<ItemTemplate>
<asp:Label ID = "lblEmail" runat= "server" Text = '<%# Bind("Email") %> ' />
</ ItemTemplate>
</ asp:TemplateField>
<asp:TemplateField HeaderText= "Bericht" SortExpression= "Bericht" >
<EditItemTemplate>
<asp:TextBox ID = "txtBericht" runat= "server" Text = '<%# Eval("Bericht") %> ' />
</ EditItemTemplate>
<ItemTemplate>
<asp:Label ID = "lblBericht" runat= "server" Text = '<%# Bind("Bericht") %> ' />
</ ItemTemplate>
</ asp:TemplateField>
<asp:TemplateField HeaderText= "Datum" SortExpression= "Datum" >
<EditItemTemplate>
<asp:TextBox ID = "txtDatum" runat= "server" Text = '<%# Eval("Datum") %> ' />
</ EditItemTemplate>
<ItemTemplate>
<asp:Label ID = "lblDatum" runat= "server" Text = '<%# Bind("Datum") %> ' />
</ ItemTemplate>
</ asp:TemplateField>
<asp:TemplateField HeaderText= "IP adres" SortExpression= "IP" >
<EditItemTemplate>
<asp:TextBox ID = "txtIP" runat= "server" Text = '<%# Eval("IP") %> ' />
</ EditItemTemplate>
<ItemTemplate>
<asp:Label ID = "lblIP" runat= "server" Text = '<%# Bind("IP") %> ' />
</ ItemTemplate>
</ asp:TemplateField>
<asp:TemplateField HeaderText= "Edit" >
<EditItemTemplate>
<asp:LinkButton ID = "lnkUpdate" runat= "server" CausesValidation= "True" CommandName= "Update" Text = "Update" / >
<asp:LinkButton ID = "lnkCancel" runat= "server" CausesValidation= "False" CommandName= "Cancel" Text = "Cancel" / >
</ EditItemTemplate>
<ItemTemplate>
<asp:LinkButton ID = "lnkEdit" runat= "server" CausesValidation= "False" CommandName= "Edit" Text = "Edit" / >
</ ItemTemplate>
</ asp:TemplateField>
<asp:CommandField HeaderText= "Delete" ShowDeleteButton= "True" ShowHeader= "True" / >
</ Columns>
</ asp:GridView>
Admin.aspx.cs
using System;
using System.Web.UI;
using System.Web.UI.WebControls;
using Guestbook;
public partial class Admin : Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
Bind();
}
protected void gridAdmin_RowEditing(object sender, GridViewEditEventArgs e)
{
gridAdmin.EditIndex = e.NewEditIndex;
Bind();
}
protected void gridAdmin_RowCancelingEdit(object sender, GridViewCancelEditEventArgs e)
{
gridAdmin.EditIndex = -1;
Bind();
}
protected void gridAdmin_RowUpdating(object sender, GridViewUpdateEventArgs e)
{
TextBox txtNaam = (TextBox)gridAdmin.Rows[e.RowIndex].FindControl("txtNaam");
TextBox txtEmail = (TextBox)gridAdmin.Rows[e.RowIndex].FindControl("txtEmail");
TextBox txtBericht = (TextBox)gridAdmin.Rows[e.RowIndex].FindControl("txtBericht");
TextBox txtDatum = (TextBox)gridAdmin.Rows[e.RowIndex].FindControl("txtDatum");
TextBox txtIP = (TextBox)gridAdmin.Rows[e.RowIndex].FindControl("txtIP");
String[] txtValues = new String[] { txtNaam.Text, txtEmail.Text, txtBericht.Text, txtDatum.Text, txtIP.Text };
if (Functions.IsValidInput(txtValues))
{
txtValues = Functions.SecureInput(txtValues);
Database.Update(Convert.ToInt32(gridAdmin.DataKeys[e.RowIndex].Values[0]), txtValues[0], txtValues[1], txtValues[2], txtValues[3], txtValues[4]);
gridAdmin.EditIndex = -1;
Bind();
}
}
protected void gridAdmin_RowDeleting(object sender, GridViewDeleteEventArgs e)
{
Database.Delete(Convert.ToInt32(gridAdmin.DataKeys[e.RowIndex].Values[0]));
Bind();
}
private void Bind()
{
gridAdmin.DataSource = Database.GetData("SELECT [Id], [Naam], [Email], [Bericht], [Datum], [IP] FROM TblGuestBook");
gridAdmin.DataBind();
}
}
using System ;
using System.Web.UI ;
using System.Web.UI.WebControls ;
using Guestbook ;
public partial class Admin : Page
{
protected void Page_Load( object sender, EventArgs e)
{
if ( ! IsPostBack)
Bind( ) ;
}
protected void gridAdmin_RowEditing( object sender, GridViewEditEventArgs e)
{
gridAdmin.EditIndex = e.NewEditIndex ;
Bind( ) ;
}
protected void gridAdmin_RowCancelingEdit( object sender, GridViewCancelEditEventArgs e)
{
gridAdmin.EditIndex = - 1 ;
Bind( ) ;
}
protected void gridAdmin_RowUpdating( object sender, GridViewUpdateEventArgs e)
{
TextBox txtNaam = ( TextBox) gridAdmin.Rows [ e.RowIndex ] .FindControl ( "txtNaam" ) ;
TextBox txtEmail = ( TextBox) gridAdmin.Rows [ e.RowIndex ] .FindControl ( "txtEmail" ) ;
TextBox txtBericht = ( TextBox) gridAdmin.Rows [ e.RowIndex ] .FindControl ( "txtBericht" ) ;
TextBox txtDatum = ( TextBox) gridAdmin.Rows [ e.RowIndex ] .FindControl ( "txtDatum" ) ;
TextBox txtIP = ( TextBox) gridAdmin.Rows [ e.RowIndex ] .FindControl ( "txtIP" ) ;
String [ ] txtValues
= new String [ ] { txtNaam.
Text , txtEmail.
Text , txtBericht.
Text , txtDatum.
Text , txtIP.
Text } ;
if ( Functions.IsValidInput ( txtValues) )
{
txtValues = Functions.SecureInput ( txtValues) ;
Database.Update ( Convert.ToInt32 ( gridAdmin.DataKeys [ e.RowIndex ] .Values [ 0 ] ) , txtValues[ 0 ] , txtValues[ 1 ] , txtValues[ 2 ] , txtValues[ 3 ] , txtValues[ 4 ] ) ;
gridAdmin.EditIndex = - 1 ;
Bind( ) ;
}
}
protected void gridAdmin_RowDeleting( object sender, GridViewDeleteEventArgs e)
{
Database.Delete ( Convert.ToInt32 ( gridAdmin.DataKeys [ e.RowIndex ] .Values [ 0 ] ) ) ;
Bind( ) ;
}
private void Bind( )
{
gridAdmin.DataSource = Database.GetData ( "SELECT [Id], [Naam], [Email], [Bericht], [Datum], [IP] FROM TblGuestBook" ) ;
gridAdmin.DataBind ( ) ;
}
}
ReactieControl.ascx
<%@ Control Language="C#" AutoEventWireup="true" CodeFile="ReactieControl.ascx.cs" Inherits="ReactieControl" %>
<div>
<asp:Table ID="ReactieTabel" runat="server">
<asp:TableRow>
<asp:TableCell>
<asp:Label ID="lblNaam" AssociatedControlID="txtNaam" runat="server" Text="Naam : " />
</asp:TableCell>
<asp:TableCell>
<asp:TextBox ID="txtNaam" runat="server" />
<asp:RequiredFieldValidator ID="valNaam" runat="server" ErrorMessage="*" ControlToValidate="txtNaam" />
</asp:TableCell>
</asp:TableRow>
<asp:TableRow>
<asp:TableCell>
<asp:Label ID="lblMail" AssociatedControlID="txtMail" runat="server" Text="Email : " />
</asp:TableCell>
<asp:TableCell>
<asp:TextBox ID="txtMail" runat="server" />
<asp:RegularExpressionValidator ID="valMail" runat="server" ControlToValidate="txtMail" ErrorMessage="*" ValidationExpression="\w+([-+.']\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*" />
</asp:TableCell>
</asp:TableRow>
<asp:TableRow>
<asp:TableCell VerticalAlign="Top">
<asp:Label ID="lblMessage" AssociatedControlID="txtMessage" runat="server" Text="Bericht : " />
</asp:TableCell>
<asp:TableCell>
<asp:TextBox ID="txtMessage" runat="server" TextMode="MultiLine" Rows="8" Columns="35" />
<asp:RequiredFieldValidator ID="valMessage" runat="server" ErrorMessage="*" ControlToValidate="txtMessage" />
</asp:TableCell>
</asp:TableRow>
<asp:TableRow>
<asp:TableCell ColumnSpan="2" HorizontalAlign="Center">
<asp:Button ID="btnSubmit" runat="server" Text="Verzenden" OnClick="btnSubmit_Click" />
</asp:TableCell>
</asp:TableRow>
</asp:Table>
</div>
<%@ Control Language = "C#" AutoEventWireup= "true" CodeFile= "ReactieControl.ascx.cs" Inherits= "ReactieControl" %>
<asp:Table ID = "ReactieTabel" runat= "server" >
<asp:TableRow>
<asp:TableCell>
<asp:Label ID = "lblNaam" AssociatedControlID= "txtNaam" runat= "server" Text = "Naam : " / >
</ asp:TableCell>
<asp:TableCell>
<asp:TextBox ID = "txtNaam" runat= "server" / >
<asp:RequiredFieldValidator ID = "valNaam" runat= "server" ErrorMessage= "*" ControlToValidate= "txtNaam" / >
</ asp:TableCell>
</ asp:TableRow>
<asp:TableRow>
<asp:TableCell>
<asp:Label ID = "lblMail" AssociatedControlID= "txtMail" runat= "server" Text = "Email : " / >
</ asp:TableCell>
<asp:TableCell>
<asp:TextBox ID = "txtMail" runat= "server" / >
<asp:RegularExpressionValidator ID = "valMail" runat= "server" ControlToValidate= "txtMail" ErrorMessage= "*" ValidationExpression= "\w+([-+.']\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*" / >
</ asp:TableCell>
</ asp:TableRow>
<asp:TableRow>
<asp:TableCell VerticalAlign= "Top" >
<asp:Label ID = "lblMessage" AssociatedControlID= "txtMessage" runat= "server" Text = "Bericht : " / >
</ asp:TableCell>
<asp:TableCell>
<asp:TextBox ID = "txtMessage" runat= "server" TextMode= "MultiLine" Rows = "8" Columns= "35" / >
<asp:RequiredFieldValidator ID = "valMessage" runat= "server" ErrorMessage= "*" ControlToValidate= "txtMessage" / >
</ asp:TableCell>
</ asp:TableRow>
<asp:TableRow>
<asp:TableCell ColumnSpan= "2" HorizontalAlign= "Center" >
<asp:Button ID = "btnSubmit" runat= "server" Text = "Verzenden" OnClick = "btnSubmit_Click" / >
</ asp:TableCell>
</ asp:TableRow>
</ asp:Table>
ReactieControl.ascx.cs
using System;
using System.Web;
using System.Web.UI;
using Guestbook;
public partial class ReactieControl : UserControl
{
protected void btnSubmit_Click(object sender, EventArgs e)
{
String[] insertValues = new String[] { txtNaam.Text, txtMail.Text, txtMessage.Text };
insertValues = Functions.SecureInput(insertValues);
Database.Insert(insertValues[0], insertValues[1], insertValues[2], DateTime.Now.ToUniversalTime().ToString(), HttpContext.Current.Request.UserHostAddress);
Response.Redirect(Request.UrlReferrer.AbsoluteUri);
}
}
using System ;
using System.Web ;
using System.Web.UI ;
using Guestbook ;
public partial class ReactieControl : UserControl
{
protected void btnSubmit_Click( object sender, EventArgs e)
{
String [ ] insertValues
= new String [ ] { txtNaam.
Text , txtMail.
Text , txtMessage.
Text } ; insertValues = Functions.SecureInput ( insertValues) ;
Database.Insert ( insertValues[ 0 ] , insertValues[ 1 ] , insertValues[ 2 ] , DateTime.Now .ToUniversalTime ( ) .ToString ( ) , HttpContext.Current .Request .UserHostAddress ) ;
Response.Redirect ( Request.UrlReferrer .AbsoluteUri ) ;
}
}
App_Code/Database.cs
using System;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Web;
namespace Guestbook
{
public static class Database
{
private static SqlConnection sqlConn = new SqlConnection(ConfigurationManager.ConnectionStrings["DatabaseConnectionString"].ConnectionString);
public static DataTable GetData(String sqlString)
{
DataTable tempTable = new DataTable();
try
{
SqlDataAdapter adaptData = new SqlDataAdapter(sqlString, sqlConn);
adaptData.Fill(tempTable);
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
return tempTable;
}
public static void Update(int Id, String Naam, String Email, String Bericht, String Datum, String IP)
{
ExecuteQuery("UPDATE TblGuestBook SET Naam = '" + Naam + "', Email = '" + Email + "', Bericht = '" + Bericht + "', Datum = '" + Datum + "', IP = '" + IP + "' WHERE Id = '" + Id + "' ");
}
public static void Delete(int Id)
{
ExecuteQuery("DELETE FROM TblGuestBook WHERE Id = '" + Id + "' ");
}
public static void Insert(String Naam, String Email, String Bericht, String Datum, String IP)
{
ExecuteQuery("INSERT INTO TblGuestBook(Naam, Email, Bericht, Datum, IP) VALUES('" + Naam + "', '" + Email + "', '" + Bericht + "', '" + Datum + "', '" + IP + "')");
}
private static void ExecuteQuery(String sqlQuery)
{
SqlCommand sqlComm = new SqlCommand(sqlQuery, sqlConn);
try
{
sqlConn.Open();
sqlComm.ExecuteNonQuery();
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
finally
{
sqlConn.Close();
}
}
}
public static class Functions
{
public static bool IsValidInput(String[] input)
{
foreach (String s in input)
if (String.IsNullOrEmpty(s.Trim()))
return false;
return true;
}
public static String[] SecureInput(String[] input)
{
int i = 0;
String[] temp = new String[input.Length];
foreach (String s in input)
temp[i++] = HttpUtility.HtmlEncode(s);
return temp;
}
}
}
using System ;
using System.Data ;
using System.Data.SqlClient ;
using System.Configuration ;
using System.Web ;
namespace Guestbook
{
public static class Database
{
private static SqlConnection sqlConn
= new SqlConnection
( ConfigurationManager.
ConnectionStrings [ "DatabaseConnectionString" ] .
ConnectionString ) ;
public static DataTable GetData( String sqlString)
{
DataTable tempTable
= new DataTable
( ) ;
try
{
SqlDataAdapter adaptData
= new SqlDataAdapter
( sqlString, sqlConn
) ; adaptData.Fill ( tempTable) ;
}
catch ( Exception ex)
{
throw new Exception
( ex.
Message ) ; }
return tempTable;
}
public static void Update( int Id, String Naam, String Email, String Bericht, String Datum, String IP)
{
ExecuteQuery( "UPDATE TblGuestBook SET Naam = '" + Naam + "', Email = '" + Email + "', Bericht = '" + Bericht + "', Datum = '" + Datum + "', IP = '" + IP + "' WHERE Id = '" + Id + "' " ) ;
}
public static void Delete( int Id)
{
ExecuteQuery( "DELETE FROM TblGuestBook WHERE Id = '" + Id + "' " ) ;
}
public static void Insert( String Naam, String Email, String Bericht, String Datum, String IP)
{
ExecuteQuery( "INSERT INTO TblGuestBook(Naam, Email, Bericht, Datum, IP) VALUES('" + Naam + "', '" + Email + "', '" + Bericht + "', '" + Datum + "', '" + IP + "')" ) ;
}
private static void ExecuteQuery( String sqlQuery)
{
SqlCommand sqlComm
= new SqlCommand
( sqlQuery, sqlConn
) ;
try
{
sqlConn.Open ( ) ;
sqlComm.ExecuteNonQuery ( ) ;
}
catch ( Exception ex)
{
throw new Exception
( ex.
Message ) ; }
finally
{
sqlConn.Close ( ) ;
}
}
}
public static class Functions
{
public static bool IsValidInput( String [ ] input)
{
foreach ( String s in input)
if ( String .IsNullOrEmpty ( s.Trim ( ) ) )
return false;
return true;
}
public static String [ ] SecureInput( String [ ] input)
{
int i = 0 ;
String [ ] temp
= new String [ input.
Length ] ; foreach ( String s in input)
temp[ i++ ] = HttpUtility.HtmlEncode ( s) ;
return temp;
}
}
}
Web.config
<!--
Hiervan zet ik niet alle code, enkel de connectionstring voor de DB.
Dit blokje code moet je tussen de <configuration>-tags plaatsen.
-->
<connectionStrings>
<add name="DatabaseConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
<!--
Hiervan zet ik niet alle code, enkel de connectionstring voor de DB.
Dit blokje code moet je tussen de <configuration>-tags plaatsen.
-->
<connectionStrings>
<add name = "DatabaseConnectionString" connectionString= "Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True"
providerName= "System.Data.SqlClient" / >
</ connectionStrings>
Download code (.txt)
Stemmen
Niet ingelogd.
Wat is jouw favoriete javascript framework? (S: 18, R: 2)
