Aspx.net sign up page Issue

Question

Aspx.net sign up page Issue

Tobi Emovon 1

Hi Guys ,I am having a problem with my sign up page

The information i input in the page is supposed to be present in the database and it was meant to show a message whenever i clicked the sign up button, but neither has worked

This is the aspx code

<%@ page title="" language="C#" masterpagefile="~/Site1.Master" autoeventwireup="true" codebehind="usersignup.aspx.cs" inherits="WebApplication1.usersignup" %>

<asp:Content ID="Content1" ContentPlaceHolderID="head" runat="server">
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" runat="server">

<div class="container">
    <div class="row">
        <div class="col-md-8 mx-auto">
            <div class="card">
                <div class="card-body">
                    <div class="row">
                        <div class="col">
                            <center>
                                <img src="img/generaluser.png" style="width: 100px;" />
                            </center>
                        </div>
                    </div>
                    <div class="row">
                        <div class="col">
                            <center>
                                <h4>Member Sign Up</h4>
                            </center>
                        </div>
                    </div>

                    <div class="row">
                        <div class="col">
                            <hr />
                        </div>
                    </div>

                    <div class="row">
                        <center>
                            <div class="col">
                                <div class="mb-3">
                                    <span class="badge rounded-pill bg-primary">Personal Details</span>
                                </div>
                            </div>
                        </center>
                    </div>


                    <div class="row">
                        <div class="col-md-6">
                            <div class="mb-3">
                                <label class="form-label">Full Name</label>
                                <asp:TextBox CssClass="form-control" ID="TextBox1"
                                    runat="server" placeholder="Full Name">
                                </asp:TextBox>
                            </div>
                        </div>

                        <div class="col-md-6">
                            <div class="mb-3">
                                <label class="form-label">Date of Birth</label>
                                <asp:TextBox CssClass="form-control" ID="TextBox2"
                                    runat="server" placeholder="Date of Birth" TextMode="Date">
                                </asp:TextBox>
                            </div>
                        </div>
                    </div>

                    <div class="row">
                        <div class="col-md-6">
                            <div class="mb-3">
                                <label class="form-label">Contact Number</label>
                                <asp:TextBox CssClass="form-control" ID="TextBox3"
                                    runat="server" placeholder="Contact Number" TextMode="Number">
                                </asp:TextBox>
                            </div>
                        </div>

                        <div class="col-md-6">
                            <div class="mb-3">
                                <label class="form-label">Email</label>
                                <asp:TextBox CssClass="form-control" ID="TextBox4"
                                    runat="server" placeholder="Email ID" TextMode="Email">
                                </asp:TextBox>
                            </div>
                        </div>
                    </div>


                    <div class="row">
                        <div class="col-md-4">
                            <div class="mb-3">
                                <label class="form-label">State</label>
                                <asp:DropDownList class="form-control dropdown" ID="DropDownList1" runat="server">

                                    <asp:ListItem Text="Select" Value="Select" />
                                    <asp:ListItem Text="Abia" Value="Abia" />
                                    <asp:ListItem Text="Adamawa" Value="Adamawa" />
                                    <asp:ListItem Text="Akwa Ibom" Value="Akwa Ibom" />
                                    <asp:ListItem Text="Anambra" Value="Anambra" />
                                    <asp:ListItem Text="Bauchi" Value="Bauchi" />
                                    <asp:ListItem Text="Bayelsa" Value="Bayelsa" />
                                    <asp:ListItem Text="Benue" Value="Benue" />
                                    <asp:ListItem Text="Borno" Value="Borno" />
                                    <asp:ListItem Text="Cross Rivers" Value="Cross Rivers" />
                                    <asp:ListItem Text="Delta" Value="Delta" />
                                    <asp:ListItem Text="Ebonyi" Value="Ebonyi" />
                                    <asp:ListItem Text="Edo" Value="Edo" />
                                    <asp:ListItem Text="Ekiti" Value="Ekiti" />
                                    <asp:ListItem Text="Enugu" Value="Enugu" />
                                    <asp:ListItem Text="Gombe" Value="Gombe" />
                                    <asp:ListItem Text="Imo" Value="Imo" />
                                    <asp:ListItem Text="Jigawa" Value="Jigawa" />
                                    <asp:ListItem Text="Kaduna" Value="Kaduna" />
                                    <asp:ListItem Text="Katsina" Value="Katsina" />
                                    <asp:ListItem Text="Kebbi" Value="Kebbi" />
                                    <asp:ListItem Text="Kogi" Value="Kogi" />
                                    <asp:ListItem Text="Kwara" Value="Kwara" />
                                    <asp:ListItem Text="Lagos" Value="Lagos" />
                                    <asp:ListItem Text="Nasarawa" Value="Nasarawa" />
                                    <asp:ListItem Text="Niger" Value="Niger" />
                                    <asp:ListItem Text="Ogun" Value="Ogun" />
                                    <asp:ListItem Text="Ondo" Value="Ondo" />
                                    <asp:ListItem Text="Osun" Value="Osun" />
                                    <asp:ListItem Text="Oyo" Value="Oyo" />
                                    <asp:ListItem Text="Plateau" Value="Plateau" />
                                    <asp:ListItem Text="Rivers" Value="Rivers" />
                                    <asp:ListItem Text="Sokoto" Value="Sokoto" />
                                    <asp:ListItem Text="Taraba" Value="Taraba" />
                                    <asp:ListItem Text="Yobe" Value="Yobe" />
                                    <asp:ListItem Text="Zamfara" Value="Zamfara" />
                                    <asp:ListItem Text="Abuja" Value="Abuja" />

                                </asp:DropDownList>
                            </div>
                        </div>

                        <div class="col-md-4">
                            <div class="mb-3">
                                <label class="form-label">City</label>
                                <asp:TextBox class="form-control" ID="TextBox6"
                                    runat="server" placeholder="City">
                                </asp:TextBox>
                            </div>
                        </div>

                        <div class="col-md-4">
                            <div class="mb-3">
                                <label class="form-label">Pincode</label>
                                <asp:TextBox CssClass="form-control" ID="TextBox7"
                                    runat="server" placeholder="Pincode" TextMode="Number">
                                </asp:TextBox>
                            </div>
                        </div>
                    </div>


                    <div class="row">
                        <div class="col">
                            <div class="mb-3">
                                <label class="form-label">Address</label>
                                <asp:TextBox CssClass="form-control" ID="TextBox5"
                                    runat="server" placeholder="Address" TextMode="MultiLine" Rows="2">
                                </asp:TextBox>
                            </div>
                        </div>
                    </div>

                    <div class="row">
                        <center>
                            <div class="col">
                                <div class="mb-3">
                                    <span class="badge rounded-pill bg-primary">Login Credentials</span>
                                </div>
                            </div>
                        </center>
                    </div>

                    <div class="row">
                        <div class="col">
                            <div class="mb-3">
                                <label class="form-label">Member ID</label>
                                <asp:TextBox class="form-control" ID="TextBox8"
                                    runat="server" placeholder="User ID">
                                </asp:TextBox>
                            </div>
                        </div>

                        <div class="col">
                            <div class="mb-3">
                                <label class="form-label">Password</label>
                                <asp:TextBox CssClass="form-control" ID="TextBox9"
                                    runat="server" placeholder="Password" TextMode="Password">
                                </asp:TextBox>
                            </div>
                        </div>
                    </div>


                    <div class="mb-3">
                        <asp:Button class="btn btn-success btn-lg d-grid gap-2 col-md-6 mx-auto w-65"
                            runat="server" Text="Sign Up" ID="Button1" OnClick="Button1_Click" />

                    </div>


                </div>
            </div>

        </div>
    </div>

    <a href="homepage.aspx"><< Back to Home </a>
    <br />
    <br />

</div>

</asp:Content>

This is the code behind

using System;
using System.Collections.Generic;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace WebApplication1
{
public partial class usersignup : System.Web.UI.Page
{
string strcon = ConfigurationManager.ConnectionStrings["con"].ConnectionString;
protected void Page_Load(object sender, EventArgs e)
{
}
// sign up button click event
protected void Button1_Click(object sender, EventArgs e)
{
if (checkMemberExists())
{

            Response.Write("<script>alert('Member Already Exist with this Member ID, try other ID');</script>");
        }
        else
        {
            signUpNewMember();
        }
    }

    // user defined method
    bool checkMemberExists()
    {
        try
        {
            SqlConnection con = new SqlConnection(strcon);
            if (con.State == ConnectionState.Closed)
            {
                con.Open();
            }
            SqlCommand cmd = new SqlCommand("SELECT * from member_master_table where member_id='" + TextBox8.Text.Trim() + "';", con);
            SqlDataAdapter da = new SqlDataAdapter(cmd);
            DataTable dt = new DataTable();
            da.Fill(dt);
            if (dt.Rows.Count >= 1)
            {
                return true;
            }
            else
            {
                return false;
            }
        }
        catch (Exception ex)
        {
            Response.Write("<script>alert('" + ex.Message + "');</script>");
            return false;
        }
    }
    void signUpNewMember()
    {
        //Response.Write("<script>alert('Testing');</script>");
        try
        {
            SqlConnection con = new SqlConnection(strcon);
            if (con.State == ConnectionState.Closed)
            {
                con.Open();
            }
            SqlCommand cmd = new SqlCommand("INSERT INTO member_master_table(full_name,dob,contact_no,email,state,city,pincode,full_address,member_id,password,account_status) values(@full_name,@dob,@contact_no,@email,@state,@city,@pincode,@full_address,@member_id,@password,@account_status)", con);
            cmd.Parameters.AddWithValue("@full_name", TextBox1.Text.Trim());
            cmd.Parameters.AddWithValue("@dob", TextBox2.Text.Trim());
            cmd.Parameters.AddWithValue("@contact_no", TextBox3.Text.Trim());
            cmd.Parameters.AddWithValue("@email", TextBox4.Text.Trim());
            cmd.Parameters.AddWithValue("@state", DropDownList1.SelectedItem.Value);
            cmd.Parameters.AddWithValue("@city", TextBox6.Text.Trim());
            cmd.Parameters.AddWithValue("@pincode", TextBox7.Text.Trim());
            cmd.Parameters.AddWithValue("@full_address", TextBox5.Text.Trim());
            cmd.Parameters.AddWithValue("@member_id", TextBox8.Text.Trim());
            cmd.Parameters.AddWithValue("@password", TextBox9.Text.Trim());
            cmd.Parameters.AddWithValue("@account_status", "pending");
            cmd.ExecuteNonQuery();
            con.Close();
            Response.Write("<script>alert('Sign Up Successful. Go to User Login to Login');</script>");
        }
        catch (Exception ex)
        {
            Response.Write("<script>alert('" + ex.Message + "');</script>");
        }
    }

}

}

I would really appreciate if i got an urgent answer

AgaveJoe 30,126 Reputation points

2022-05-03T17:32:51.807+00:00

A few of items to consider. You tagged this as an ASP.NET Core question which it is not. This is an ASP.NET Web Forms questions. Web Forms and Core are completely different frameworks.

There's no way for forum members to verify the Member ID value in entered in TextBox8 exists in the member_master_table.member_id column or if you are connecting to the correct database.

The quickest way to solve this problem is using the Visual Studio debugger to single step through your code to find where the code does not execute as expected.

Navigate through code by using the Visual Studio debugger

2 answers

Your answer

AgaveJoe 30,126 Reputation points

2022-05-03T17:32:51.807+00:00

A few of items to consider. You tagged this as an ASP.NET Core question which it is not. This is an ASP.NET Web Forms questions. Web Forms and Core are completely different frameworks.

There's no way for forum members to verify the Member ID value in entered in TextBox8 exists in the member_master_table.member_id column or if you are connecting to the correct database.

The quickest way to solve this problem is using the Visual Studio debugger to single step through your code to find where the code does not execute as expected.

Navigate through code by using the Visual Studio debugger

Answer 1

I recommend you to use Entityframework and use database operations, as it will simplify your code. Refer: https://learn.microsoft.com/en-us/aspnet/web-forms/overview/presenting-and-managing-data/model-binding/updating-deleting-and-creating-data

However by reading through code, I can see a serious SQL injection bug, in the following line

SqlCommand cmd = new SqlCommand("SELECT * from member_master_table where member_id='" + TextBox8.Text.Trim() + "';", con);

As a standard practice, never use concatenation to build your query, instead, use parameterization. Refer the following article to understand SQL Injection attack

https://www.stackhawk.com/blog/net-sql-injection-guide-examples-and-prevention/

Another issue we can see, is that you are writing raw script to the response, instead of this, use RegisterStartupScript method, that is provided to you by the framework. The following reference link contains example that you can implement in your code.

https://learn.microsoft.com/en-us/dotnet/api/system.web.ui.clientscriptmanager.registerstartupscript?view=netframework-4.8

Please implement the recommendations and let me know whether you are able to make it work.

Answer 2

Hi @Tobi Emovon ,
I tried your code without any problem, you can check the running effect below.
I'm guessing this doesn't work maybe because the datatype of the database doesn't match the datatype of the input.
I suggest you press F12 to view the specific error message. The specific steps can be found in the document below.
https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/hh968260(v=vs.85)

Best regards,
Lan Huang

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Share via

Aspx.net sign up page Issue

2 answers

Your answer