Aspx.net sign up page Issue

Tobi Emovon 1 Reputation point
2022-05-03T15:16:51.707+00:00

Hi Guys ,I am having a problem with my sign up page

The information i input in the page is supposed to be present in the database and it was meant to show a message whenever i clicked the sign up button, but neither has worked

This is the aspx code

<%@ page title="" language="C#" masterpagefile="~/Site1.Master" autoeventwireup="true" codebehind="usersignup.aspx.cs" inherits="WebApplication1.usersignup" %>

<asp:Content ID="Content1" ContentPlaceHolderID="head" runat="server">
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" runat="server">

<div class="container">
    <div class="row">
        <div class="col-md-8 mx-auto">
            <div class="card">
                <div class="card-body">
                    <div class="row">
                        <div class="col">
                            <center>
                                <img src="img/generaluser.png" style="width: 100px;" />
                            </center>
                        </div>
                    </div>
                    <div class="row">
                        <div class="col">
                            <center>
                                <h4>Member Sign Up</h4>
                            </center>
                        </div>
                    </div>

                    <div class="row">
                        <div class="col">
                            <hr />
                        </div>
                    </div>

                    <div class="row">
                        <center>
                            <div class="col">
                                <div class="mb-3">
                                    <span class="badge rounded-pill bg-primary">Personal Details</span>
                                </div>
                            </div>
                        </center>
                    </div>


                    <div class="row">
                        <div class="col-md-6">
                            <div class="mb-3">
                                <label class="form-label">Full Name</label>
                                <asp:TextBox CssClass="form-control" ID="TextBox1"
                                    runat="server" placeholder="Full Name">
                                </asp:TextBox>
                            </div>
                        </div>

                        <div class="col-md-6">
                            <div class="mb-3">
                                <label class="form-label">Date of Birth</label>
                                <asp:TextBox CssClass="form-control" ID="TextBox2"
                                    runat="server" placeholder="Date of Birth" TextMode="Date">
                                </asp:TextBox>
                            </div>
                        </div>
                    </div>

                    <div class="row">
                        <div class="col-md-6">
                            <div class="mb-3">
                                <label class="form-label">Contact Number</label>
                                <asp:TextBox CssClass="form-control" ID="TextBox3"
                                    runat="server" placeholder="Contact Number" TextMode="Number">
                                </asp:TextBox>
                            </div>
                        </div>

                        <div class="col-md-6">
                            <div class="mb-3">
                                <label class="form-label">Email</label>
                                <asp:TextBox CssClass="form-control" ID="TextBox4"
                                    runat="server" placeholder="Email ID" TextMode="Email">
                                </asp:TextBox>
                            </div>
                        </div>
                    </div>


                    <div class="row">
                        <div class="col-md-4">
                            <div class="mb-3">
                                <label class="form-label">State</label>
                                <asp:DropDownList class="form-control dropdown" ID="DropDownList1" runat="server">

                                    <asp:ListItem Text="Select" Value="Select" />
                                    <asp:ListItem Text="Abia" Value="Abia" />
                                    <asp:ListItem Text="Adamawa" Value="Adamawa" />
                                    <asp:ListItem Text="Akwa Ibom" Value="Akwa Ibom" />
                                    <asp:ListItem Text="Anambra" Value="Anambra" />
                                    <asp:ListItem Text="Bauchi" Value="Bauchi" />
                                    <asp:ListItem Text="Bayelsa" Value="Bayelsa" />
                                    <asp:ListItem Text="Benue" Value="Benue" />
                                    <asp:ListItem Text="Borno" Value="Borno" />
                                    <asp:ListItem Text="Cross Rivers" Value="Cross Rivers" />
                                    <asp:ListItem Text="Delta" Value="Delta" />
                                    <asp:ListItem Text="Ebonyi" Value="Ebonyi" />
                                    <asp:ListItem Text="Edo" Value="Edo" />
                                    <asp:ListItem Text="Ekiti" Value="Ekiti" />
                                    <asp:ListItem Text="Enugu" Value="Enugu" />
                                    <asp:ListItem Text="Gombe" Value="Gombe" />
                                    <asp:ListItem Text="Imo" Value="Imo" />
                                    <asp:ListItem Text="Jigawa" Value="Jigawa" />
                                    <asp:ListItem Text="Kaduna" Value="Kaduna" />
                                    <asp:ListItem Text="Katsina" Value="Katsina" />
                                    <asp:ListItem Text="Kebbi" Value="Kebbi" />
                                    <asp:ListItem Text="Kogi" Value="Kogi" />
                                    <asp:ListItem Text="Kwara" Value="Kwara" />
                                    <asp:ListItem Text="Lagos" Value="Lagos" />
                                    <asp:ListItem Text="Nasarawa" Value="Nasarawa" />
                                    <asp:ListItem Text="Niger" Value="Niger" />
                                    <asp:ListItem Text="Ogun" Value="Ogun" />
                                    <asp:ListItem Text="Ondo" Value="Ondo" />
                                    <asp:ListItem Text="Osun" Value="Osun" />
                                    <asp:ListItem Text="Oyo" Value="Oyo" />
                                    <asp:ListItem Text="Plateau" Value="Plateau" />
                                    <asp:ListItem Text="Rivers" Value="Rivers" />
                                    <asp:ListItem Text="Sokoto" Value="Sokoto" />
                                    <asp:ListItem Text="Taraba" Value="Taraba" />
                                    <asp:ListItem Text="Yobe" Value="Yobe" />
                                    <asp:ListItem Text="Zamfara" Value="Zamfara" />
                                    <asp:ListItem Text="Abuja" Value="Abuja" />

                                </asp:DropDownList>
                            </div>
                        </div>

                        <div class="col-md-4">
                            <div class="mb-3">
                                <label class="form-label">City</label>
                                <asp:TextBox class="form-control" ID="TextBox6"
                                    runat="server" placeholder="City">
                                </asp:TextBox>
                            </div>
                        </div>

                        <div class="col-md-4">
                            <div class="mb-3">
                                <label class="form-label">Pincode</label>
                                <asp:TextBox CssClass="form-control" ID="TextBox7"
                                    runat="server" placeholder="Pincode" TextMode="Number">
                                </asp:TextBox>
                            </div>
                        </div>
                    </div>


                    <div class="row">
                        <div class="col">
                            <div class="mb-3">
                                <label class="form-label">Address</label>
                                <asp:TextBox CssClass="form-control" ID="TextBox5"
                                    runat="server" placeholder="Address" TextMode="MultiLine" Rows="2">
                                </asp:TextBox>
                            </div>
                        </div>
                    </div>

                    <div class="row">
                        <center>
                            <div class="col">
                                <div class="mb-3">
                                    <span class="badge rounded-pill bg-primary">Login Credentials</span>
                                </div>
                            </div>
                        </center>
                    </div>

                    <div class="row">
                        <div class="col">
                            <div class="mb-3">
                                <label class="form-label">Member ID</label>
                                <asp:TextBox class="form-control" ID="TextBox8"
                                    runat="server" placeholder="User ID">
                                </asp:TextBox>
                            </div>
                        </div>

                        <div class="col">
                            <div class="mb-3">
                                <label class="form-label">Password</label>
                                <asp:TextBox CssClass="form-control" ID="TextBox9"
                                    runat="server" placeholder="Password" TextMode="Password">
                                </asp:TextBox>
                            </div>
                        </div>
                    </div>


                    <div class="mb-3">
                        <asp:Button class="btn btn-success btn-lg d-grid gap-2 col-md-6 mx-auto w-65"
                            runat="server" Text="Sign Up" ID="Button1" OnClick="Button1_Click" />

                    </div>


                </div>
            </div>

        </div>
    </div>

    <a href="homepage.aspx"><< Back to Home </a>
    <br />
    <br />

</div>

</asp:Content>

This is the code behind

using System;
using System.Collections.Generic;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace WebApplication1
{
public partial class usersignup : System.Web.UI.Page
{
string strcon = ConfigurationManager.ConnectionStrings["con"].ConnectionString;
protected void Page_Load(object sender, EventArgs e)
{
}
// sign up button click event
protected void Button1_Click(object sender, EventArgs e)
{
if (checkMemberExists())
{

            Response.Write("<script>alert('Member Already Exist with this Member ID, try other ID');</script>");
        }
        else
        {
            signUpNewMember();
        }
    }

    // user defined method
    bool checkMemberExists()
    {
        try
        {
            SqlConnection con = new SqlConnection(strcon);
            if (con.State == ConnectionState.Closed)
            {
                con.Open();
            }
            SqlCommand cmd = new SqlCommand("SELECT * from member_master_table where member_id='" + TextBox8.Text.Trim() + "';", con);
            SqlDataAdapter da = new SqlDataAdapter(cmd);
            DataTable dt = new DataTable();
            da.Fill(dt);
            if (dt.Rows.Count >= 1)
            {
                return true;
            }
            else
            {
                return false;
            }
        }
        catch (Exception ex)
        {
            Response.Write("<script>alert('" + ex.Message + "');</script>");
            return false;
        }
    }
    void signUpNewMember()
    {
        //Response.Write("<script>alert('Testing');</script>");
        try
        {
            SqlConnection con = new SqlConnection(strcon);
            if (con.State == ConnectionState.Closed)
            {
                con.Open();
            }
            SqlCommand cmd = new SqlCommand("INSERT INTO member_master_table(full_name,dob,contact_no,email,state,city,pincode,full_address,member_id,password,account_status) values(@full_name,@dob,@contact_no,@email,@state,@city,@pincode,@full_address,@member_id,@password,@account_status)", con);
            cmd.Parameters.AddWithValue("@full_name", TextBox1.Text.Trim());
            cmd.Parameters.AddWithValue("@dob", TextBox2.Text.Trim());
            cmd.Parameters.AddWithValue("@contact_no", TextBox3.Text.Trim());
            cmd.Parameters.AddWithValue("@email", TextBox4.Text.Trim());
            cmd.Parameters.AddWithValue("@state", DropDownList1.SelectedItem.Value);
            cmd.Parameters.AddWithValue("@city", TextBox6.Text.Trim());
            cmd.Parameters.AddWithValue("@pincode", TextBox7.Text.Trim());
            cmd.Parameters.AddWithValue("@full_address", TextBox5.Text.Trim());
            cmd.Parameters.AddWithValue("@member_id", TextBox8.Text.Trim());
            cmd.Parameters.AddWithValue("@password", TextBox9.Text.Trim());
            cmd.Parameters.AddWithValue("@account_status", "pending");
            cmd.ExecuteNonQuery();
            con.Close();
            Response.Write("<script>alert('Sign Up Successful. Go to User Login to Login');</script>");
        }
        catch (Exception ex)
        {
            Response.Write("<script>alert('" + ex.Message + "');</script>");
        }
    }

}

}

I would really appreciate if i got an urgent answer

ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,411 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Sreeju Nair 12,176 Reputation points
    2022-05-03T16:23:23.477+00:00

    I recommend you to use Entityframework and use database operations, as it will simplify your code. Refer: https://learn.microsoft.com/en-us/aspnet/web-forms/overview/presenting-and-managing-data/model-binding/updating-deleting-and-creating-data

    However by reading through code, I can see a serious SQL injection bug, in the following line

    SqlCommand cmd = new SqlCommand("SELECT * from member_master_table where member_id='" + TextBox8.Text.Trim() + "';", con);  
    

    As a standard practice, never use concatenation to build your query, instead, use parameterization. Refer the following article to understand SQL Injection attack

    https://www.stackhawk.com/blog/net-sql-injection-guide-examples-and-prevention/

    Another issue we can see, is that you are writing raw script to the response, instead of this, use RegisterStartupScript method, that is provided to you by the framework. The following reference link contains example that you can implement in your code.

    https://learn.microsoft.com/en-us/dotnet/api/system.web.ui.clientscriptmanager.registerstartupscript?view=netframework-4.8

    Please implement the recommendations and let me know whether you are able to make it work.

    0 comments No comments

  2. Lan Huang-MSFT 28,836 Reputation points Microsoft Vendor
    2022-05-04T06:05:23.187+00:00

    Hi @Tobi Emovon ,
    I tried your code without any problem, you can check the running effect below.
    I'm guessing this doesn't work maybe because the datatype of the database doesn't match the datatype of the input.
    I suggest you press F12 to view the specific error message. The specific steps can be found in the document below.
    https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/hh968260(v=vs.85)
    198667-test0.gif
    Best regards,
    Lan Huang


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments