Reputation: 128
problem with duplicate values check in the edit page
I make checks of some values es (email) that cannot be duplicated in the database, these I have also in the edit page, the problem is that if I leave the email so it tells me that the email has already been used. I don't know how to solve.
protected void Button1_Click(object sender, EventArgs e)
{
if (checkemaill() == true)
{
Label35.Visible = true;
Label35.Text = "Questa email è già stata usata";
}
else if (Partitaiva() == true)
{
Label36.Visible = true;
Label36.Text = "La partita iva già è stata usata";
}
else
{
string query = "UPDATE Persona SET Email = @Email,
RagioneSociale = @RagioneSociale, Piva = @Piva WHERE ID =
@id";
using (SqlConnection con = new
SqlConnection(ConfigurationManager.
ConnectionStrings["dbConnection"].ToString()))
{
SqlCommand cmd = new SqlCommand(query, con);
List<SqlParameter> p = new List<SqlParameter>();
p.Add(new SqlParameter("@Email", TextBox12.Text));
p.Add(new SqlParameter("@RagioneSociale",
TextBox11.Text));
p.Add(new SqlParameter("@Piva", TextBox14.Text));
p.Add(new SqlParameter("@ID", Id));
con.Open();
GetExample(cmd, p.ToArray());
cmd.ExecuteNonQuery();
cmd.Parameters.Clear();
Response.Redirect("Dash.aspx");
}
}
}
this is the function, the other I do not put it because it is the same as this:
private Boolean checkemail()
{
Boolean emailavailable = false;
String mycon = "Data Source=DESKTOP-LORL4DL;Initial
Catalog=Databasepersone;Integrated Security=True;Pooling=False";
String myquery = "Select Email from Persona where Email='" +
TextBox12.Text + "'";
SqlConnection con = new SqlConnection(mycon);
SqlCommand cmd = new SqlCommand();
cmd.CommandText = myquery;
cmd.Connection = con;
SqlDataAdapter da = new SqlDataAdapter();
da.SelectCommand = cmd;
DataSet ds = new DataSet();
da.Fill(ds);
if (ds.Tables[0].Rows.Count > 0)
{
emailavailable = true;
}
con.Close();
return emailavailable;
}
Upvotes: 1
Views: 99
Answers (2)
Reputation: 31
try this:
private Boolean checkemail(string _email)
{
bool emailavailable = false;
using (your context)
{
var res = context.Persona.Where(p => p.Email == _email).ToList();
if (res != null)
emailavailable = true;
}
return emailavailable;
}
Upvotes: -1
Reputation: 151604
The problem is that your query becomes Select Email from Persona where Email='', which returns zero records, indicating that the empty email address is available, allowing your code to continue.
You need to validate your user input. Use the RequiredFieldValidator, for example, see How to validate this data entry form in ASP.NET Web Forms? and Microsoft Docs: RequiredFieldValidator. This makes sure that your code isn't executed when the email textbox is empty.
For the other problem, if you want to check whether another user has the same email address, you need to add the current user's ID:
SELECT Email FROM Persona WHERE Email = @Email AND Id != @Id
Also, your code is vulnerable to SQL injection. And you shouldn't hardcode your connection string.
Upvotes: 2
Related Questions
- How to check if a value already exists in my database and show a validation message
- Editing duplicate values in a database
- Duplicate values of every data row
- ASP.NET DropDownList Duplicate Values from Database
- Duplicate entry of same record in database
- Avoiding Duplicate Records in A Table asp.net
- How to avoid entering duplicate values into table through winform?
- Check for duplicate entry validation
- checking tha data already exists in the table
- Dropdownlist shows duplicate values while editing a row in the gridview