Printable View
Here is a preview of what I have done.
TUTORIAL
http://i.minus.com/jb2DUmuAvCCSGf.png
-
-
http://i.minus.com/j5KCzkvP0UMWx.png
-
-
http://i.minus.com/jcg5I5PanHReq.png
-
-
http://i.minus.com/jbdxINrxV9XDHU.png
-
-
http://i.minus.com/jPYKJZpMfvhQr.png
-
-
http://i.minus.com/jwIdpWhFfyh7T.png
-
-
http://i.minus.com/jbfhu4FVLxkUxu.png
-
-
http://i.minus.com/jbkR0qgHIYqbBY.png
-
-
http://i.minus.com/jbthQ6oKy6MjPY.png
-
-
http://i.minus.com/jZDD0htvdtKlc.png
Tutorial please :)
Ty i posted the post :D
Plz make a tutorial i like it :D
Moved to Tutorial Section
dafuq.
This could be made in PHP with far less effort.
Updated with an admin zone, added features, and verification.
True, but that's not the point. He wanted to do it his way, which turned out to be with C#. Nothing wrong with that.Quote:
Originally Posted by Ron
Stop using var unless you have to. Use the appropriate object. Using var limits readability and can cause a throwback to hungarian notation for variables, which leads to long, often pointless, variable names
Why use string.Format without using its major benefit?
Should beQuote:
Code:String.Format("INSERT INTO KeyStorage (Email, Hash, isUsed) VALUES ('" + @emailAddr + "', '" +
@stringArray + "', 0)");
Although some would argue that using stringbuilder or plain concatenation would be the better (faster) route.Code:String.Format("INSERT INTO KeyStorage (Email, Hash, isUsed) VALUES ('{0}', '{1}', 0)", emailAddr, stringArray);
Then, you set up your command and execute it. Two things
#1:
-- should have SqlCommand instead of var (as noted above) and then you should use paramaterized queries to run this.Quote:
Code:var sqlComm = new SqlCommand(sqlStr, DataConn.Connect());
Example: change your querystring into
"INSERT INTO KeyStorage (Email, Hash, isUsed) VALUES (@email, @hash, 0)"
And then, after you've initialized your command, add the following:
note:** change the "varchar, 50" to whatever your datatype is.Code:cmd.Parameters.Add(new SqlParameter("@email", System.Data.SqlDbType.VarChar, 50)).Value = emailAddr;
cmd.Parameters.Add(new SqlParameter("@hash", System.Data.SqlDbType.VarChar, 50)).Value = stringArray;
This does two things: first, it stops any sql injection possibilities, which were a problem with your code above. Secondly, it checks the datatype being put into the database *before* the insert is done. This allows you to catch the error before your program crashed because of a database exception.
#2: Isn't necessary, but it is nice to do:
where you do:
Try switching it toQuote:
Code:sqlComm.ExecuteNonQuery();
ExecuteNonQuery returns the number of rows affected, so doing this allows you to verify that something was done before moving on.Code:if (sqlComm.ExecuteNonQuery() == 1)
It is also good to add more than just an SqlException to your try/catch. Obviously you want to cover the specific error, but catching just a general Exception means you can handle any exception, even ones you never thought of, somewhat gracefully. You should still try to make sure exceptions don't happen, and if they do, handle them with their specific exceptions first, otherwise troubleshooting can become a pain.
Then we move into your other class. Once again, you seem to misuse string.Format. There is no point in using it the way you do. I would recommend, once again, to switch it from:
to:Quote:
Code:String.Format(@"Data Source=.\SQLEXPRESS;AttachDbFilename="+ HttpContext.Current.Server.MapPath("~") +@"\App_Data\Database.mdf;Integrated Security=True;User Instance=True");
It is also a good idea, when building a web app, to store your connection string in the web.config, so you don't have to re-compile code to change it.Code:String.Format(@"Data Source=.\SQLEXPRESS;AttachDbFilename={0}\App_Data\Database.mdf;Integrated Security=True;User Instance=True", HttpContext.Current.Server.MapPath("~"));
There are plenty of other things, like your lack of try/catches or catching possible errors, but I think you get the gist. It is a good effort for a first attempt, but I definitely think you should go back and re-write some of the code. Never hurts to keep improving :)
(thumbsup), appreciate the advice man, I definitely need it!
I'm not going to argue with any point. I may have been doing this a while, but no matter what, I will always understand that there are people out there who will try help my progress, and I thank you for that.
I did do a lot of work on this, and it was more of a rush than anything else hey. Looking back (besides that var, as I was definitely in the wrong there - I thought it lead to less ambiguous coding), I can see where I went wrong :P
In the morrow, I will implement your code analogy.
I also want to put this up into an SVN, I believe this, combined with other things I'm working on, could lead to something awesome.
If you would like to help me, I could definitely do with a skilled hand such as yours.
Lastly, thanks again for the advice. I greatly appreciate it.
[EDIT]
Var is used when the object is is declared on both left and right-hand sides of the initialization statement. 'var' can be used on the left hand side, to remove implicid deceleration :)
[EDIT - 2]
Puts @email, and @quote in the DBQuote:
sqlComm.Parameters.Add(new SqlParameter("@email", System.Data.SqlDbType.VarChar, 50)).Value = emailAddr;
sqlComm.Parameters.Add(new SqlParameter("@hash", System.Data.SqlDbType.VarChar, 50)).Value = stringArray;
So why dont you click the like button then?Quote:
Originally Posted by Nemeses
...Just saying
Said (thumbsup), not (like).Quote:
Originally Posted by Hilroy
Thas why.
So what if I remove the thumbs-up part :Quote:
Originally Posted by Nemeses
= thanksQuote:
appreciate the advice man, I definitely need it
The like button is also used to say "THANK YOU".
I feel like the like button is not used anymore and I'm so saddddd about it. Good night.
So, gone are the days where a full length 'thank you' is accepted. No more can a person express their gratitude without someone getting up in arms.
Like != Thank you.
If there was a "I really appreciate this" button, I would of definitely clicked it.
Anyway, he got a thank you that I expressed, that is far greater than simply clicking a button. I feel sorry for you if you don't understand that concept.
Of course. Companies still pay a lot of money for people who can make ASP pages.Quote:
Originally Posted by Lapje
Its a pretty neat system regardless.
Appreciate it Ron. :) I know what you were trying to say, but on the vast amount, I actually needed this for myself, and seeing the call for it was my motivation :)Quote:
Originally Posted by Ron