-1

ASPX Engine

I have a webform with a search button. A user enters the user Id and suppose to populate a table with data.

If a user enters anything other than a Number, a message suppose to come, saying only numbers.
If the user leave the field blank and hit the search button. No results/Class found suppose to be displayed.

The PROBLEM i am having is that no matter what I put in the text field, Data still populate the table.

html

 <div align="center">
    <form id="searchUser" method="post" action="Search">
        <table align="center">
    <tr>
        <td class="label">
            Enter ID:
        </td>
        <td>
            <input type="text" name="UserId" id="UserId" value="<%=(string)(ViewBag.userid)%>" />
        </td>
    </tr>
    <tr>
        <td>
            <button class="searchButton" id="searchButton">Search</button>
        </td>
    </tr>
  </table>
 </form>
   </div>
   <hr /> 

   <% if (ViewBag.searchClass !=null)
     { %>
     <h2>Search Resuls</h2>
     <br />
     <%AAlexUsers.Models.SearchClass searchClassList= ViewBag.searchClass;%>
     <table>
        <tr>
            <td>
                UserID:
            </td>
            <td class="content">
              <%=searchClassList.userId%>
            </td>
        </tr>
        <tr>
            <td>
                Email:
            </td>
            <td class="content">
             <%=searchClassList.email%>
            </td>
        </tr>
    <tr>
        <td>
        Last Four Digits:
        </td>
        <td class="content">
          <%=searchClassList.lastFourdigits%>
         </td>
    </tr>
 </table>

    <%} else %>
 <%{ %>
    <h2>No Class found.</h2>
 <%} %>

Controller

public class HomeController : Controller
{
    public ActionResult Index()
    {
        ViewBag.Message = "Welcome to ASP.NET MVC!";

        return View();
    }

    public ActionResult About()
    {
        return View();
    }

    public ActionResult Search()
    {
        string userId = Request["UserId"];

        bool view = false;

        if (Request["UserId"] == null)
        {
            view = true;
        }
        if (!view)
        {

            AAlexUsers.Models.SearchClass searchClass = new Models.SearchClass();
            {
                searchClass.lastFourdigits = "2222";
                searchClass.userId = userId;
                searchClass.email = "diaz@gmail.com";

                string lastFourdigits = searchClass.lastFourdigits;
                string userIdd = searchClass.userId;
                string email = searchClass.email;

                ViewBag.searchClass = searchClass;
                ViewBag.lastFourdigits = lastFourdigits;
                ViewBag.userId = userIdd;
                ViewBag.email = email;
            }
        }
        return View();
    }
}

Model

public class SearchClass
{
    public string userId { get; set; }
    public string email { get; set; }
    public string lastFourdigits { get; set; }

    public SearchClass()
    {
        userId = "";
        email = "";
        lastFourdigits = "";
    }
}
Yusuf
  • 611
  • 4
  • 9
  • 21

2 Answers2

1

Change this line ...

if (Request["UserId"] == null)

... to this ...

if (string.IsNullOrEmpty(userId))
Mike Perrenoud
  • 66,820
  • 29
  • 157
  • 232
  • is there a way to only allow the input to be numbers? – Yusuf Sep 25 '12 at 13:48
  • @Yusuf, yes, check out this post http://stackoverflow.com/questions/995183/how-to-allow-only-numeric-0-9-in-html-inputbox-using-jquery. Please note you'll need to go download `jQuery` if it's not already part of your solution. – Mike Perrenoud Sep 25 '12 at 13:50
  • okay..im using visual studio 2010. should it already come with it? – Yusuf Sep 25 '12 at 13:52
  • @Yusuf, no `jQuery` is a third party library. This appears to be an ASP.NET MVC project so it's likely already there. Look under your `Scripts` folder. But if you don't see it go to http://jquery.com/ and get the latest version, place it in your solution somewhere, and add a `link` reference to it in your web page. – Mike Perrenoud Sep 25 '12 at 13:54
1

You are checking whether Request["UserId"] is null, but it is never null, because you define it's value as empty string by default even in your model.

Edit: Ok, Mike was faster, but this explains why you need to use IsNullOrEmpty :)

About numeric sanity check:

string Str = Request["UserId"];
double Num;
bool isNum = double.TryParse(Str, out Num);

isNum will be false if your string isn't numeric. I do not have any c# development IDE, but i checked the specs and this should work.

Erik Kaju
  • 3,147
  • 3
  • 19
  • 28
  • One thing to keep in mind also though is in his code he's not reading the value in the `SearchClass` object, he's reading the values posted in the request object. – Mike Perrenoud Sep 25 '12 at 13:48
  • is there a way to only allow the input to be numbers? – Yusuf Sep 25 '12 at 13:48