-1

i use c# and asp.net , when the user create new account will enter email and national id as primary key then if user click (VIRIFY ME) button ,the program will store this info in sql server , and send email msg to the user , but my problem it when the user click on varify me button more than one it will print (email is already exist)

   protected void Button1_Click2(object sender, EventArgs e)
{



    LabelErrorMSG.Text = "";
    String email = emailtextbox0.Text.Trim();
    String notionalID = textbox_National_ID.Text.Trim();


    try
    {
        if (notionalID != "" && email != "" && counter==1)
        {
            // insert notional ID and email into database 
            getdataobj.PageSignUpInsert(notionalID, email);

            /////////////////////////////////////////////////////////////////////
            conn.Open();

            //Generate Verification Code
            String code = getdataobj.GetRandomNumber().ToString();

            // Set Verification Code in database
            SqlCommand comm = new SqlCommand("UPDATE trained SET VerificationCode='" + code + "' where NationalID='" + notionalID + "'", conn);
            comm.ExecuteNonQuery();
            conn.Close();

            //Send Email to the user with Verification Code
            SmtpClient smtpClient = new SmtpClient();
            MailMessage mailMessage = new MailMessage("saudiasummertraining@gmail.com", email, "", "");
            mailMessage.To.Add(new MailAddress(email));
            mailMessage.Subject = "Saudia Summer Traning";
            mailMessage.Body = code;
            smtpClient.EnableSsl = true;
            smtpClient.Send(mailMessage);

            Panel1.Visible = true;
        }
        else
        {
            LabelErrorMSG.Text = "you must insert national ID and email ";
        }
     ////////////////////////////////////////////////////////////////////
    }

    catch (SqlException ex)
    {
        if (ex.Number == 2627)
        {
            if (ex.Message.Contains("UNIQUE"))
            {

                ///error msg regarding Unique key violation.
                LabelErrorMSG.Text = "The email already exist ";
            }
            if (ex.Message.Contains("PRIMARY"))
            {
                //error msg regarding Primary key violation.
                LabelErrorMSG.Text = "The national ID already exist ";
            }

        }
    }

}
manal
  • 13
  • 1
  • 1
  • 3
  • please add full exception information (error text, call stack) to the question. and OBTW, the code is not safe for scripting, assuming that `notionalID` is user input. – Cee McSharpface Aug 14 '17 at 07:37
  • 1
    Have you ever heard of [Sql Injection](https://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work)? Your code is vulnerable to this attack – Steve Aug 14 '17 at 07:37
  • You just described what your program does.What is the problem? What do you _want_ to happen when the user clicks the button again? – oerkelens Aug 14 '17 at 07:37
  • is the verification code part of a unique constraint in the `trained` table? is your `GetRandomNumber()` function based on system clock without the milliseconds? – Cee McSharpface Aug 14 '17 at 07:40

2 Answers2

0

When you want the user to can click the verification-button multible times, then you have to insert the Emai-Address only once because you set it to Unique. You can check if the Email is already inserted, before you try to insert it. That should prevent this Error.

Nikolaus
  • 1,859
  • 1
  • 10
  • 16
0

When the user will click on Verify me Button once conn.Open() will execute then the update process will continue and then conn.Close() will execute accordingly.

And When user will Click verify me button more than once conn.Open() will continue to execute multiple times and will update the process and wont execute conn.Close() method, hence it will throw an exception.

Solution is Once user will click Verify me Button it should only be enabled again when user will verify email.

Niraj Rajpurohit
  • 36
  • 5