my aspx code
<%@ Page Title="" Language="C#" MasterPageFile="~/MasterPage.master" AutoEventWireup="true" CodeFile="AddComments.aspx.cs" Inherits="AddComments" EnableEventValidation="false" %>
<asp:Content ID="Content1" ContentPlaceHolderID="head" Runat="Server">
<style type="text/css">
body
{
font-family: Arial;
font-size: 10pt;
}
</style>
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server">
<section id="content">
<div class="content-wrap">
<div class="container clearfix">
<asp:Repeater ID="rptComments" runat="server">
<ItemTemplate>
<table>
<tr>
<td>
<b>Name</b>
</td>
<td style="padding-left: 20px;">
<asp:Label ID="lblName" runat="server" Text='<%# Eval("Name") %>'></asp:Label>
</td>
</tr>
<tr>
<td>
<b>Email</b>
</td>
<td style="padding-left: 20px;">
<asp:Label ID="lblEmail" runat="server" Text='<%# Eval("Email") %>'></asp:Label>
</td>
</tr>
<td>
<b>Comment Body</b>
</td>
<td style="padding-left: 20px;">
<asp:Label ID="lblCommentBody" runat="server" Text='<%# Eval("CommentBody") %>'></asp:Label>
</td>
</table>
</ItemTemplate>
</asp:Repeater>
<hr />
<table>
<tr>
<td>
<b>Name</b>
</td>
<td style="padding-left: 20px;">
<asp:TextBox ID="txtName" runat="server" />
</td>
<td>
<asp:RequiredFieldValidator ID="rfvName" runat="server" Display="Dynamic" ControlToValidate="txtName"
ErrorMessage="Required"></asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td>
<b>Email</b>
</td>
<td style="padding-left: 20px;">
<asp:TextBox ID="txtEmail" runat="server" />
</td>
<td>
<asp:RequiredFieldValidator ID="rfvEmail" runat="server" Display="Dynamic" ControlToValidate="txtEmail"
ErrorMessage="Required"></asp:RequiredFieldValidator>
<asp:RegularExpressionValidator ID="revEmail" runat="server" Display="Dynamic" ControlToValidate="txtEmail"
ErrorMessage="Invalid Email Id" ValidationExpression="\w+([-+.']\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*"></asp:RegularExpressionValidator>
</td>
</tr>
<tr>
<td>
<b>Comment Body</b>
</td>
<td style="padding-left: 20px;">
<asp:TextBox ID="txtCommentBody" TextMode="MultiLine" Height="200" runat="server" />
</td>
<td>
<asp:RequiredFieldValidator ID="rfvCommentBody" runat="server" Display="Dynamic"
ControlToValidate="txtCommentBody" ErrorMessage="Required"></asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td>
</td>
<td style="padding-left: 20px;">
<asp:Button ID="btnAdd" runat="server" OnClick="AddComment" Text="Add Comment" />
</td>
<td>
</td>
</tr>
</table>
</div>
</div>
</section>
</asp:Content>
my aspx.cs code :
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
public partial class AddComments : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!this.IsPostBack)
{
this.PopulateComments();
}
}
protected void AddComment(object sender, EventArgs e)
{
string constr = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
string sqlStatment = "INSERT INTO Comments(Name,Email,CommentBody) values(@Name,@Email,@CommentBody)";
using (SqlConnection con = new SqlConnection(constr))
{
using (SqlCommand cmd = new SqlCommand(sqlStatment, con))
{
con.Open();
cmd.Parameters.AddWithValue("@Name", this.txtName.Text.Trim());
cmd.Parameters.AddWithValue("@Email", this.txtEmail.Text.Trim());
cmd.Parameters.AddWithValue("@CommentBody", txtCommentBody.Text.Trim());
cmd.ExecuteNonQuery();
con.Close();
}
}
Response.Redirect("~/AddComments.aspx");
}
private void PopulateComments()
{
string constr = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
string sqlStatment = "SELECT Name,Email,CommentBody FROM Comments";
using (SqlConnection con = new SqlConnection(constr))
{
using (SqlCommand cmd = new SqlCommand(sqlStatment, con))
{
using (SqlDataAdapter da = new SqlDataAdapter(cmd))
{
DataSet ds = new DataSet();
da.Fill(ds);
this.rptComments.DataSource = ds;
this.rptComments.DataBind();
}
}
}
}
}
my sql :
CREATE TABLE [dbo].[Comments] (
[CommentId] INT IDENTITY (1, 1) NOT NULL,
[CommentBody] NVARCHAR (2000) NOT NULL,
[Name] VARCHAR (30) NOT NULL,
[Email] NVARCHAR (50) NOT NULL,
CONSTRAINT [PK_Comments] PRIMARY KEY CLUSTERED ([CommentId] ASC)
);
everything is normal but I want to do it like this.
I do not want no membership system. Is this a problem for security?
