ASP.NET - ASP.NET (C# Version) check if Zip Code exists. If not, show a message. : Code Entry

Live Editing Disabled for Server-Side Example

HTML

<%@ Page Language="C#" ValidateRequest="false" AutoEventWireup="true" CodeFile="Load.aspx.cs" Inherits="Load" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
        <div>
            <asp:TextBox ID="Zip" runat="server"></asp:TextBox>
            <asp:Button ID="Sub" runat="server" Text="Button" OnClick="Sub_Click" />
        </div>
        <asp:Panel ID="ShowZip" runat="server">
            Zip Code: <asp:Label ID="Zipcode" runat="server"></asp:Label><br />
            City = <asp:Label ID="City" runat="server"></asp:Label><br />
            State = <asp:Label ID="State" runat="server"></asp:Label><br />
            County = <asp:Label ID="County" runat="server"></asp:Label><br />
        </asp:Panel>
    </form>
</body>
</html>

ASP.NET

<configuration>
  <connectionStrings configSource="database.config" />
  <system.web>
    <compilation debug="true" targetFramework="4.7.2" />
    <httpRuntime targetFramework="4.7.2" requestValidationMode="2.0" />
  </system.web>
</configuration>

<?xml version="1.0"?>
<connectionStrings>
  <add name ="Virtual-Learning" connectionString="Data Source=sqlcorecs-01\sql2019;Database=Virtual-Class-01;User ID=testuser;Password=testuser;MultipleActiveResultSets=True"/>
</connectionStrings>

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient; // SQLConnection
using System.Configuration; // ConfigurationManager

public partial class Load : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        ShowZip.Visible = false;
    }

    private string ProtectXSS(string SqlString)
    {
        SqlString = SqlString.Replace("\'", "\'\'");
        //  replace single Quotes with Double Quotes
        SqlString = SqlString.Replace(">", ">");
        //  replace > with >
        SqlString = SqlString.Replace("<", "<");
        //  replace < with <
        SqlString = SqlString.Replace("(", "(");
        //  replace ( with (
        SqlString = SqlString.Replace(")", ")");
        //  replace ) with )
        SqlString = SqlString.Trim();
        return SqlString;
    }

    protected void Sub_Click(object sender, EventArgs e)
    {
        var LessonCon = new SqlConnection();
        SqlCommand LessonCMD = new SqlCommand();
        string ZC = ProtectXSS(Zip.Text);
        LessonCon = new SqlConnection(ConfigurationManager.ConnectionStrings["Virtual-Learning"].ConnectionString);
        LessonCon.Open();

        if  (ZC.All(char.IsDigit)) { 
        SqlCommand getZip = new SqlCommand("select Zip, City, State, County from ZipTable where Zip=@Zip", LessonCon);
        getZip.Parameters.Add(new SqlParameter("@Zip", ZC));
        SqlDataReader rsZip;
        rsZip = getZip.ExecuteReader();
        if (rsZip.Read())
            { 
            ShowZip.Visible = true;
            Zipcode.Text = rsZip["Zip"].ToString();
            City.Text = rsZip["City"].ToString();
            State.Text = rsZip["State"].ToString();
            County.Text = rsZip["County"].ToString();
            }
        else
            try
            {
            LessonCMD.ExecuteNonQuery();
            }
        catch (Exception ex)
                {
                Response.Write("Sorry, there seems to be an issue. Please try entering the Zip Code the proper way and try again.");
                }
            finally

            { 
        rsZip.Close();
        LessonCon.Close();
            }
        }
        else 
        { 
        Response.Write(ZC + "Not a valid number, please enter a Zip Code.");
        }
    }
}

Preview

About Company

Top Viewed Articles