locked
Comparing text values after a post back RRS feed

  • Question

  • User1204737998 posted

    Could someone advise me on the best practice to compare two strings after a post please.

    I call an edit page with the following

                        <a href="editmailinglist/@mailinglist.MailingListDef">Edit</a>
    

     I then use this value to get the text from the row in the MailingList table and store it in a variable. I then use the variable to set the value of a text input.

    If the user of the edit page clicks update I need to check to see if this text has changed. If not then I do nothing and redirect back, if it has then I need to check that the new text doesn't already exist.

    What I'm finding is that on the post  back the variable I declare at the top of the page is reset to "".

    What is the best way to persist this value. I've used a hidden input type to store it in but I'm not sure if this is the best way.

    Here's the code

    @{
        Page.Title = "Edit Membership Type";
     
        var membershipTypeID = "";
        var membershipText = "";
        var editMembershipText = "";
        var membershipFee = "";
     
        //get the membership type id passed in the URL
        membershipTypeID = !UrlData[0].IsEmpty() ? UrlData[0] : "0";
     
        var db = Database.Open("DB");
     
        if (IsPost) {
            membershipText  = Request["membershipText"];
            editMembershipText = Request["editMembershipText"];
            membershipFee = Request["membershipFee"];
     
            //Validation
            if (editMembershipText.IsEmpty()) {
                ModelState.AddError("membershipText", "Membership Type cannot be blank");
            }
            
            //compare the membership text that was passed to the form with the edited text
            //if its equal then the user is only editing the membership fee
            //if its not equal then the user has changed the text so a check to see if it already exists is required
            if (!String.Equals(editMembershipText, membershipText)) {
                if (Configuration.MembershipTypeExists(editMembershipText)) {
                    ModelState.AddError("editMembershipText", "Membership Type already exists");
                }        
            }
            //check the currency format
            if (!Validate.IsCurrency(membershipFee)) {
                ModelState.AddError("membershipFee", "You must enter a valid currency format. (00.00 indicates no fee)");
            }
     
            //if no error update the membership type
            if (ModelState.IsValid) {
                var sqlUpdate = "UPDATE MembershipType SET Text = @0, MembershipFee = @1 WHERE MembershipTypeDef = @2";
                db.Execute(sqlUpdate, editMembershipText, membershipFee, membershipTypeID);
                Response.Redirect("~/admin/configuration/membershiptypes/default");
            }
        }
        else {
            var sqlCommand = "SELECT * FROM MembershipType WHERE MembershipTypeDef = @0";
            vmembershipText = db.QuerySingle(sqlCommand, membershipTypeID).Text;
            editMembershipText = membershipText;
            membershipFee = db.QuerySingle(sqlCommand, membershipTypeID).MembershipFee.ToString();
        }
    }
     
    <h2>Edit Membership Type</h2>
    <p><span class="validation-tip">Required fields are indicated with an astrix </span>*</p> 
     
    <form method="post" class="adminForm">
        <fieldset>
            <legend>Edit Membership Type</legend>
            <p>
                @Html.Label("* Membership Type:", "editMembershipText")
                <input type="text" name="editMembershipText" placeholder="" maxlength="50" required tabindex="1" value="@membershipText">
                @Html.ValidationMessage("editMembershipText")
            </p>
            <p>
                @Html.Label("* Membership Fee:", "membershipFee")
                <input type="text" name="membershipFee" placeholder="" maxlength="10" required tabindex="2" value="@membershipFee">
                @Html.ValidationMessage("membershipFee")
            </p>
     
            <p>
                <!--this holds the membership text passed to the form for editing so it can be tested in the post back-->
                <input type="hidden" name="membershipText" value="@membershipText">
            </p>
     
            <p>
                <input type="submit" value="Update" tabindex="3" />
            </p>       
        </fieldset>
    </form>
    <br />


    Sunday, June 30, 2013 5:35 PM

Answers

  • User351203563 posted

    When you say unique I gues its unique for the particular user. If this is so then you can compare the changed (edited) value with the values in the session object.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, July 3, 2013 1:36 AM

All replies

  • User351203563 posted

    In a simple way you can use Session object or Cookie <o:p></o:p>

    Monday, July 1, 2013 2:02 AM
  • User-1980594115 posted

    Sounds like you want to make sure that the posting is secure. 

    First before you go to the form page, save the membershipText:

    @{
    	// Save membershipText
    	Session["membershipText"] = membershipText;
    }

    Then in IsPost move the Session object to your test variable:

        if (IsPost) {
            membershipText  = Session["membershipText"].ToString();
    

     

    If you want to make sure that the form posting was not forged, then add the following:

    if (IsPost) {
    	AntiForgery.Validate();
    	if (Validation.IsValid()) {
                  ......
              }
    }
    
    <form method="post" class="adminForm">
    	@AntiForgery.GetHtml()
              .......
    </form>
    

     

    Monday, July 1, 2013 10:44 AM
  • User1204737998 posted

    Thanks for that, I'll have a look at the Session object

    My problem is that the database table holds Membership Categories. The table has three fields, A unique ID, Text and Fee. if the user chooses to edit this the form give them the option to alter the Text and the Fee. 

    I need to test after the edit that the text is unique in the table as I don't want to end up with two entries with the same text. What I found was that if the user only alters the Fee then the test for the text already existing returned true as it did exist. I needed a way to determine that the text hasn't been changed so I don't test for it already existing.

    Monday, July 1, 2013 4:57 PM
  • User-1980594115 posted

    The use of Session objects are for saving information for that session (usually several web pages need that data) or for security purposes.  Re-reading your post, I would use the hidden Form variables to accomplish your purpose.  So I would feel comfortable with what you are currently doing.

     

    Tuesday, July 2, 2013 9:46 AM
  • User351203563 posted

    When you say unique I gues its unique for the particular user. If this is so then you can compare the changed (edited) value with the values in the session object.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, July 3, 2013 1:36 AM