protected void ReviewGrid_Delete(object sender, GridViewDeleteEventArgs e) { string merchId = FooStringHelper.RemoveInvalidChars(merchView.SelectedValue.ToString()); if (!FooStringHelper.IsValidAlphanumeric(merchId, 16)) { errorLabel.Text = "Invalid request."; Reset_Page(string.Empty); return; } try { if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value)) { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand { CommandText = "DELETE FROM reviews WHERE reviewid= @REVIEWID", CommandType = CommandType.Text, Connection = conn }; var param = new NpgsqlParameter { ParameterName = "@REVIEWID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = FooStringHelper.RemoveInvalidChars( reviewGrid.DataKeys[e.RowIndex].Values[0].ToString()) }; cmd.Parameters.Add(param); cmd.ExecuteNonQuery(); } } else { errorLabel.Text = "Invalid request."; } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } Reset_Page(merchId); }
protected void Page_Load(object sender, EventArgs e) { string catId = Request.QueryString["id"]; if (FooStringHelper.IsValidAlphanumeric(catId, 16)) { Load_Forms(catId); } else { errorLabel.Text = "Invalid category."; } }
protected void Page_Load(object sender, EventArgs e) { string userId = FooStringHelper.RemoveInvalidChars(Request.QueryString["id"]); if (FooStringHelper.IsValidAlphanumeric(userId, 16)) { Load_Forms(userId); } else { errorLabel.Text = "Invalid user."; } }
protected void Load_Forms() { string userId = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current).UserId; if (!FooStringHelper.IsValidAlphanumeric(userId, 16)) { errorLabel.Text = "Invalid request."; return; } try { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT userid, useralias, email, address, city, country, profilebody, profileimg FROM users WHERE userid= @USERID", conn); var idParam = new NpgsqlParameter { ParameterName = "@USERID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = FooStringHelper.RemoveInvalidChars(userId) }; cmd.Parameters.Add(idParam); using (NpgsqlDataReader dr = cmd.ExecuteReader()) { userView.DataSource = dr; userView.DataBind(); } } errorLabel.Text = ""; } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } }
protected void Page_Load(object sender, EventArgs e) { if (HttpContext.Current.User.Identity.IsAuthenticated) { formPanel.Visible = false; errorPanel.Visible = true; errorLabel.Text = "Please log out first, or reset your password in the <a href=\"edit_profile.aspx\">profile editor</a>."; } if (Page.IsPostBack) { return; } RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current); string resetId = Request.QueryString["id"]; string token = Request.QueryString["token"]; if (FooStringHelper.IsValidAlphanumeric(resetId, 16) && FooStringHelper.IsValidAlphanumeric(token, 24)) { string resetAccount = GetAccountForReset(resetId, token); if (!String.IsNullOrEmpty(resetAccount)) { formPanel.Visible = true; } else { errorPanel.Visible = true; errorLabel.Text = "Invalid request."; } } else { errorPanel.Visible = true; errorLabel.Text = "Invalid request."; } }
protected void Page_Load(object sender, EventArgs e) { if (IsPostBack) { return; } string merchId = Request.QueryString["id"]; if (FooStringHelper.IsValidAlphanumeric(merchId, 16)) { RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current); Load_Forms(merchId); } else { errorLabel.Text = "Invalid item."; } }
public static bool IsValidRequest(HttpContext context, string formValue) { string cookieName = ConfigurationManager.AppSettings["CSRF Cookie Name"]; HttpCookie httpCookie = context.Request.Cookies[cookieName]; if (httpCookie != null) { string userToken = FooCryptHelper.MachineDecrypt(httpCookie.Value); if (!FooStringHelper.IsValidAlphanumeric(userToken, 24) || !FooStringHelper.IsValidAlphanumeric(formValue, 24)) { return(false); } return(userToken == formValue); } return(false); }
protected void MerchGrid_SelectedIndexChanged(object sender, EventArgs e) { try { string merchId = merchGrid.Rows[merchGrid.SelectedIndex].Cells[0].Text; if (!FooStringHelper.IsValidAlphanumeric(merchId, 16)) { errorLabel.Text = "Invalid request."; Reset_Page(string.Empty); return; } Load_Forms(merchId); } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } }
protected void submitButton_Click(object sender, EventArgs e) { string reviewBody = reviewText.Text; string userId = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current).UserId; string merchId = Request.QueryString["id"]; if (string.IsNullOrEmpty(reviewBody)) { RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current); reviewErrorLabel.Text = "Incomplete input."; return; } if (!FooStringHelper.IsValidAlphanumeric(merchId, 16)) { RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current); reviewErrorLabel.Text = "Invalid input."; return; } try { if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value)) { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand { CommandText = "INSERT INTO reviews(reviewid, reviewtime, userid, merchid, reviewbody) VALUES (@REVIEWID, @REVIEWTIME, @USERID, @MERCHID, @REVIEWBODY)", CommandType = CommandType.Text, Connection = conn }; var idParam = new NpgsqlParameter { ParameterName = "@REVIEWID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = FooStringHelper.RandomString(16) }; cmd.Parameters.Add(idParam); var timeParam = new NpgsqlParameter { ParameterName = "@REVIEWTIME", NpgsqlDbType = NpgsqlDbType.Timestamp, Size = 32, Direction = ParameterDirection.Input, Value = DateTime.Now }; cmd.Parameters.Add(timeParam); var userParam = new NpgsqlParameter { ParameterName = "@USERID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = FooStringHelper.RemoveInvalidChars(userId) }; cmd.Parameters.Add(userParam); var merchParam = new NpgsqlParameter { ParameterName = "@MERCHID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = merchId }; cmd.Parameters.Add(merchParam); var bodyParam = new NpgsqlParameter { ParameterName = "@REVIEWBODY", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 1024, Direction = ParameterDirection.Input, Value = reviewBody }; cmd.Parameters.Add(bodyParam); cmd.ExecuteNonQuery(); cmd.Dispose(); reviewErrorLabel.Text = ""; reviewText.Text = ""; } } else { errorLabel.Text = "Invalid request."; } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); reviewErrorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current); Load_Forms(merchId); }
protected void UserView_ItemUpdating(object sender, DetailsViewUpdateEventArgs e) { UserObject userObj = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current); string userId = userObj.UserId; string userName = userObj.Username; if (!FooStringHelper.IsValidAlphanumeric(userId, 16)) { errorLabel.Text = "Invalid request."; Reset_Page(); return; } var txtUserAlias = (TextBox)userView.FindControl("txtUserAlias"); var txtUserEmail = (TextBox)userView.FindControl("txtUserEmail"); var txtUserAddress = (TextBox)userView.FindControl("txtUserAddress"); var txtUserCity = (TextBox)userView.FindControl("txtUserCity"); var txtUserCountry = (TextBox)userView.FindControl("txtUserCountry"); var txtUserBody = (TextBox)userView.FindControl("txtUserBody"); var imageUploadForm = (FileUpload)userView.FindControl("imageUploadForm"); if (!string.IsNullOrEmpty(txtUserAlias.Text) && !string.IsNullOrEmpty(txtUserEmail.Text) && !string.IsNullOrEmpty(txtUserAddress.Text) && !string.IsNullOrEmpty(txtUserCity.Text) && !string.IsNullOrEmpty(txtUserCountry.Text) && !string.IsNullOrEmpty(txtUserBody.Text) && !string.IsNullOrEmpty(txtUserEmail.Text) && FooStringHelper.IsValidEmailAddress(txtUserEmail.Text) && !FooEmailHelper.CheckIfEmailExists(txtUserEmail.Text, userName)) { try { if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value)) { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand { CommandText = "UPDATE users SET (useralias, email, address, city, country, profilebody) = (@USERALIAS, @EMAIL, @ADDRESS, @CITY, @COUNTRY, @PROFILEBODY) WHERE userid= @USERID", CommandType = CommandType.Text, Connection = conn }; var idParam = new NpgsqlParameter { ParameterName = "@USERID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = FooStringHelper.RemoveInvalidChars(userId) }; cmd.Parameters.Add(idParam); var aliasParam = new NpgsqlParameter { ParameterName = "@USERALIAS", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 32, Direction = ParameterDirection.Input, Value = txtUserAlias.Text }; cmd.Parameters.Add(aliasParam); var emailParam = new NpgsqlParameter { ParameterName = "@EMAIL", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 64, Direction = ParameterDirection.Input, Value = txtUserEmail.Text }; cmd.Parameters.Add(emailParam); var addressParam = new NpgsqlParameter { ParameterName = "@ADDRESS", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 128, Direction = ParameterDirection.Input, Value = txtUserAddress.Text }; cmd.Parameters.Add(addressParam); var cityParam = new NpgsqlParameter { ParameterName = "@CITY", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 32, Direction = ParameterDirection.Input, Value = txtUserCity.Text }; cmd.Parameters.Add(cityParam); var countryParam = new NpgsqlParameter { ParameterName = "@COUNTRY", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 32, Direction = ParameterDirection.Input, Value = txtUserCountry.Text }; cmd.Parameters.Add(countryParam); var bodyParam = new NpgsqlParameter { ParameterName = "@PROFILEBODY", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 1024, Direction = ParameterDirection.Input, Value = txtUserBody.Text }; cmd.Parameters.Add(bodyParam); cmd.ExecuteNonQuery(); cmd.Dispose(); } if (imageUploadForm.HasFile) { string path = HttpContext.Current.Server.MapPath("~/uploads"); if (!Directory.Exists(path)) { Directory.CreateDirectory(path); } HttpPostedFile file = HttpContext.Current.Request.Files[0]; if (file.ContentLength < 2097152) { string fileName; if (HttpContext.Current.Request.Browser.Browser.ToUpper() == "IE") { string[] files = file.FileName.Split(new[] { '\\' }); fileName = files[files.Length - 1]; } else { fileName = file.FileName; } fileName = FooStringHelper.RandomFileName(fileName); string filePath = Path.Combine(path, fileName); try { file.SaveAs(filePath); Insert_NewImage(fileName, userId); Reset_Page(); } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Upload failed."; } } else { errorLabel.Text = "Invalid file."; } } } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } } else { errorLabel.Text = "Incomplete or invalid input."; } Reset_Page(); }
protected void MerchView_Databound(object sender, EventArgs e) { if (merchView.CurrentMode == DetailsViewMode.ReadOnly && merchView.Rows.Count > 1) { var merchEnabledLabel = (Label)merchView.FindControl("merchEnabledLabel"); using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT merchenabled FROM merchandise WHERE merchid= @MERCHID", conn); var idParam = new NpgsqlParameter { ParameterName = "@MERCHID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = FooStringHelper.RemoveInvalidChars(merchView.SelectedValue.ToString()) }; cmd.Parameters.Add(idParam); bool postEnabled = Convert.ToBoolean(cmd.ExecuteScalar()); merchEnabledLabel.Text = postEnabled ? "Yes" : "No"; } } else { var merchEnabledCheckbox = (CheckBox)merchView.FindControl("merchEnabledCheckbox"); try { if (merchView.CurrentMode == DetailsViewMode.Edit) { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT merchenabled FROM merchandise WHERE merchid= @MERCHID", conn); var idParam = new NpgsqlParameter { ParameterName = "@MERCHID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = FooStringHelper.RemoveInvalidChars(merchView.SelectedValue.ToString()) }; cmd.Parameters.Add(idParam); NpgsqlDataReader dr = cmd.ExecuteReader(); while (dr.Read()) { merchEnabledCheckbox.Checked = Convert.ToBoolean(dr["merchenabled"]); } dr.Close(); } } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); string merchId = merchView.SelectedValue.ToString(); if (!FooStringHelper.IsValidAlphanumeric(merchId, 16)) { errorLabel.Text = "Invalid request."; Reset_Page(string.Empty); return; } Reset_Page(merchId); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } } }
protected void Load_Forms(string merchId) { if (merchId != string.Empty && !FooStringHelper.IsValidAlphanumeric(merchId, 16)) { errorLabel.Text = "Invalid request."; return; } try { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand(); if (String.IsNullOrEmpty(merchId)) { cmd.CommandText = "SELECT merchid, merchname, merchbrief, merchbody, merchprice, merchimg, merchenabled FROM merchandise ORDER BY merchid DESC LIMIT 1"; cmd.Connection = conn; } else { cmd.CommandText = "SELECT merchid, merchname, merchbrief, merchbody, merchprice, merchimg, merchenabled FROM merchandise WHERE merchid= @MERCHID"; cmd.Connection = conn; var idParam = new NpgsqlParameter { ParameterName = "@MERCHID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = merchId }; cmd.Parameters.Add(idParam); } var da = new NpgsqlDataAdapter(cmd); var ds = new DataSet(); da.Fill(ds); merchView.DataSource = ds; merchView.DataBind(); } using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT merchid, merchname FROM merchandise", conn); var da = new NpgsqlDataAdapter(cmd); var ds = new DataSet(); da.Fill(ds); merchGrid.DataSource = ds; merchGrid.DataBind(); } using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT T1.reviewid, T1.reviewtime, T1.userid, T1.merchid, T1.reviewbody, T2.userid, T2.useralias, T3.merchid, T3.merchname FROM reviews AS T1 LEFT OUTER JOIN users AS T2 ON T1.userid = T2.userid LEFT OUTER JOIN merchandise AS T3 ON T1.merchid = T3.merchid", conn); var da = new NpgsqlDataAdapter(cmd); var ds = new DataSet(); da.Fill(ds); reviewGrid.DataSource = ds; reviewGrid.DataBind(); } errorLabel.Text = ""; } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } }
protected void MerchView_ItemUpdating(object sender, DetailsViewUpdateEventArgs e) { string merchId = merchView.SelectedValue.ToString(); if (!FooStringHelper.IsValidAlphanumeric(merchId, 16)) { errorLabel.Text = "Invalid request."; Reset_Page(string.Empty); return; } var txtMerchName = (TextBox)merchView.FindControl("txtMerchName"); var txtMerchPrice = (TextBox)merchView.FindControl("txtMerchPrice"); var txtMerchBrief = (TextBox)merchView.FindControl("txtMerchBrief"); var txtMerchBody = (TextBox)merchView.FindControl("txtMerchBody"); var imageUploadForm = (FileUpload)merchView.FindControl("imageUploadForm"); var merchEnabledCheckbox = (CheckBox)merchView.FindControl("merchEnabledCheckbox"); if (!string.IsNullOrEmpty(txtMerchName.Text) && !string.IsNullOrEmpty(txtMerchPrice.Text) && FooStringHelper.IsValidPrice(txtMerchPrice.Text) && !string.IsNullOrEmpty(txtMerchBrief.Text) && !string.IsNullOrEmpty(txtMerchBody.Text)) { try { if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value)) { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand { CommandText = "UPDATE merchandise SET (merchname, merchprice, merchbrief, merchbody, merchenabled) = (@MERCHNAME, @MERCHPRICE, @MERCHBRIEF, @MERCHBODY, @MERCHENABLED) WHERE merchid= @MERCHID", CommandType = CommandType.Text, Connection = conn }; var idParam = new NpgsqlParameter { ParameterName = "@MERCHID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = merchId }; cmd.Parameters.Add(idParam); var nameParam = new NpgsqlParameter { ParameterName = "@MERCHNAME", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 64, Direction = ParameterDirection.Input, Value = txtMerchName.Text }; cmd.Parameters.Add(nameParam); var priceParam = new NpgsqlParameter { ParameterName = "@MERCHPRICE", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 8, Direction = ParameterDirection.Input, Value = txtMerchPrice.Text }; cmd.Parameters.Add(priceParam); var briefParam = new NpgsqlParameter { ParameterName = "@MERCHBRIEF", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 1024, Direction = ParameterDirection.Input, Value = txtMerchBrief.Text }; cmd.Parameters.Add(briefParam); var bodyParam = new NpgsqlParameter { ParameterName = "@MERCHBODY", NpgsqlDbType = NpgsqlDbType.Varchar, Direction = ParameterDirection.Input, Value = txtMerchBody.Text }; cmd.Parameters.Add(bodyParam); var enabledParam = new NpgsqlParameter { ParameterName = "@MERCHENABLED", NpgsqlDbType = NpgsqlDbType.Boolean, Direction = ParameterDirection.Input, Value = merchEnabledCheckbox.Checked }; cmd.Parameters.Add(enabledParam); cmd.ExecuteNonQuery(); cmd.Dispose(); } if (imageUploadForm.HasFile) { HttpPostedFile file = HttpContext.Current.Request.Files[0]; Insert_NewImage(merchId, file); } } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } } else { errorLabel.Text = "Incomplete or invalid input."; } Reset_Page(merchId); }
protected void GridView_Update(object sender, GridViewUpdateEventArgs e) { string userId = userGrid.DataKeys[e.RowIndex].Values[0].ToString(); if (!FooStringHelper.IsValidAlphanumeric(userId, 16)) { errorLabel.Text = "Invalid request."; Reset_Page(); return; } var txtUserName = (TextBox)userGrid.Rows[e.RowIndex].FindControl("txtUserName"); var txtUserAlias = (TextBox)userGrid.Rows[e.RowIndex].FindControl("txtUserAlias"); var txtEmail = (TextBox)userGrid.Rows[e.RowIndex].FindControl("txtEmail"); var groupDropdown = (DropDownList)userGrid.Rows[e.RowIndex].FindControl("groupDropdown"); if (!string.IsNullOrEmpty(txtUserName.Text) && !string.IsNullOrEmpty(txtUserAlias.Text) && !string.IsNullOrEmpty(txtEmail.Text) && FooStringHelper.IsValidEmailAddress(txtEmail.Text)) { try { if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value)) { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand { CommandText = "UPDATE users SET (username, useralias, groupid, email) = (@NAME, @USERALIAS, @GROUP, @EMAIL) WHERE userID= @USERID", CommandType = CommandType.Text, Connection = conn }; var param = new NpgsqlParameter { ParameterName = "@USERID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = userId }; cmd.Parameters.Add(param); var nameParam = new NpgsqlParameter { ParameterName = "@USERNAME", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 32, Direction = ParameterDirection.Input, Value = txtUserName.Text }; cmd.Parameters.Add(nameParam); var dispParam = new NpgsqlParameter { ParameterName = "@USERALIAS", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 32, Direction = ParameterDirection.Input, Value = txtUserAlias.Text }; cmd.Parameters.Add(dispParam); var emailParam = new NpgsqlParameter { ParameterName = "@EMAIL", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 64, Direction = ParameterDirection.Input, Value = txtEmail.Text }; cmd.Parameters.Add(emailParam); var groupParam = new NpgsqlParameter { ParameterName = "@GROUP", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = groupDropdown.SelectedValue }; cmd.Parameters.Add(groupParam); cmd.ExecuteNonQuery(); } } else { errorLabel.Text = "Invalid request."; } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } } else { errorLabel.Text = "Incomplete or invalid input."; } Reset_Page(); }