Exemple #1
0
        public ActionResult Comment()
        {
            var comment = Request["comment"];
            var postid  = Int32.Parse(Request["postid"]);

            Lab3Postcomments model = new Lab3Postcomments();

            if (model.storeComment(postid, comment))
            {
                return(RedirectToAction("Index", "Lab3"));
            }
            else
            {
                ViewBag.message = "Failed to Store Comment";
                return(View());
            }
        }
Exemple #2
0
        public ActionResult Comment()
        {
            var comment = Request["comment"];
            var postid  = Int32.Parse(Request["postid"]);

            // nicht scripttauglich jetzt
            comment = comment.Replace("'", String.Empty);
            comment = comment.Replace("\"", String.Empty);

            Lab3Postcomments model = new Lab3Postcomments();

            if (model.storeComment(postid, comment))
            {
                return(RedirectToAction("Index", "Lab3"));
            }
            else
            {
                ViewBag.message = "Failed to Store Comment";
                return(View());
            }
        }
Exemple #3
0
        /**
         *
         * 1. SQL Injection
         *
         * */

        public ActionResult Index()
        {
            Lab3Postcomments model = new Lab3Postcomments();

            return(View(model.getAllData()));
        }