public static int SaveStaffEnrollmentPage(EnrollmentContentModel ecm) { var strConn = ConfigurationManager.ConnectionStrings["Halfpint"].ToString(); using (var conn = new SqlConnection(strConn)) { try { var cmd = new SqlCommand("", conn) { CommandType = System.Data.CommandType.StoredProcedure, CommandText = ("SaveStaffEnrollmentPage") }; var param = new SqlParameter("@enrollmentContent", ecm.EnrollmentContent); cmd.Parameters.Add(param); param = new SqlParameter("@announcementContent", ecm.AnnouncementContent); cmd.Parameters.Add(param); conn.Open(); cmd.ExecuteNonQuery(); } catch (Exception ex) { Nlogger.LogError(ex); return(0); } } return(1); }
public static EnrollmentContentModel GetEnrollmentContent() { var ecm = new EnrollmentContentModel(); String strConn = ConfigurationManager.ConnectionStrings["Halfpint"].ToString(); SqlDataReader rdr = null; using (var conn = new SqlConnection(strConn)) { try { var cmd = new SqlCommand("", conn) { CommandType = System.Data.CommandType.StoredProcedure, CommandText = ("GetStaffEnrollmentPage") }; conn.Open(); rdr = cmd.ExecuteReader(); while (rdr.Read()) { int pos = rdr.GetOrdinal("Enrollment"); ecm.EnrollmentContent = rdr.GetString(pos); pos = rdr.GetOrdinal("Announcement"); ecm.AnnouncementContent = rdr.GetString(pos); } rdr.Close(); } catch (Exception ex) { Nlogger.LogError(ex); } finally { if (rdr != null) { rdr.Close(); } } } return(ecm); }
public static DTO ValidateInput(EnrollmentContentModel ecm) { string message = ""; var dto = new DTO { ReturnValue = 1 }; string enrollmentContent = ecm.EnrollmentContent.ToLower(); HtmlSanitizer sanitizer = new HtmlSanitizer(); if (!sanitizer.Sanitize(enrollmentContent, out message)) { dto.Message = "Enrollment Content: " + message; dto.ReturnValue = 0; return(dto); } //if (!IsValidContent(enrollmentContent, ref message)) //{ // dto.Message = "Enrollment Content: " + message; // dto.ReturnValue = 0; // return dto; //} string announcementContent = ecm.AnnouncementContent.ToLower(); if (!sanitizer.Sanitize(announcementContent, out message)) { dto.Message = "Announcement Content: " + message; dto.ReturnValue = 0; return(dto); } //if (!IsValidContent(announcementContent, ref message)) //{ // dto.Message = "Announcement Content: " + message; // dto.ReturnValue = 0; // return dto; //} return(dto); }
public ActionResult Save(HttpPostedFileBase file, [Bind(Include = "EnrollmentContent,AnnouncementContent")] EnrollmentContentModel ecm) { if (ModelState.IsValid) { //check for file upload if (file != null && file.ContentLength > 0) { const string fileName = "enrollment.png"; var path = Path.Combine(Server.MapPath("~/Content/Images"), fileName); file.SaveAs(path); } //check for not allowed input DTO dto = DbInform.ValidateInput(ecm); if (dto.ReturnValue == 1) { var iRetval = DbInform.SaveStaffEnrollmentPage(ecm); if (iRetval != 1) { } } else { TempData["message"] = dto.Message; return(RedirectToAction("Error")); } return(RedirectToAction("SaveSuccess")); } else { return(null); } }