public ActionResult Comment()
{
var comment = Request["comment"];
var postid = Int32.Parse(Request["postid"]);
Lab3Postcomments model = new Lab3Postcomments();
if (model.storeComment(postid, comment))
{
return(RedirectToAction("Index", "Lab3"));
}
else
{
ViewBag.message = "Failed to Store Comment";
return(View());
}
}
public ActionResult Comment()
{
var comment = Request["comment"];
var postid = Int32.Parse(Request["postid"]);
// nicht scripttauglich jetzt
comment = comment.Replace("'", String.Empty);
comment = comment.Replace("\"", String.Empty);
Lab3Postcomments model = new Lab3Postcomments();
if (model.storeComment(postid, comment))
{
return(RedirectToAction("Index", "Lab3"));
}
else
{
ViewBag.message = "Failed to Store Comment";
return(View());
}
}
/**
*
* 1. SQL Injection
*
* */
public ActionResult Index()
{
Lab3Postcomments model = new Lab3Postcomments();
return(View(model.getAllData()));
}
