top of page
Get a Demo
Get a Free Quote

Razor pages, CRUDE operations simplified

Apr 8, 2024

2 min read

0

5

0


To simplify the process of handling a form submission and database insertion in a Razor Pages application, let's outline the process in straightforward, clear steps. This approach is designed to minimize complexity and focus directly on the essential actions needed to collect data from a form and insert it into a database.


Simplified Step-by-Step Guide


Step 1: Create the Contact Form

In your Razor Page (ContactForm.cshtml), define a simple HTML form for user input:

<form method="post">
    <input type="text" name="Name" placeholder="Name">
    <input type="email" name="Email" placeholder="Email">
    <button type="submit">Submit</button>
</form>

This form collects the user's name and email.


Step 2: Handle the Form Submission

In the code-behind file of your Razor Page (ContactForm.cshtml.cs), you will handle the form submission. Since we're aiming for simplicity, let's focus on the immediate actions needed to process the form and interact with the database.

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages;
using System.Data.SqlClient;
using System.Threading.Tasks;

public class ContactFormModel : PageModel
{
    public async Task<IActionResult> OnPostAsync()
    {
        string name = Request.Form["Name"];
        string email = Request.Form["Email"];

        // Database connection string (Replace with your actual connection string)
        string connectionString = "Server=myServerAddress;Database=myDataBase;User Id=myUsername;Password=myPassword;";

        // SQL Query to insert data
        string query = "INSERT INTO Contacts (Name, Email) VALUES (@Name, @Email)";

        // Opening a connection to the database
        using (var connection = new SqlConnection(connectionString))
        {
            await connection.OpenAsync();
            
            // Creating a command to execute the SQL query
            using (var command = new SqlCommand(query, connection))
            {
                // Adding parameters to prevent SQL injection
                command.Parameters.AddWithValue("@Name", name);
                command.Parameters.AddWithValue("@Email", email);

                // Executing the command
                await command.ExecuteNonQueryAsync();
            }
        }

        // Redirecting to a success page after the operation
        return RedirectToPage("./Success");
    }
}

Key Points:

  • Form Data Retrieval: Directly access form data using Request.Form["FieldName"].

  • Database Connection and Command Execution: Use ADO.NET's SqlConnection and SqlCommand to connect to your database and execute a query. This mirrors the process in Classic ASP but uses .NET's structured approach to managing resources and security.

  • Parameterized Queries: Parameters are added to the SQL command to safely insert user input, preventing SQL injection, which is a crucial security practice.

  • Redirection: After inserting the data, redirect the user to a success page, similar to how you might use Response.Redirect in Classic ASP.



Related Posts

Comments
Share Your ThoughtsBe the first to write a comment.
bg.8b803c47.png

READ OUR LATEST ARTICLES

Post

Welcome to the Intertoons Blog! Discover expert insights, the latest trends, and valuable tips on eCommerce, web development, and digital solutions. Stay informed and ahead in the digital world with our in-depth articles and guides!

5/5 based on 63 reviews | GDPR Compliant

bottom of page