1

i have created a captcha function in my "contact us" page where the end user needs to verify the captcha given before he/she is able to send a message to us. The captcha validation is correct - meaning, it reads the captcha whether it is correct or not. Now the problem is that when i try to click on the submit button and pretend to type the wrong captcha, the message still goes through although it shows "invalid captcha". any trick on this?

Here is my contact.aspx specifically the submit button and the captcha:

<asp:TextBox ID="txtCaptcha" runat="server" placeholder="Enter captcha"></asp:TextBox>

<cc1:CaptchaControl ID="Captcha1" runat="server" CaptchaBackgroundNoise="Low" CaptchaLength="5"
        CaptchaHeight="60" CaptchaWidth="300" CaptchaMinTimeout="5" CaptchaMaxTimeout="240"
        FontColor="#D20B0C" NoiseColor="#B1B1B1" />

<asp:CustomValidator ID="CustomValidator1" ErrorMessage="Invalid. Please try again." OnServerValidate="ValidateCaptcha"
        runat="server" />

        <asp:RequiredFieldValidator ID="RequiredFieldValidator3" runat="server" 
                                        ErrorMessage="Captcha is required." Display="Dynamic" ControlToValidate="txtCaptcha" 
                                        ForeColor="Red"></asp:RequiredFieldValidator>

here is the submit button:

<asp:Button ID="Button1" runat="server" Text="Sumbit" 
                                class="btn btn-primary btn-lg" onclick="Button1_Click"/>

and the contact the aspx.cs

protected void Button1_Click(object sender, EventArgs e)
    {
        try
        {
            SqlConnection conn = new SqlConnection("Data Source = 'PAULO'; Initial Catalog=ShoppingCartDB;Integrated Security =True");
            conn.Open();
            string insertQuery = "insert into UserMessage(FirstName,LastName,EmailAddress,Phone,Message)values(@FirstName,@LastName,@EmailAddress,@Phone,@Message)";
            SqlCommand scm = new SqlCommand(insertQuery, conn);
            scm.Parameters.AddWithValue("@FirstName", txtboxFN.Text);
            scm.Parameters.AddWithValue("@LastName", txtboxLN.Text);
            scm.Parameters.AddWithValue("@EmailAddress", txtboxAddress.Text);
            scm.Parameters.AddWithValue("@Phone", txtPhone.Text);
            scm.Parameters.AddWithValue("@Message", txtMessage.Text);

            scm.ExecuteNonQuery();
            Label1.Text = "Message Sent Successfully";
            conn.Close();
        }
        catch (Exception ex)
        {
            Response.Write("Error:" + ex.ToString());
        }
    }
    protected void ValidateCaptcha(object sender, ServerValidateEventArgs e)
    {
        Captcha1.ValidateCaptcha(txtCaptcha.Text.Trim());
        e.IsValid = Captcha1.UserValidated;
        if (e.IsValid)
        {
            ClientScript.RegisterStartupScript(this.GetType(), "alert", "alert('Valid Captcha!');", true);
        }
    }
Paolo Duhaylungsod
  • 487
  • 1
  • 7
  • 25
  • 1
    You can put `if (Page.IsValid)` in `Button1_Click` for at least not inserting values if page is not valid. – Bikee Apr 10 '16 at 09:12

0 Answers0