-1

I am working on this little project and what I have to do is to check if the user input is GUID or not.

I have created this Stored Procedure on SQL and it works pretty fine.

ALTER procedure [dbo].[oid_validation] @oid varchar(max)
as
BEGIN TRY

if  (TRY_CAST(@oid as uniqueidentifier) IS NOT NULL)
begin
 (select select * From Student where oid=@oid)
end
else begin
select 'KO'
end 

end TRY
Begin CATCH
print('error')
end CATCH

On my ASP.NET MVC app on the other hand, I want to show the data that this procedure returns, based on whether the input was GUID or not. So my View is:

 @foreach (DataRow row in Model.Rows)
            {
              
                    <div class="ct1">
                        <h4>Oid: </h4>
                        <h4>Name: </h4>
                        <h4>Lastname: </h4>
                        <h4>Study_Year: </h4>
                        <h4>Birthday: </h4>
                        <h4>City:</h4>
                    </div>
                    <div class="ct2">
                        <h4>@row["oid"]</h4>
                        <h4>@row["Name"]</h4>
                        <h4>@row["Lastname"]</h4>
                        <h4>@row["StudyYear"]</h4>
                        <h4>@row["Birthday"]</h4>
                        <h4>@row["City"]</h4>
                    </div>
                }

This also works fine. By this the users will see the data they wanted, again *based on whether that input was guid or not. Now what I'm trying to do is manipulate something so if the user enters invalid input, to show some text or redirect somewhere else;

Something like this:

if(userinput!=guid)
{
<h4>Your data is invalid, please check your string!</h4>
}
else
{
//foreach(...)
{
<data1>

@<data1>
}
}
Uwe Keim
  • 39,551
  • 56
  • 175
  • 291
Leo Ramadani
  • 223
  • 1
  • 11
  • [`Guid.TryParse`](https://learn.microsoft.com/en-us/dotnet/api/system.guid.tryparse) or [`Guid.TryParseExact`](https://learn.microsoft.com/en-us/dotnet/api/system.guid.tryparseexact)? – Uwe Keim Jul 22 '21 at 07:34
  • What actually is your question? What are you stuck on? – Dale K Jul 22 '21 at 07:34
  • Hi, I am stuck on that if(userinput is not Guid) { show something} else { read the data}. – Leo Ramadani Jul 22 '21 at 07:36
  • Could this be a duplicate of [this one](https://stackoverflow.com/q/6211017/107625)? – Uwe Keim Jul 22 '21 at 07:38
  • 1
    Doesn't seem that SQL Server is involved in the part you need help with? – Dale K Jul 22 '21 at 07:38
  • @DaleK, not really, my stored procedure works fine, at least I think so...as far as it gives the users the data they search for...yes. But I want to handle it when the stored procedure fails. If the user inputs invalid data, then redirect them somewhere else or at least show a message. – Leo Ramadani Jul 22 '21 at 07:47
  • 3
    If `@oid` is meant to contain a `uniqueidentifier` why do you define it as a 2 billion character string? – Thom A Jul 22 '21 at 08:00
  • @larnu because I was testing at first and was not much informed about GUID's and how much characters it will take. Thanks for your advice. – Leo Ramadani Jul 22 '21 at 14:08

2 Answers2

3

I think you are doing your input validation at the wrong level. Your stored procedure should take in a unique identifier and you should be validating the input to your ASP.NET MVC endpoint before doing anything with it.

e.g.

ActionResult SearchStudents(SearchParams searchParams) {
     if (!ModelState.IsValid) ... handle validation errors

     ... Call your stored procedure once valid
}

class SearchParams {
    [Required]
    Guid StudentId { get; set;}
}
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Paddy
  • 33,309
  • 15
  • 79
  • 114
  • Makes sense, but It returns an error to my View saying that : **Column 'oid' does not belong to table** – Leo Ramadani Jul 22 '21 at 07:49
  • This would suggest that your student table doesn't have an oid column. You should try running the sproc directly. – Paddy Jul 22 '21 at 13:42
  • 1
    Yes you're right. But the sproc has *oid* as parameter and that's where things were kind of messy because I had to show the user some data based on his input, which is related with the parameter of sproc. If the userinput/parameter is right, sproc gets executed and the user will get their data, if not...**blank**. Hella messy,right ? haha. But I got it to work thanks to you guys. I appreciate your time and help. – Leo Ramadani Jul 22 '21 at 13:57
0

You could always use Regex to check the input:

//returns true
Regex.IsMatch(Guid.NewGuid().ToString(), @"(?im)^[{(]?[0-9A-F]{8}[-]?(?:[0-9A-F]{4}[-]?){3}[0-9A-F]{12}[)}]?$")

or use the built in function like suggested:

Guid g;

if (Guid.TryParse(Guid.NewGuid().ToString(), out g))
{
    return "Success";
}
Martin Kirk
  • 302
  • 2
  • 13
  • 4
    Why not use the built-in [`Guid.TryParse`](https://learn.microsoft.com/en-us/dotnet/api/system.guid.tryparse) or [`Guid.TryParseExact`](https://learn.microsoft.com/en-us/dotnet/api/system.guid.tryparseexact)? – Uwe Keim Jul 22 '21 at 07:36
  • This actually worked. I have been search everywhere for this answer. Thanks a lot, much appreciated. – Leo Ramadani Jul 22 '21 at 07:59