Send and Get parameter in an URL (ASP.net C#)

URL: http://forums.msdn.microsoft.com/en/netfxnetcom/thread/9ec9d046-ca36-4913-9034-b72af425dd20/

private void Send_Record(string id, string name, string age, string gender, string number, string dob)

{

string URL = "http://localhost/web/WebForm1.aspx?username=123&password=123";

string Result;

try

{

URL = (URL + ("&id="

+ (id + ("&name="

+ (name + ("&age="

+ (age + ("&gender="

+ (gender + ("&number="

+ (number + ("&dob=" +dob))))))))))));

textBox1.Text = URL;

//axInet1.URL = URL;

Result = axInet1.OpenURL(URL,0).ToString();

switch (Result)

{

case "0":

listBox1.Items.Add("Record Sent Successfully");

try

{

SqlCommand sqlstr = new SqlCommand();

sqlstr.Connection = sqlConnection1;

if ((sqlConnection1.State == ConnectionState.Closed))

{

sqlConnection1.Open();

}

if ((sqlstr.ExecuteNonQuery() != 0))

{

listBox1.Items.Add("Record Updted in DB");

}

else

{

listBox1.Items.Add("Error Record Updted in DB");

}

}

catch (Exception ex)

{

listBox2.Items.Add((ex.Message + " // Update Record Part"));

}

break;

case "-2":

listBox1.Items.Add(" Error id");

break;

case "-3":

listBox1.Items.Add(" Error name");

break;

case "-4":

listBox1.Items.Add(" Error age");

break;

case "-5":

listBox1.Items.Add(" Error gender");

break;

case "-6":

listBox1.Items.Add(" Error Number");

break;

case "-7":

listBox1.Items.Add(" Error Number");

break;

case "-10":

listBox1.Items.Add(" Error Username or Password");

break;

default:

listBox1.Items.Add("General Error Sending The Record");

listBox1.Items.Add(Result);

break;

}

}

catch (Exception ex)

{

listBox2.Items.Add((ex.Message + (" //Send_Record BLOCK>>" + dss.Tables[0].Rows[Counter]["id"])));

return;

}

}

and this is the code for the webpage

private void Page_Load(object sender, System.EventArgs e)

{

string username = Request.QueryString["username"];

string password = Request.QueryString["password"];

string id = Request.QueryString["id"];

string name = Request.QueryString["name"];

string age = Request.QueryString["age"];

string gender = Request.QueryString["gender"];

string number = Request.QueryString["number"];

string dob = Request.QueryString["dob"];

if (username!="123" && password!="123")

{

Response.Write("-10");

}

else

{

if (valid(id,name,age,gender,number,dob))

{

sqlConnection1.Open();

SqlCommand save = new SqlCommand("INSERT INTO dest (mapid,name,age,gender,number,dob) VALUES('"+id+"','"+name+"','"+age+"','"+gender+"','"+number+"','"+dob+"'",sqlConnection1);

save.ExecuteNonQuery();

SqlCommand updat= new SqlCommand("update source set isread==1 where id= '"+id+"' ",sqlConnection1);

updat.ExecuteNonQuery();

sqlConnection1.Close();

Response.Write("0");

}

}

}

private bool valid(string id, string name, string age, string gender, string number, string dob)

{

if (id =="")

{

Response.Write("-2");

Response.End();

}

if (name =="" || name.Length >50)

{

Response.Write("-3");

Response.End();

}

if (age =="")

{

Response.Write("-4");

Response.End();

}

if (gender.Length>6 || gender.Length<4)

{

Response.Write("-5");

Response.End();

}

if (number =="" || number.Length>20)

{

Response.Write("-6");

Response.End();

}

if (dob =="")

{

Response.Write("-7");

Response.End();

}

return true;

}