using System.Net; using MySql.Data.MySqlClient; namespace Server; public class CreateEducation : SecuredRoute { private static void ValidateParams(Dictionary paramsToValidate) { string format = "yyyy-MM-dd"; if ( paramsToValidate["school"].Length > 70 || string.IsNullOrEmpty(paramsToValidate["school"]) || paramsToValidate["degree"].Length > 120 || string.IsNullOrEmpty(paramsToValidate["degree"]) || paramsToValidate["field"].Length > 100 || string.IsNullOrEmpty(paramsToValidate["field"]) || !DateTime.TryParseExact( paramsToValidate["from_date"], format, null, System.Globalization.DateTimeStyles.None, out _ ) || !DateTime.TryParseExact( paramsToValidate["to_date"], format, null, System.Globalization.DateTimeStyles.None, out _ ) || paramsToValidate["description"].Length > 1000 ) { throw new Exception("Wrong parameters"); } } public static void HandleRequest(HttpListenerRequest request, HttpListenerResponse response) { try { List bodyParamNames = [ "school", "degree", "field", "from_date", "to_date", "description", ]; string user_id = ExtractUserId(request); var bodyParamValues = ExtractBody(request, bodyParamNames); ValidateParams(bodyParamValues); bodyParamNames.Add("user_id"); bodyParamValues["user_id"] = user_id; MySqlCommand cmd = new(CreateInsertQuery("education", bodyParamNames)); cmd = AddValuesToCmd(bodyParamValues, cmd); using MySqlConnection conn = new(connectionString); conn.Open(); cmd.Connection = conn; cmd.ExecuteNonQuery(); SendSuccess(response); } catch (Exception ex) { SendError(response, ex); } } }