using System.Net; using MySql.Data.MySqlClient; namespace Server; public class CreateProfile : SecuredRoute { public static void HandleRequest(HttpListenerRequest request, HttpListenerResponse response) { try { List bodyParamNames = [ "f_name", "l_name", "company", "website", "location", "github", "status", "bio", "skills", "twitter", "facebook", "youtube", "linkedin", "instagram", ]; string user_id = ExtractUserId(request); var bodyParamValues = ExtractBody(request, bodyParamNames); ValidateParams(bodyParamValues); bodyParamNames.Add("user_id"); bodyParamValues["user_id"] = user_id; MySqlCommand cmd = new(CreateInsertQuery("profile", bodyParamNames)); cmd = AddValuesToCmd(bodyParamValues, cmd); using MySqlConnection conn = new(connectionString); conn.Open(); cmd.Connection = conn; cmd.ExecuteNonQuery(); SendSuccess(response); } catch (Exception ex) { SendError(response, ex); } } private static void ValidateParams(Dictionary paramsToValidate) { if ( paramsToValidate["f_name"].Length > 30 || string.IsNullOrEmpty(paramsToValidate["f_name"]) || paramsToValidate["l_name"].Length > 30 || string.IsNullOrEmpty(paramsToValidate["l_name"]) || paramsToValidate["company"].Length > 70 || string.IsNullOrEmpty(paramsToValidate["company"]) || paramsToValidate["website"].Length > 120 || paramsToValidate["location"].Length > 100 || string.IsNullOrEmpty(paramsToValidate["location"]) || paramsToValidate["skills"].Length > 300 || paramsToValidate["github"].Length > 120 || paramsToValidate["status"].Length > 20 || string.IsNullOrEmpty(paramsToValidate["status"]) || paramsToValidate["bio"].Length > 1000 || paramsToValidate["twitter"].Length > 100 || paramsToValidate["facebook"].Length > 100 || paramsToValidate["youtube"].Length > 100 || paramsToValidate["linkedin"].Length > 100 || paramsToValidate["instagram"].Length > 100 ) { throw new Exception("Wrong parameters"); } } }