using System.Net; using MySql.Data.MySqlClient; namespace Server; public class CreateExperience : SecuredRoute { public static void HandleRequest(HttpListenerRequest request, HttpListenerResponse response) { try { List bodyParamNames = [ "job", "company", "location", "from_date", "to_date", "description", ]; string user_id = ExtractUserId(request); var bodyParamValues = ExtractBody(request, bodyParamNames); ValidateParams(bodyParamValues); bodyParamNames.Add("user_id"); bodyParamValues["user_id"] = user_id; MySqlCommand cmd = new(CreateInsertQuery("experience", bodyParamNames)); cmd = AddValuesToCmd(bodyParamValues, cmd); using MySqlConnection conn = new(connectionString); conn.Open(); cmd.Connection = conn; cmd.ExecuteNonQuery(); SendSuccess(response); } catch (Exception ex) { SendError(response, ex); } } private static void ValidateParams(Dictionary paramsToValidate) { string format = "yyyy-MM-dd"; if ( paramsToValidate["job"].Length > 70 || string.IsNullOrEmpty(paramsToValidate["job"]) || paramsToValidate["company"].Length > 120 || string.IsNullOrEmpty(paramsToValidate["company"]) || paramsToValidate["location"].Length > 100 || string.IsNullOrEmpty(paramsToValidate["location"]) || !DateTime.TryParseExact( paramsToValidate["from_date"], format, null, System.Globalization.DateTimeStyles.None, out _ ) || !DateTime.TryParseExact( paramsToValidate["to_date"], format, null, System.Globalization.DateTimeStyles.None, out _ ) || paramsToValidate["description"].Length > 1000 ) { throw new Exception("Wrong parameters"); } } }