if (con.State == ConnectionState.Open)
            con.Close();
        con.Open();
        SqlCommand c = new SqlCommand("select word,category from unwanted", con);
        //SqlCommand c = new SqlCommand("select word,category from unwanted where word ='"+txtWhatsOnYourHeart.Text+"' ", con);
        SqlDataReader r = c.ExecuteReader();

       // if (r.Read())
        while(r.Read())
        {

            al.Add(r[0].ToString());
            //a = r[0].ToString();
            b = r[1].ToString();
        }

        a = txtWhatsOnYourHeart.Text;
        int cnt=0;
foreach(string i in al)
{
    if(txtWhatsOnYourHeart.Text.Contains(i))
    {
        cnt++;
        //a = int.Parse(cnt.ToString());

     }
}
        if(cnt==0)
        {
            if (con.State == ConnectionState.Open)
                con.Close();
            string PostDate = DateTime.Now.ToLongDateString();
            con.Open();
            string InsertPostquery = "Insert into posts (Post,FromId,ToId,PostDate)values('" + txtWhatsOnYourHeart.Text + "','" + Session["name"].ToString() + "','" + Convert.ToInt32(Session["CurrentProfileId"]) + "','" + PostDate + "')";
            cmd = new SqlCommand(InsertPostquery, con);
            cmd.ExecuteNonQuery();
            //Database.InsertData(InsertPostquery);

            LatestUpdates();
            txtWhatsOnYourHeart.Text = string.Empty;
            Response.Write("<script>alert('Message posted successfully' )</script>");
            con.Close();

            // Response.Write("ddddd");
        }

        else
        {
            if (con.State == ConnectionState.Open)
                con.Close();
            con.Open();
            SqlCommand h = new SqlCommand("insert into message values('" + Session["name"].ToString() + "','" + a + "','" + b + "')", con);
            h.ExecuteNonQuery();
            Response.Write("<script>alert('Blocked post')</script>");
            con.Close();

            con.Open();
            cmd = new SqlCommand("select name, emailid from register where name='" + Session["name"].ToString() + "'", con);
            dr = cmd.ExecuteReader();
            if (dr.Read())
            {
                Session["id"] = dr[1].ToString();
                Session["name"] = dr[0].ToString();
            }
            String m = Session["id"].ToString();
            String n = Session["name"].ToString();
            sendmail(a, n, b, m);
            con.Close();
            //Response.Write("aaaa");

        }

        con.Close();
        public bool TestAlgorithm(string Data)
        {
            String[] vWords = System.IO.File.ReadAllLines(Application.StartupPath + "\\VulnerableWords.txt");
            foreach (string vulrenableWord in vWords)
            {
                if (Data.Contains(vulrenableWord) && !String.IsNullOrEmpty(vulrenableWord.Trim()) )
                    return true;
            }
            return false;
        }





            bool Block=TestAlgorithm(txtWhatsOnYourHeart.Text);
            a = txtWhatsOnYourHeart.Text;
            if (!Block)
            {
                if (con.State == ConnectionState.Open)
                    con.Close();
                string PostDate = DateTime.Now.ToLongDateString();
                con.Open();
                string InsertPostquery = "Insert into posts (Post,FromId,ToId,PostDate)values('" + txtWhatsOnYourHeart.Text + "','" + Session["name"].ToString() + "','" + Convert.ToInt32(Session["CurrentProfileId"]) + "','" + PostDate + "')";
                cmd = new SqlCommand(InsertPostquery, con);
                cmd.ExecuteNonQuery();
                //Database.InsertData(InsertPostquery);
                LatestUpdates();
                txtWhatsOnYourHeart.Text = string.Empty;
                Response.Write("<script>alert('Message posted successfully' )</script>");
                con.Close();
            }

            else
            {
                if (con.State == ConnectionState.Open)
                    con.Close();
                con.Open();
                SqlCommand cmd = new SqlCommand("insert into message values('" + Session["name"].ToString() + "','" + a + "','" + b + "')", con);
                cmd.ExecuteNonQuery();
                Response.Write("<script>alert('Post Blocked')</script>");
                cmd = new SqlCommand("select name, emailid from register where name='" + Session["name"].ToString() + "'", con);
                dr = cmd.ExecuteReader();
                if (dr.Read())
                {
                    Session["name"] = dr[0].ToString();
                    Session["id"] = dr[1].ToString();
                    sendmail(a, Session["name"].ToString(), b, Session["id"].ToString());
                }
                con.Close();
            }

Hope this will help you!

Edited 2 Years Ago by Sulaiman_1

store the vulnerable words in textfile.

            string[] vWords = richTextBox1.Lines;
            string filepath = Application.StartupPath;
            string filename = "VulnerableWords.txt";
            store(vWords, filepath, filename);

        public void store(string[] _vWords ,string _filepath ,string _filename )
        {
            string fname = _filepath + "\\" + _filename;
            System.IO.File.WriteAllText(fname, "");
            foreach (string vWord in _vWords)
            {
                if(!string.IsNullOrEmpty(vWord.Trim()))
                {
                    System.IO.File.AppendAllText(fname, vWord+"\n");
                }
            }
        }

hope this code will help you!

 public byte[] readFile(string index)
        {
            if (con.State == ConnectionState.Open)
            {
                con.Close();
            }
            con.Open();
            string select = "select fileindex,filename from fileData0 where fileindex= '" + index + "' ";
            SqlDataAdapter adap = new SqlDataAdapter(select,con);
            DataSet ds = new DataSet();
            adap.Fill(ds, "fileData0");
            byte[] filebyte = (byte[])ds.Tables["fileData0"].Rows[0]["filedata"];
           string Filename = (string)ds.Tables["fileData0"].Rows[0]["filename"];
            con.Close();
            return filebyte;
        }
        {
 if (e.ColumnIndex == 0)
            {
                int row;
                row = e.RowIndex;
                string FileName = dataGridView1.Rows[row].Cells[2].Value.ToString();
                con.Open();
                DataSet dt = new DataSet();

                da=new SqlDataAdapter ("select fileindex,filename,filedata from fileData0 where filename='"+FileName+"'",con);
                da.Fill(dt, "fileData0");
                byte[] filedown = readFile(index);
                FileStream fs = new FileStream(@"E:\" + FileName, FileMode.Create);
                fs.Write(filedown, 0, filedown.Length);
                fs.Close();
                MessageBox.Show("File Saved in : E:\\" + FileName);

            }
This article has been dead for over six months. Start a new discussion instead.