Search Results

Search found 10662 results on 427 pages for 'parameter passing'.

Page 203/427 | < Previous Page | 199 200 201 202 203 204 205 206 207 208 209 210  | Next Page >

• Prevent SQL Injection in Dynamic column names

  - by Mr Shoubs

  I can't get away without writing some dynamic sql conditions in a part of my system (using Postgres). My question is how best to avoid SQL Injection with the method I am currently using. EDIT (Reasoning): There are many of columns in a number of tables (a number which grows (only) and is maintained elsewhere). I need a method of allowing the user to decide which (predefined) column they want to query (and if necessary apply string functions to). The query itself is far too complex for the user to write themselves, nor do they have access to the db. There are 1000's of users with varying requirements and I need to remain as flexible as possible - I shouldn't have to revisit the code unless the main query needs to change - Also, there is no way of knowing what conditions the user will need to use. I have objects (received via web service) that generates a condition (the generation method is below - it isn't perfect yet) for some large sql queries. The _FieldName is user editable (parameter name was, but it didn't need to be) and I am worried it could be an attack vector. I put double quotes (see quoted identifier) around the field name in an attempt to sanitize the string, this way it can never be a key word. I could also look up the field name against a list of fields, but it would be difficult to maintain on a timely basis. Unfortunately the user must enter the condition criteria, I am sure there must be more I can add to the sanatize method? and does quoting the column name make it safe? (my limited testing seems to think so). an example built condition would be "AND upper(brandloaded.make) like 'O%' and upper(brandloaded.make) not like 'OTHERBRAND'" ... Any help or suggestions are appreciated. Public Function GetCondition() As String Dim sb As New Text.StringBuilder 'put quote around the table name in an attempt to prevent some sql injection 'http://www.postgresql.org/docs/8.2/static/sql-syntax-lexical.html sb.AppendFormat(" {0} ""{1}"" ", _LogicOperator.ToString, _FieldName) Select Case _ConditionOperator Case ConditionOperatorOptions.Equals sb.Append(" = ") ... End Select sb.AppendFormat(" {0} ", Me.UniqueParameterName) 'for parameter Return Me.Sanitize(sb) End Function Private Function Sanitize(ByVal sb As Text.StringBuilder) As String 'compare against a similar blacklist mentioned here: http://forums.asp.net/t/1254125.aspx sb.Replace(";", "") sb.Replace("'", "") sb.Replace("\", "") sb.Replace(Chr(8), "") Return sb.ToString End Function Public ReadOnly Property UniqueParameterName() As String Get Return String.Concat(":" _UniqueIdentifier) End Get End Property

  Read the article

• Floor function returning EXC_BAD_ACCESS

  - by fastrack20

  The cod that I am using contains these snippets of code. I am calling ThetaG_JD with the argument 2455343.50000 which is just a sample Julian date. Every time I run the program, I receive a EXC_BAD_ACCESS on the indicated line. When using gdb and printing out the intermediary values and passing them through the floor function, I get no error, but when Frac() is used it always returns an error. double Frac(double arg) { /* Returns fractional part of double argument */ return arg - floor(arg); } double ThetaG_JD(double jd) { /* Reference: The 1992 Astronomical Almanac, page B6. */ double UT=0, TU=0, GMST=0; //THIS LINE UT=Frac(jd+0.5); // THAT ONE ^^ jd=jd-UT; TU=(jd-2451545.0)/36525; GMST=24110.54841+TU*(8640184.812866+TU*(0.093104-TU*6.2E-6)); GMST=Modulus(GMST+secday*omega_E*UT,secday); return (twopi*GMST/secday); }

  Read the article

• Find maximum positive integer value in Bourne Shell

  - by l0b0

  I'm checking a counter in a loop to determine if it's larger than some maximum, if specified in an optional parameter. Since it's optional, I can either default the maximum to a special value or to the maximum possible integer. The first option would require an extra check at each iteration, so I'd like to instead find out what is the maximum integer that will work with the -gt Bourne Shell operation.

  Read the article

• Asp.Net MVC2 TekPub Starter Site methodology question

  - by Pino

  Ok I've just ran into this and I was only supposed to be checking my emails however I've ended up watching this (and not far off subscribing to TekPub). http://tekpub.com/production/starter Now these app is a great starting point, but it raises one issue for me and the development process I've been shown to follow (rightly or wrongly). There is no conversion from the LinqToSql object when passing data to the view. Are there any negitives to this? The main one I can see is with validation, does this cause issues when using MVC's built in validation as this is somthing we use extensivly. Because we are using the built in objects generated by LinqToSql how would one go about adding validation, like [Required(ErrorMessage="Name is Required")] public string Name {get;set;} Interested to understand the benifits of this methodology and any negitives that, should we take it on, experiance through the development process.

  Read the article

• Generating Single WSDL file for Multiple JAVA classes.

  - by sachin

  We are using "Bottom Up" approach for building webservices. We have 10 java classes which we want to expose as a webservice. How can we create only one WSDL file for these classes? (java2wsdl utility & its ANT TASK takes only one class as parameter for generating WSDL file.)

  Read the article

• WCF .Net 4.0 is treating WebProtocolException as an unhandled exception

  - by Benjii

  Im trying to build an API using WCF and .Net 4, however when I throw the WebProtocolException, it is not displaying a nice error message like it should, instead it is treating it like an unhandled exception. I am using the WebServiceHost2Factory. Has anyone else used WebProtocolException with .net 4? An example of my call is below throw new WebProtocolException(System.Net.HttpStatusCode.BadRequest, "The DateFrom parameter is invalid", new Error() { Code = 6002, Message = "Please ensure your dates are in the following format: yyyy/MM/dd hh:mm:ss" }, null, null);

  Read the article

• SharePoint 2010 Search Query

  - by Faiz

  Hi, I had written a custom search query for MOSS 2007 to get data where contenttype is post. However the same query is not returning any results in SharePoint 2010. Any inputs will be appreciated. Please note that SharePoint search box is returning (parameter k in query string and also contenttype:post) appropriate results. Thanks

  Read the article

• NSNotification center may not respond to -object ?

  - by blackkettle

  Hi, I'm trying to make simple use of the NSNotification center inside my iPhone application, but I seem to be doing something wrong in this case. I was under the impression that it was possible to retrieve an object associated with a particular message, or at least a reference to the object, but using the following example code I'm getting a warning, "NSNotification center may not respond to -object" - (void)addNewBookmark:(NSNotificationCenter *)notification { Bookmark *newBookMark = (Bookmark *)[notification object]; //Do some stuff with the bookmark object } Indeed, when I compile and run the code, basically nothing I try to do with the contents of the object actually gets carried out - it's simply ignored. The post code is as follows, - (IBAction)save:(id) sender{ //Sending the message with the related object [[NSNotificationCenter defaultCenter] postNotificationName:@"addNewBookmark" object:bookmark]; } and the bookmark object itself is just a dictionary. I also tried using the "userInfo" argument and passing the bookmark object through that, but the result was the same. How should I be doing this? What am I doing wrong?

  Read the article

• Can Windsor do this?

  - by Marius

  Consider this example: public class Factory { private List<ISubFactory> subFactories; public Factory(List<ISubFactory> subFactories) { this.subFactories = subFactories; } } public interface ISubFactory { } I want Windsor to resolve the Factory class and put all implementers of the ISubFactory interface which are registered in the container (ResolveAll) into the "subFactories" parameter, can Windsor do this?

  Read the article

• stored procedure for importing txt in sql server db

  - by Iulian

  I have to insert new records in a database every day from a text file ( tab delimited). I'm trying to make this into a stored procedure with a parameter for the file to read data from. CREATE PROCEDURE dbo.UpdateTable @FilePath BULK INSERT TMP_UPTable FROM @FilePath WITH ( FIRSTROW = 2, MAXERRORS = 0, FIELDTERMINATOR = '\t', ROWTERMINATOR = '\n' ) RETURN Then i would call this stored procedure from my code (C#) specifying the file to insert. This is obviously not working, so how can i do it ?

  Read the article

• Getting Bad file descriptor when running Tornado AsyncHTTPTestCase

  - by Will

  When running a test using the Tornado AsyncHTTPTestCase I'm getting a stack trace that isn't related to the test. The test is passing so this is probably happening on the test clean up? I'm using Python 2.7.2, Tornado 2.2. The test code is: class AllServersHandlerTest(AsyncHTTPTestCase): endpoint = AllServersHandler.endpoint # '/rest/test/' def test_server_status_with_advertiser(self): on_new_host(None, '127.0.0.1') response = self.fetch(self.endpoint, method='GET') result = json.loads(response.body, 'utf8').get('data') self.assertEquals(['127.0.0.1'], result) The test passes ok, but I get the following stack trace from the Tornado server. OSError: [Errno 9] Bad file descriptor INFO:root:200 POST /rest/serverStatuses (127.0.0.1) 0.00ms DEBUG:root:error closing fd 688 Traceback (most recent call last): File "C:\Python27\Lib\site-packages\tornado-2.2-py2.7.egg\tornado\ioloop.py", line 173, in close os.close(fd) OSError: [Errno 9] Bad file descriptor Any ideas how to cleanly shutdown the test case?

  Read the article

• FACING ERROR WHILE CALLING AXIS2 WEB SERVICE ...

  - by darshanv

  Hello , I am new to axis ,I have created a web servcie with couple of methods using axis2 and deployed it on tomcat.And am calling that web service from my android program with the help of ksoap.But wen i call a method which doesn't take any parameter am gettin fine reply from web service which i can able to see on my screen,But wen i call anothr method which takes a string argument am getting namespace exception on server WEB SERVICE CODE IS ..... package Guru; public class DarshanSays { public String getMsg(String h) { return h+" ..the power of change is eVolution..."; } public String getEmpty(String d)throws Exception { return "empty string from tomcattttttttttt"; } } //AND program is String soap_action="http://Guru/getEmpty"; String method_nm="getEmpty"; String nmspc="http://Guru/"; String url7="//192.168.10.182:8080/axis2/services/Friday";//http: SoapObject request = new SoapObject(url7,method_nm); /*sending method parameters with SoapObject */ request.newInstance(); request.addProperty("h","darshan.....");//sending a parameter to a method SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER11); envelope.bodyOut=request; envelope.dotNet = true; envelope.encodingStyle = SoapSerializationEnvelope.XSD; Log.d("Step","3"); envelope.dotNet=true; /*setting outputsoap object sending request */ envelope.setOutputSoapObject(request); /*HttpTransportSE object creating sending it url */ androidHttpTransport = new HttpTransportSE(url7); //androidHttpTransport.setXmlVersionTag(""); Log.d("Step","4"); try{ androidHttpTransport.debug=true; androidHttpTransport.call(nmspc,envelope); } catch(Exception e) { Log.d("Transportcall",""+e); alert=new AlertDialog.Builder(this); alert.setMessage(""+e); alert.show(); } //exception is throw. Log.d("Step","5"); try { Log.d("giving...","resp"); SoapPrimitive sp=(SoapPrimitive)envelope.getResponse(); String hh=sp.toString(); Log.d("reply from web ser",".."+hh.toString()); //and erorr msg is SoapFault - faultcode:'soapenv:Server' faultstring: 'namespace mismatch require http://Guru found 192.168.10.182:8080/axis2/services/Friday' faultactor: 'null' detail: org.kxml2.kdom.Node@43d31390 ERROR IS coming only when am calling parameterized method. I am facing this issue only when am giving a call to parameterized method. Please Help.. thanks Darshan V

  Read the article

• XSLT generating attributes if source-Element is in parameterfile

  - by Siegfried

  Hi, i got an xml-file with some elements. For some of these is an aqvivalent in a parameter xml-file along with some other elements. I want to add these other elements from parm-file as parameter to output file if element-names are matching. (the Attributes should only be generated if an element "InvoiceHeader" exists in the source-xml. Here is my code... <?xml version="1.0" encoding="UTF-8"?> <xsl:stylesheet version="2.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:fn="http://www.w3.org/2005/xpath-functions"> <xsl:variable name="rpl" select="document('ParamInvoice.xml')"></xsl:variable> <xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes"/> <xsl:template match="/"> <xsl:apply-templates></xsl:apply-templates> </xsl:template> <xsl:template match="*"> <xsl:copy> <xsl:if test="$rpl/StoraInvoice/local-name()"> <xsl:call-template name="AttributeErzeugen"> <xsl:with-param name="attr" select="$rpl/StoraInvoice/local-name()"></xsl:with-param> </xsl:call-template> </xsl:if> <xsl:apply-templates></xsl:apply-templates> </xsl:copy> </xsl:template> <xsl:template name="AttributeErzeugen"> <xsl:param name="attr"></xsl:param> <xsl:for-each select="$attr"> <xsl:attribute name="{Attibute/@name}"><xsl:value-of select="."></xsl:value- of></xsl:attribute> </xsl:for-each> </xsl:template> </xsl:stylesheet> and here the param-file <?xml version="1.0" encoding="UTF-8"?> <StoraInvoice> <InvoiceHeader> <Attribute name="Fuehrend">YYY</Attribute> <Attribute name="Feld">FFFF</Attribute> <Attribute name="Format">XYZXYZ</Attribute> </InvoiceHeader> </StoraInvoice> Siegfried

  Read the article

• JPA where clause any

  - by Ke

  Hi, I'm new to JPA. In JPA, the query is: Query query = entityManager.createQuery("select o from Product o WHERE o.category = :value"); query.setParameter("category", category); How can I set category to any category in JPA? So if the null category passed, I simple ignore the category parameter, select all products.

  Read the article

• A reference that is not to 'const' cannot be bound to a non-lvalue

  - by Bert

  Hello, Am struggling a bit with this. Am declaring: BYTE *pImage = NULL; Used in call: m_pMyInterface-GetImage(i, &imageSize, &pImage); Visual C++ 2003 compiler error: error C2664: 'CJrvdInterface::GetImage' : cannot convert parameter 3 from 'BYTE **__w64 ' to 'BYTE **& ' A reference that is not to 'const' cannot be bound to a non-lvalue The method called is defined as: void CMyInterface::GetImage(const int &a_iTileId, ULONG *a_pulImageSize, BYTE** &a_ppbImage) { (...) Any help much appreciated, Bert

  Read the article

• c# uploading file - error

  - by user228058

  I have a webpage where the user can upload an excel file. I'm trying 2 different files - one works without a problem, and the other one gives me this error: Error: Length cannot be less than zero. Parameter name: length I know that sometimes this occurs when the file size is zero, but that is not the case here. Can anyon shed light on this issue? Please let me know if you need more info.

  Read the article

• Is it possible to utilize internal methods on controllers to reduce duplication?

  - by Maslow

  in a partial view I have the following: <%Html.RenderAction(MVC.User.GetComments(Model.UserGroupName)); %> can I render a Controller's PartialViewResult in a View without going through routing so I can pass arguments directly from the model so that the arguments I'm passing to the controller never get sent to the user or seen by the user? Currently the method I'm showing at the top throws an exception because no overload is public. I've got it marked as internal so that a user can not access it, only the rendering engine was my intent.

  Read the article

• PHP Menu Question

  - by Vecta

  As one of the steps toward a greater website redesign I am putting the majority of the content of our website into html files to be used as includes. I am intending on passing a variable to the PHP template page through the URL to call the proper include. Our website has many programs that each need an index page as well as about 5 sub-pages. These program pages will need a menu system to navigate between the different pages.I am naming the pages pagex_1, pagex_2, pagex_3, etc. where "pagex" is descriptive of the page content. My question is, what would be the best way to handle this menu system? Is there a way to modify the initial variable used to arrive at the index page to create links in the menu to arrive at the other pages? Thanks for any help!

  Read the article

• how can we use AsynCallback method of web service in asp.net

  - by sameer

  Hi All, I was going through the proxy class which is generated using wsdl.exe found the asyncmethod like BeginAsynXXX() and EndAsyncXXX(). i understood how to utilize them on Windows application but i was wondering how can we use them in Web Application built using asp.net here is the code for web service client build as windows application.can any tell me how we can do this with web application. using System; using System.Runtime.Remoting.Messaging; using MyFactorize; class TestCallback { public static void Main(){ long factorizableNum = 12345; PrimeFactorizer pf = new PrimeFactorizer(); //Instantiate an AsyncCallback delegate to use as a parameter //in the BeginFactorize method. AsyncCallback cb = new AsyncCallback(TestCallback.FactorizeCallback); // Begin the Async call to Factorize, passing in our // AsyncCalback delegate and a reference // to our instance of PrimeFactorizer. IAsyncResult ar = pf.BeginFactorize(factorizableNum, cb, pf); // Keep track of the time it takes to complete the async call // as the call proceeds. int start = DateTime.Now.Second; int currentSecond = start; while (ar.IsCompleted == false){ if (currentSecond < DateTime.Now.Second) { currentSecond = DateTime.Now.Second; Console.WriteLine("Seconds Elapsed..." + (currentSecond - start).ToString() ); } } // Once the call has completed, you need a method to ensure the // thread executing this Main function // doesn't complete prior to the call-back function completing. Console.Write("Press Enter to quit"); int quitchar = Console.Read(); } // Set up a call-back function that is invoked by the proxy class // when the asynchronous operation completes. public static void FactorizeCallback(IAsyncResult ar) { // You passed in our instance of PrimeFactorizer in the third // parameter to BeginFactorize, which is accessible in the // AsyncState property. PrimeFactorizer pf = (PrimeFactorizer) ar.AsyncState; long[] results; // Get the completed results. results = pf.EndFactorize(ar); //Output the results. Console.Write("12345 factors into: "); int j; for (j = 0; j<results.Length;j++){ if (j == results.Length - 1) Console.WriteLine(results[j]); else Console.Write(results[j] + ", "); } } }

  Read the article

• Grails pattern to reuse template on error

  - by bsreekanth

  Hello, I have a gsp template, where the data for create view is passed through the controller. def create = { def bookInstance = new Book() bookInstance .properties = params def map = getDefaultValues() render(template: "create", model: [bookInstance : bookInstance , title: map.title, somelist: somelist ....]) the gsp template <g:select optionKey="id" from="${somelist}" name="somelist.id" value="${bookInstance ?.somelist?.id}" noSelection="['null': '']"></g:select> now, in the save method, if there is an error, it returns currently populated and validated instance (default scaffold implementation) render(template: "create", model: [bookInstance : bookInstance ]) But the fields in the gsp (error page rendered from save action) is empty. I could see the reason as it looks the value in "${somelist}" , but it is not used in save method. Do i just need to check for null in the gsp and use whichever map is available, or any better method (passing all the map in the save method is not an option) .. thanks in advance..

  Read the article

• Function overloading by return type?

  - by dsimcha

  Why don't more mainstream statically typed languages support function/method overloading by return type? I can't think of any that do. It seems no less useful or reasonable than supporting overload by parameter type. How come it's so much less popular?

  Read the article

• Model Binding an IList of selected items only

  - by jeef3

  I have an action method setup: public ActionResult Delete(IList<Product> products) And a table of products in my view. I have got Model Binding working so that on submit I can populate the products list. But I would like to populate it with only the products that are selected via a checkbox. I think I could do it by changing the action method to this: public ActionResult Delete(IList<Product> products, IList<int> toDelete) And passing the list of check boxes to the toDelete but I would really like to avoid changing the method signature if possible. Is there a way to pass only the selected items? Or am I going to have to write a custom ModelBinder?

  Read the article

• Loading remote assembly from the webservice with reflection

  - by Myat Htut

  I am using Assembly.LoadFrom within a web service to load assemblies from a web site. but the problem is it is in the virutal directory and the server.mappath parses the url like \share\mydll.dll and loadform method failed. Is there anyway to reference dll from the remote location? I've tried passing the url (http:\localhost\downloadable\mydll.dll) and again it got "Could not load file or assembly 'http:\localhost\downloadable\mydll.dll' or one of its dependencies. HTTP download of assemblies has been disabled for this appdomain. (Exception from HRESULT: 0x80131048)"

  Read the article

• Creating share programmatically fails with error 9

  - by Christopher

  Directory.CreateDirectory("C:\MyTestShare") Dim managementClass As New ManagementClass("Win32_Share") Dim inParams As ManagementBaseObject = managementClass.GetMethodParameters("Create") inParams.Item("Description") = "My Files Share" inParams.Item("Name") = "My Files Share" inParams.Item("Path") = "C:\MyTestShare" inParams.Item("Type") = 0 If (DirectCast(managementClass.InvokeMethod("Create", inParams, Nothing).Properties.Item("ReturnValue").Value, UInt32) <> 0) Then Throw New Exception("Unable to share directory.") End If I am using the following code to set up a share, but I am always getting a return value of 9 which means invalid name. I am passing a string and have tried to use an explicit string and I still get error 9. I am creating the share remotely rather than on local machine however. Not sure if that matter.

  Read the article

• Large Image in C#

  - by Modir

  Hi Friend I want to create large image by C#. (i have some photos with large size(4800 * 4800). i want merge these photos.) i use Bitmap but don't support. (Error : Invalid Parameter) Please guide me. THANKS

  Read the article

< Previous Page | 199 200 201 202 203 204 205 206 207 208 209 210  | Next Page >