Search Results

Search found 6343 results on 254 pages for 'dll injection'.

Page 207/254 | < Previous Page | 203 204 205 206 207 208 209 210 211 212 213 214  | Next Page >

• What characters are NOT escaped with a mysqli prepared statement?

  - by barfoon

  Hey everyone, I'm trying to harden some of my PHP code and use mysqli prepared statements to better validate user input and prevent injection attacks. I switched away from mysqli_real_escape_string as it does not escape % and _. However, when I create my query as a mysqli prepared statement, the same flaw is still present. The query pulls a users salt value based on their username. I'd do something similar for passwords and other lookups. Code: $db = new sitedatalayer(); if ($stmt = $db->_conn->prepare("SELECT `salt` FROM admins WHERE `username` LIKE ? LIMIT 1")) { $stmt->bind_param('s', $username); $stmt->execute(); $stmt->bind_result($salt); while ($stmt->fetch()) { printf("%s\n", $salt); } $stmt->close(); } else return false; Am I composing the statement correctly? If I am what other characters need to be examined? What other flaws are there? What is best practice for doing these types of selects? Thanks,

  Read the article

• How do I download a file from an FTP server using FTP over SSL using .NET?

  - by atconway

  My post title almost states it all: How do I download a file from an FTP server using FTP over SSL using .NET? I have read a bit and there are several 3rd party components to purchase that wrap up this functionality. The deal is, this is a very specefic need and is not going to grow much, so if downloading a file from an FTP server using FTP over SSL can be done using the .NET Framework (i.e. System.Net namespace or something), then that would be best. I don't need a ton of functionality, but if for some reason coding against a secure FTP server is a nightmare or not doable through the .NET Framework BCL that would be nice to know, as a 3rd party .dll might be best. Thank you!

  Read the article

• Why do I get "could not load type" error with my custom SessionStateProvider

  - by Rising Star

  My associate has created a custom SessionStateProvider for me to use with my ASP.net application. I add the file CustomSessionStateProvider to my VS2008 Web Application Project and put the appropriate reference in the web.config and it works fine. However, my supervisor wants me to set this up as a GAC reference. At my office, we have many DLLs we've created that we use as GAC references across different projects. If I add my CustomSessionStateProvider to the Global Assembly Cache, my pages throw a could not load type CustomASP.CustomSessionStateProvider error. Simple removing the DLL from the GAC makes it work again, but I want to set this up as a GAC reference. What could be causing this problem?

  Read the article

• Migrating from CVS to Mercurial - how to handle cross-repo symbolic links?

  - by NVRAM

  I have a project that is stored in CVS as numerous modules/repositories. In several of the modules the CVS tree has symbolic links to the files in another tree. For example, the internal support tools have links to binary files (DLL, EXE) that are created and stored in the C# module. In all cases, the files are modified only in in the module where the files exist and are treated as read-only in the tree where the symbolic link exists. More often than not, the files are pulled to machines running MSWindows so the use of symbolic links on the developer machine is not an option. My question is this: Is there a mechanism in Mercurial that can provide the same capabilities?

  Read the article

• jquery with php loading file

  - by Marcus Solv

  I'm trying to use jquery with a simple php code: $('#some').click(function() { <?php require_once('some1.php?name="some' + index + '"'); ?> }); It shows no error, so I don't know what is wrong. In some1 I have: <?php //Start session session_start(); //Include database connection details require_once('../sql/config.php'); //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $name = clean($_GET['name']); ?> It's not complete because I want to make a sql command (insert). I want when I click in #some to execute that file (create a entry in the table that isn't define yet).

  Read the article

• Displaying Fields (and/instead of Properties) in a PropertyGrid

  - by Jenk

  I'd like to use a PropertyGrid to manipulate the data on some objects, however these objects don't have properties, they have fields. Thus a property grid doesn't display them (high five MS!) Before anyone posts "just use properties": I can't at the moment.. these objects are DTOs and are used to send data to a VB6 Interop dll, thus all the parameters for the method calls are "ref" parameters (high five MS!), and C# won't compile if you use a property instead of a field or variable (high five MS!). No, I am not going to create local variables for every property on any given object. There many, many fields, and many, many test cases that would need updating, as well as the production code it self, and this post/question may be the path of least resistance. :)

  Read the article

• Automatic initialization routine in C++ library?

  - by Robert Mason

  If i have a header file foo.h and a source file foo.cpp, and foo.cpp contains something along the lines of: #ifdef WIN32 class asdf { asdf() { startup_code(); } ~asdf() { cleanup_code(); } }; asdf __STARTUP_HANDLE__ #else //unix does not require startup or cleanup code in this case #endif but foo.h does not define class asdf, say i have an application bar.cpp: #include "foo.h" //link in foo.lib, foo.dll, foo.so, etc int main() { //do stuff return 0; } If bar.cpp is compiled on a WIN32 platform, will the asdf() and ~asdf() be called at the appropriate times (before main() and at program exit, respectively) even though class asdf is not defined in foo.h, but is linked in through foo.cpp?

  Read the article

• Is there any performance issue using Row_Number to implement table paging in Sql Server 2008?

  - by majkinetor

  I want to implement table paging using this method: SET @PageNum = 2; SET @PageSize = 10; WITH OrdersRN AS ( SELECT ROW_NUMBER() OVER(ORDER BY OrderDate, OrderID) AS RowNum ,* FROM dbo.Orders ) SELECT * FROM OrdersRN WHERE RowNum BETWEEN (@PageNum - 1) * @PageSize + 1 AND @PageNum * @PageSize ORDER BY OrderDate ,OrderID; Is there anything I should be aware of ? Table has millions of records. Thx. EDIT: After using suggested MAXROWS method for some time (which works really really fast) I had to switch back to ROW_NUMBER method because of its greater flexibility. I am also very happy about its speed so far (I am working with View having more then 1M records with 10 columns). To use any kind of query I use following modification: PROCEDURE [dbo].[PageSelect] ( @Sql nvarchar(512), @OrderBy nvarchar(128) = 'Id', @PageNum int = 1, @PageSize int = 0 ) AS BEGIN SET NOCOUNT ON Declare @tsql as nvarchar(1024) Declare @i int, @j int if (@PageSize <= 0) OR (@PageSize > 10000) SET @PageSize = 10000 -- never return more then 10K records SET @i = (@PageNum - 1) * @PageSize + 1 SET @j = @PageNum * @PageSize SET @tsql = 'WITH MyTableOrViewRN AS ( SELECT ROW_NUMBER() OVER(ORDER BY ' + @OrderBy + ') AS RowNum ,* FROM MyTableOrView WHERE ' + @Sql + ' ) SELECT * FROM MyTableOrViewRN WHERE RowNum BETWEEN ' + CAST(@i as varchar) + ' AND ' + cast(@j as varchar) exec(@tsql) END If you use this procedure make sure u prevented sql injection.

  Read the article

• C# StringBuilder question

  - by andrew

  in a C# file i have a class Archiver { [DllImport("Archiver.dll")] public static extern void archive(string data, StringBuilder response); } string data is an input, and StringBuilder response is where the function writes something the archive function prototype (written in C) looks like this: void archive(char * dataChr, char * outChr); and it receives a string in dataChr, and then does a strcpy(outChr,"some big text"); from C# i call it something like this: string message = "some text here"; StringBuilder response = new StringBuilder(10000); Archiver.archive(message,response); this works, but the problem, as you might see is that i give a value to the StringBuilder size, but the archive function might give back a (way) larger text than the size i've given to my StringBuilder. any way to fix this?

  Read the article

• Integrating Hudson with MS Test?

  - by hangy

  Is it possible to integrate Hudson with MS Test? I am setting up a smaller CI server on my development machine with Hudson right now, just so that I can have some statistics (ie. FxCop and compiler warnings). Of course, it would also be nice if it could just run my unit tests and present their output. Up to now, I have added the following batch task to Hudson, which makes it run the tests properly. "%PROGRAMFILES%\Microsoft Visual Studio 9.0\Common7\IDE\MSTest.exe" /runconfig:LocalTestRun.testrunconfig /testcontainer:Tests\bin\Debug\Tests.dll However, as far as I know, Hudson does not support analysis of MS Test results, yet. Does anyone know whether the TRX files generated by MSTest.exe can be transformed to the JUnit or NUnit result format (because those are supported by Hudson), or whether there is any other way to integrate MS Test unit tests with Hudson?

  Read the article

• COM+ Applications returns an error when when I try to add a new application

  - by Baright

  Error message returned 'An error occurred while processing the last operation. Error code 800401154 - Class not registered The event log may contain additional troubleshooting information.' The other thing is, the is a red arrow icon displayed over My Computer (Component Servers - Computers - My Computer). I have searched everywhere for this, but I couldnt find a solution that resolves my specific problem. Im using VISTA and this error started after I reinstalled my SQL server 2008. I have 2 dll that I need to add but I cannot, because of this error.

  Read the article

• Fast exchange of data between unmanaged code and managed code

  - by vizcaynot

  Hello: Without using p/invoke, from a C++/CLI I have succeeded in integrating various methods of a DLL library from a third party built in C. One of these methods retrieves information from a database and stores it in different structures. The C++/CLI program I wrote reads those structures and stores them in a List<, which is then returned to the corresponding reading and use of an application programmed completely in C#. I understand that the double handling of data (first, filling in several structures and then, filling all of these structures into a list<) may generate an unnecessary overload, at which point I wish C++/CLI had the keyword "yield". Depending on the above scenario, do you have recommendations to avoid or reduce this overload? Thanks.

  Read the article

• CUDA & VS2010 problem

  - by Kristian D'Amato

  I have scoured the internets looking for an answer to this one, but couldn't find any. I've installed the CUDA 3.2 SDK (and, just now, CUDA 4.0 RC) and everything seems to work fine after long hours of fooling around with include directories, NSight, and all the rest. Well, except this one thing: it keeps highlighting the <<< >>> operator as a mistake. Only on VS2010--not on VS2008. On VS2010 I also get several warnings of the following sort: C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\include\xdebug(109): warning C4251: 'std::_String_val<_Ty,_Alloc>::_Alval' : class 'std::_DebugHeapAllocator<_Ty>' needs to have dll-interface to be used by clients of class 'std::_String_val<_Ty,_Alloc>' Anyone know how this can be fixed?

  Read the article

• T-SQL: Dynamic Query by Selected Column in ASP.NET GridView

  - by jp2code

  I'm trying to modify a stored procedure used in an ASP.NET page. By default, the stored procedure returns all of the data, which can be overwhelming for employees in the plant. I want to add a drop down menu item for the column name and a text box for a value to allow our employees to search the data for their specific items. What I would like to add is the ability to pass in a Column Name and Column Value to search, similar to the following: DECLARE @colName nVarChar(50), @colValue nVarChar(50) SET @colName='EmployeeID' SET @colValue='007135' SELECT Column1, Column2, Column3, Column4, Column5, Column6, Column7 FROM viewNum1 WHERE ((@colName IS NULL) OR (@colValue IS NULL) OR ('['+@colName+']'=@colValue)) If all values passed in (@colValue and @colName), all records return; however, if I try specifying that @colName=EmployeeID and @colValue='007135' (a value that does exist in the database), no records are returned. Next is the problem that I am running an old SQL Server 2000 database that does not allow the stored procedure to access the table column names, and the whole technique looks prone to SQL Injection. Finally, I don't see how to bind my GridView control to this and still have the ability to display all records. How would I write such a filtering stored procedure?

  Read the article

• Integrating Prolog with C#

  - by TK

  Does anyone know of a nice (and preferably free) way to integrate Prolog and C#? Im looking to create a Prolog dll or similar to call from my managed code, and retrieve an answer once all the processing has been complete. Im looking for it to be predominantly one sided (c# calls Prolog). I have seen this question which talks about Prologs real world usage but I was wondering if anyone had either any experience with c# & Prolog? or a nice tutorial/article?

  Read the article

• How to receive a datastream from a device on your computer, in C#

  - by WebDevHobo

  I plan to build a small audio-recorder app in C#. My laptop has a built in Microphone that's always active, so I want to use that as an early-stage test. I would simply start recording, save the file as a .wav or even use the LAME dll to make it into an MP3. The problem is, I don't know how to contact that microphone. Do I use a library that can detect a device, or do I just catch a stream of bytes from the port that the device is on? I don't have any experience with receiving data from connected devices. I suppose that I'll need to enter all the data into a byte array and then Serialize that into a WAV file, but I'm not sure. Can I get some pointers on this subject?

  Read the article

• winsock compile crash

  - by ioil

  The following errors are from a file with just windows and winsock2 included. C:\Users\ioil\Desktop\dm\bin>dmc sockit.c typedef struct fd_set { ^ C:\Users\ioil\Desktop\dm\bin\..\include\win32\WINSOCK2.H(85) : Error: 'fd_set' is already defined } fd_set; ^ C:\Users\ioil\Desktop\dm\bin\..\include\win32\WINSOCK2.H(88) : Error: identifier or '( declarator )' expected struct timeval { ^ C:\Users\ioil\Desktop\dm\bin\..\include\win32\WINSOCK2.H(129) : Error: 'timeval' is already defined }; ^ C:\Users\ioil\Desktop\dm\bin\..\include\win32\WINSOCK2.H(132) : Error: identifier or '( declarator )' expected struct hostent { ^ C:\Users\ioil\Desktop\dm\bin\..\include\win32\WINSOCK2.H(185) : Error: 'hostent' is already defined Fatal error: too many errors --- errorlevel 1 C:\Users\ioil\Desktop\dm\bin> What's already been tried : placing the winsock.dll file in the same directory as the compiler and program to be compiled, placing it in the system32 directory, and entering it in the registry with the regsrv32 command. Don't really know where to go from here, appreciate any advice . . .

  Read the article

• C# COM+ component isn't getting the constructor string

  - by Kyle W

  I've created a COM+ component in C# with a strong name, COM Visible, ProgId, etc... I've then registered the assembly with regasm, and imported it into the COM+ Applications in Component Services. It runs just fine, and loads up the DLL, except that the constructor string that is passed in is always empty. The method signature is protected override void Construct(string constructString), and it is being called before the method on the actual component. In the component details in COM+ Applications, the constructor string is checked and a value is entered. Any help is appreciated.

  Read the article

• Column.DbType affecting runtime behavior

  - by leppie

  Hi According to the MSDN docs, the DbType property/attribute of a Column type/element is only used for database creation. Yet, today, when trying to submit data to an IMAGE column on a SQLCE database (not sure if only on CE), I got an exception of 'Data truncated to 8000 bytes'. This was due to the DbType still being defined as VARBINARY(MAX) which SQLCE does not support. Changing the type to IMAGE in the DbType fixes the issue. So what other surprises does Linq2SQL attributes hold in store? Is this a bug or intended? Should I report it to MS? UPDATE After getting the answer from Guffa, I tested it, but it seems for NVARCHAR(10) adding a 11 char length string causes a SQL exception, and not Linq2SQL one. The data was truncated while converting from one data type to another. [ Name of function(if known) = ] A first chance exception of type 'System.Data.SqlServerCe.SqlCeException' occurred in System.Data.SqlServerCe.dll

  Read the article

• desktop module for existing web application

  - by maxxxee

  My client has a running web application which has been online for more than a year. Recently the client has introduced smart cards for his employees. Because of the difficulty in integrating smart card with its api on a web interface(i will post another detailed question on this later) we are planning to have desktop interface for this. There are 10-20 terminals which will use the desktop interface. 3 approaches for doing this that I have considered : Direct connection and operations on DB-Not using this because of data integrity and consistency issues. Build web service end points and use it from desktop interface Build a dll with common functions and use from both web and desktop Questions: 1. What are your opinions based on 2 and 3 approach? 2. Any other approach that I should consider? Note: I am using .Net framework, web application in asp.net

  Read the article

• Difference between MVC FilterAttribute and Filter

  - by zaaaaphod

  I'm trying to write my own custom AuthorizationAttribute that uses DI. I'm using the MUNQ IoC provider for it's speed and have decided to use constructor injection on all my classes as opposed to post instatiation property binding (because I prefer it). I'm trying to write a custom IFilterProvider that will use my IoC container to return requests for filters (so that I can map concrete classes using the container). I've come up with the following. public class FilterProvider : IFilterProvider { private readonly IocContainer _container; public FilterProvider(IocContainer container) { _container = container; } public IEnumerable<Filter> GetFilters(ControllerContext controllerContext, ActionDescriptor actionDescriptor) { var x = Enumerable.Union<Object>(_container.ResolveAll<IActionFilter>(), _container.ResolveAll<IAuthorizationFilter>()); foreach (Filter actionFilter in x) yield return new Filter(actionFilter, FilterScope.First, null); } } The above code will fail during the foreach because my objects that implement IAuthorizationFilter are based on FilterAttribute and not Filter My question is, what is the difference between Filter and FilterAttribute? I would have thought that there would have been a common link between them, unless I'm missing something. Another deeper question is, how come there is no IFilterAttributeProvider that would support IEnumerable GetFilters(...) Is there some other way that I should be using to resolve IAuthorizationFilter via my IoC container? Thank you very much for your help. Z

  Read the article

• Embeddable unit testing framework for mixed Windows app

  - by Andy Dent

  I want to test portions of a very complex app which includes both a major native Windows component and a substantial WPF GUI. Due to complexities I can't detail, it is impossible to run the native portion independently nor can I isolate the areas I want to test (spare me the lectures, we're talking a huge legacy code base and we do have refactoring plans). I'm looking for a unit test kit I can invoke on the native side but must be able to run with the app launched with the managed portion initialised. That seems to rule out the run executable feature of the cfix Windows unit test kit. I really like their philosophy, like WinUnit, of using DLL compilation as a way to add the reflective capabilities missing in C++ and gain a more NUnit-like experience. Ideally, I want something like WinUnit running within the application code and generating an HTML report. I'm trying to introduce more TDD and having things as lean as possible is important.

  Read the article

• How do I marshal a pointer to an array of pointers to structures?

  - by Daniel Stutzbach

  I have a C function with the following signature: int my_function(int n, struct player **players) players is a pointer to an array of pointers to struct player objects. n is the number of pointers in the array. The function does not modify the array nor the contents of the structures, and it does not retain any pointers after returning. I tried the following: [DllImport("mylibary.dll")] static extern int my_function(int n, [In, MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 0)] player_in []players); However, that marshals the data as a pointer to an array of structures, not a pointer to an array of pointers to structures.

  Read the article

• How does windows differentiate between regular exe and a .Net exe?

  - by Yogendra

  Hi All, This might be a duplicate entry. Excuse me if it is. I was asked in an interview as to how does Windows OS differentiate between regular exe and .Net exe. My reply was, when .Net exe is build, the compiler emits some information into the header. The information is PE32 or PE32+. windows verifies the header to determine if it needs to load the MSCOREE.dll which loads the CLR and executes the exe. I am not sure if my answer is correct ? Your inputs is appreciated.

  Read the article

• DNS protocol message example

  - by virtual-lab

  hello there, I am trying to figure out how to send out DNS messages from an application socket adapter to a DNSBL. I spent the last two days understanding the basics, including experimenting with WireShark to catch an example of message exchanged. Now I would like to query the DNS without using dig or host command (I'm using Ubuntu); how can I perform this action at low level, without the help of these tools in wrapping the request in a proper DNS message format? How the message should be post it? Hex or String? Thanks in advance for any help. Regards Alessandro Ilardo Comment added I am investigating on JDev and Oracle SOA. The platform provides a Socket Adapter which simply apply a transformation (XSLT) and send the message straight to the socket. How the payload parameters (ex. the host I'm looking up) are wrapped within the message is left to the developer. So basically I have an idea on how the all DNS message is structured, but rather than put everything on JDev stright away I'd like to make some tests on my own just to make sure I got a valid message format. So, I am not using any specific language (I don't even understand why they moved my question from serverfault) and I don't want to use any tools which would hide part of the message, such as the header. I know they work well btw. I guess this stuff has something to do with packet injection. Someone suggested me to use telnet, but I've only used for SMTP or HTTP, I haven't got a clue on how it works for DNS request. Does it make more sense now?

  Read the article

< Previous Page | 203 204 205 206 207 208 209 210 211 212 213 214  | Next Page >