Search Results

Search found 38569 results on 1543 pages for 'database developer'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 347/1543 | < Previous Page | 343 344 345 346 347 348 349 350 351 352 353 354  | Next Page >

  • Are Parameters really enough to prevent Sql injections?

    - by Rune Grimstad
    I've been preaching both to my colleagues and here on SO about the goodness of using parameters in SQL queries, especially in .NET applications. I've even gone so far as to promise them as giving immunity against SQL injection attacks. But I'm starting to wonder if this really is true. Are there any known SQL injection attacks that will be successfull against a parameterized query? Can you for example send a string that causes a buffer overflow on the server? There are of course other considerations to make to ensure that a web application is safe (like sanitizing user input and all that stuff) but now I am thinking of SQL injections. I'm especially interested in attacks against MsSQL 2005 and 2008 since they are my primary databases, but all databases are interesting. Edit: To clarify what I mean by parameters and parameterized queries. By using parameters I mean using "variables" instead of building the sql query in a string. So instead of doing this: SELECT * FROM Table WHERE Name = 'a name' We do this: SELECT * FROM Table WHERE Name = @Name and then set the value of the @Name parameter on the query / command object.

    Read the article

  • Oracle .dmp file

    - by Grasper
    I have an oracle .dmp file, and no access to an oracle install.. Is there any way I can read the data or open it in another program to see what data is in this file?

    Read the article

  • Is it worth caching a Dictionary for foreign key values in ASP.net?

    - by user169867
    I have a Dictionary<int, string> cached (for 20 minutes) that has ~120 ID/Name pairs for a reference table. I iterate over this collection when populating dropdown lists and I'm pretty sure this is faster than querying the DB for the full list each time. My question is more about if it makes sense to use this cached dictionary when displaying records that have a foreign key into this reference table. Say this cached reference table is a EmployeeType table. If I were to query and display a list of employee names and types should I query for EmployeeName and EmployeeTypeID and use my cached dictionary to grab the EmployeeTypeIDs name as each record is displayed or is it faster to just have the DB grab the EmployeeName and JOIN to get the EmployeeType string bypassing the cached Dictionary all together. I know both will work but I'm interested in what will perform the fastest. Thanks for any help.

    Read the article

  • How to update multiple rows with one single query

    - by xRobot
    I use Postgresql + PHP. Say I have this table: Books ( id, title, year ) and this array of titles in PHP: $titles = array ("bible","kafka","Book of Eli"); now I want update all rows where the title is in the $titles array above. So I need a query like this: UPDATE books SET year = '2001-11-11' WHERE title is in $titles; Is is possible with one single query ? Or do I need to use FOR loop ?

    Read the article

  • User account design and security...

    - by espinet
    Before I begin, I am using Ruby on Rails and the Devise gem for user authentication. Hi, I was doing some research about account security and I found a blog post about the topic awhile ago but I can no longer find it again. I read something about when making a login system you should have 1 model for User, this contains a user's username, encrypted password, and email. You should also have a model for a user's Account. This contains everything else. A User has an Account. I don't know if I'm explaining this correctly since I haven't seen the blog post for several months and I lost my bookmark. Could someone explain how and why I should or shouldn't do this. My application deals with money so I need to cover my bases with security. Thanks.

    Read the article

  • search & replace on 3000 row, 25 column spreadsheet

    - by Deca
    I'm attempting to clean up data in this (old) spreadsheet and need to remove things like single and double quotes, HTML tags and so on. Trouble is, it's a 3000 row file with 25 columns and every spreadsheet app I've tried (NeoOffice, MS Excel, Apple Numbers) chokes on it. Hard. Any ideas on how else I can clean this thing up for import to MySQL? Clearly I could go through each record manually, row by row, but would like to avoid that if at all possible. Likewise, I could write a PHP script to handle it on import, but don't want to put the server into a death spiral either.

    Read the article

  • how relate one table to another for future records

    - by Sinan
    I have a games table which holds the data about a game. Then another table which holds the data about news. So far so good. First I thought about creating a junction table for game_news so I could relate news to games. This way works as intended when the game exists. So whenever I insert a news I can relate it to a game using the junction table. However there are cases when there is news about game but the game isn't published and it doesn't exists. So my question would be; is there a way to relate these news to a particular game when the game record is created. What is the best way to do this? Any ideas?

    Read the article

  • Star-schema: Separate dimensions for clients and non-clients or shared dimension for attendants?

    - by celopes
    I'm new to modeling star schemas, fresh from reading the Data Warehouse Toolkit. I have a business process that has clients and non-clients calling into conference calls with some of our employees. My fact table, call it "Audience", will contain a measure of how long an attending person was connected to the call, and the cost per minute of this person's connection to the call. The grain is "individual connection to the conference call". Should I use my conformed Client dimension and create a non-client dimension (for the callers that are not yet clients) this way (omitting dimensions that are not part of this questions): Or would it be OK/better to have a non-conformed Attending dimension related to the conformed Client dimension in this manner: Or is there a better/standard mechanism to model business processes like this one?

    Read the article

  • SQL Backup files, distinguish partial and full backup files

    - by ccook
    I have scheduled backups running through SQL Agent, with Full Backups nightly, and differential backups hourly. Is there a way to determine which of the backup files is the Full backup, and which is the latest differential? Intuitively, it would seem the largest backup within 24 hours is the full, and the latest smaller backup is the partial. However, this isn't robust. Is there a way to probe the backup file to check the backup type? (Preferably in c#)

    Read the article

  • Update MySQL table from jsp

    - by vishnu
    I have these in a jsp file. But these values are not updated in the mysql table. May be it is not commiting. How can i solve this ? String passc1 = request.getParameter("passc1"); String accid = request.getParameter("accid"); int i = 0; String sql = " update customertb " + " set passwd = ?" + " where acc_no = ?;"; try { PreparedStatement ps = con.prepareStatement(sql); ps.setString(1, passc1); ps.setString(2, accid); i = ps.executeUpdate(); } catch (Exception e) { // do something with Exception here. Maybe just throw it up again } finally { con.close(); }

    Read the article

  • How to formulate a SQL Server indexed view that aggregates distinct values?

    - by Jeremy Lew
    I have a schema that includes tables like the following (pseudo schema): TABLE ItemCollection { ItemCollectionId ...etc... } TABLE Item { ItemId, ItemCollectionId, ContributorId } I need to aggregate the number of distinct contributors per ItemCollectionId. This is possible with a query like: SELECT ItemCollectionId, COUNT(DISTINCT ContributorId) FROM Item GROUP BY ItemCollectionId I further want to pre-calculate this aggregation using an indexed (materialized) view. The DISTINCT prevents an index being placed on this view. Is there any way to reformulate this which will not violate SQL Server's indexed view constraints?

    Read the article

  • Input string was not in the correct format using int.Parse

    - by JDWebs
    I have recently been making a login 'representation' which is not secure. So before answering, please note I am aware of security risks etc., and this will not be on a live site. Also note I am a beginner :P. For my login representation, I am using LINQ to compare values of a DDL to select a username and a Textbox to enter a password, when a login button is clicked. However, an error is thrown 'Input string was not in the correct format', when using int.Parse. Front End: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="Login_Test.aspx.cs" Inherits="Login_Login_Test" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title>Login Test</title> </head> <body> <form id="LoginTest" runat="server"> <div> <asp:DropDownList ID="DDL_Username" runat="server" Height="20px" DataTextField="txt"> </asp:DropDownList> <br /> <asp:TextBox ID="TB_Password" runat="server" TextMode="Password"></asp:TextBox> <br /> <asp:Button ID="B_Login" runat="server" onclick="B_Login_Click" Text="Login" /> <br /> <asp:Literal ID="LI_Result" runat="server"></asp:Literal> </div> </form> </body> </html> Back End: using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; public partial class Login_Login_Test : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { if (!Page.IsPostBack) { Binder(); } } private void Binder() { using (DataClassesDataContext db = new DataClassesDataContext()) { DDL_Username.DataSource = from x in db.DT_Honeys select new { id = x.UsernameID, txt = x.Username }; DDL_Username.DataValueField = "id"; DDL_Username.DataTextField = "txt"; DDL_Username.DataBind(); } } protected void B_Login_Click(object sender, EventArgs e) { if (TB_Password.Text != "") { using (DataClassesDataContext db = new DataClassesDataContext()) { DT_Honey blah = new DT_Honey(); blah = db.DT_Honeys.SingleOrDefault(x => x.UsernameID == int.Parse(DDL_Username.SelectedValue.ToString())); if (blah == null) { LI_Result.Text = "Something went wrong :/"; } if (blah.Password == TB_Password.Text) { LI_Result.Text = "Credentials recognised :-)"; } else { LI_Result.Text = "Error with credentials :-("; } } } } } I am aware this problem is very common, but none of the help I have found online is useful/relevant. Any help/suggestions appreciated; thank you for your time :-).

    Read the article

  • Questions every good Java/J2EE Developer should be able to answer?

    - by Rachel
    I was going through Questions every good .Net developer should be able to answer and was highly impressed with the content and approach of this question, and so in the same spirit, I am asking this question for Java/J2EE Developer. What questions do you think should a good Java/J2EE programmer be able to answer? I am marking this question as community wiki as it is not user specific and it aims to serve programming community at large. Looking forward for some amazing responses. EDIT: Please answer questions too, as suggested in the comments, so that people could learn something new regarding the language, too.

    Read the article

  • Rails: translations for table's column.

    - by Andrew
    In rails application I have two models: Food and Drink. Both food and drink have a name, which has to be stored in two languages. How do I better realize translations for theese tables? First solution I realized was to replace name column with name_en and name_ru. Another solution is to encode with YAML hash like { :en => 'eng', :ru => 'rus' } and store yaml as a name. What would you recommend, assuming content is not static? Maybe there's good article?

    Read the article

  • Data-related security Implementation

    - by devdude
    Using Shiro we have a great security framework embedded in our enterprise application running on GF. You define users, roles, permissions and we can control at any fine-grain level if a user can access the application, a certain page or even click a specific button. Is there a recipe or pattern, that allows on top of that, to restrict a user from seeing certain data ? Sample: You have a customer table for 3 factories (part of one company). An admin user can see all customer records, but the user at the local factory must not see any customer data of other factories (for whatever reason). Te security feature should be part of the role definition. Thanks for any input and ideas

    Read the article

  • do I have both sql 05 and 08 installed?

    - by Blankman
    When in 'sql server configuration manager' I see, under 'sql server services', 2 items that look like sql server's: sql server (sqlexpress) sql server (mssqlserver) Does that mean I have 2 versions installed at the same time? The 'sql server (mssqlserver) is currently stopped).

    Read the article

  • Any difference in performance/compatibility of different languages in PostgreSQL?

    - by Igor
    In nowadays the PostgreSQL offers plenty of procedural languages: pl/pgsql, pl/perl, etc Are there any difference in the speed/memory consumption in procedures written in different languages? Does anybody have done any test? Is it true that to use the native pl/pgsql is the most correct choice? How the procedure written in C++ and compiled into loadable module differs in all parameter w.r.t. the user function written with pl/* languages?

    Read the article

  • 1 oracle schema support large reques per day , is this safe ?

    - by Hlex
    I 'm java system designer. As we have large project to do tightly, Those projects are java api without webpage. I design to create general flow engine to support all project. This idea use 1 oracle schema , having general transaction table . And others control routing table. They all nearly complete. But DBA Team concern that he is suffered to maintain very large request to 1 schema. 1 reason is if there are problem is some table. He must offline tablespace to fix. This is problem because all project will be affected. I try to convince by split data of each table to partition by project_code & "month number to delete" . Eaxmple partition: PROJ1_05 PROJ1_06 PROJ1_07 PROJ2_05 PROJ2_06 PROJ2_07 and all transaction table will store on its partition. So, If there are problem on any part of tablespace then he should offline some partition and another project with use same table should able to service Transaction per day should around 10Meg Record per day. Is this a good idea? If I must use 1 schema, what is strategy to do? Do you have any comment?

    Read the article

  • PDO update with conditional?

    - by dmontain
    I have a PDO mysql that updates 3 fields. $update = $mypdo->prepare("UPDATE tablename SET field1=:field1, field2=:field2, field3=:field3 WHERE key=:key"); But I want field3 to be updated only when $update3 = true; Is this possible to accomplish with a single query? I could do it with 2 queries where I update field1 and field2 then check the boolean and update field3 if needed in a separate query. But hopefully there is a way to accomplish this in 1 query?

    Read the article

  • Which key value store is the most promising/stable?

    - by Mike Trpcic
    I'm looking to start using a key/value store for some side projects (mostly as a learning experience), but so many have popped up in the recent past that I've got no idea where to begin. Just listing from memory, I can think of: CouchDB MongoDB Riak Redis Tokyo Cabinet Berkeley DB Cassandra MemcacheDB And I'm sure that there are more out there that have slipped through my search efforts. With all the information out there, it's hard to find solid comparisons between all of the competitors. My criteria and questions are: (Most Important) Which do you recommend, and why? Which one is the fastest? Which one is the most stable? Which one is the easiest to set up and install? Which ones have bindings for Python and/or Ruby? Edit: So far it looks like Redis is the best solution, but that's only because I've gotten one solid response (from ardsrk). I'm looking for more answers like his, because they point me in the direction of useful, quantitative information. Which Key-Value store do you use, and why? Edit 2: If anyone has experience with CouchDB, Riak, or MongoDB, I'd love to hear your experiences with them (and even more so if you can offer a comparative analysis of several of them)

    Read the article

  • sudoer scheme for a web developer that retains future control of a server?

    - by Tchalvak
    Background I have a server that I'm looking to set up, and provide access to another web developer. I don't want to put many constraints on him, though I wouldn't mind isolating the site that he'll be developing from others on the server that I will develop. The problem Mainly what I want is to make sure that I retain control over the server in the future. I want to reserve the ability to create/promote/demote and other administrative functions that don't deal with web software. If I make him an admin, he can sudo su - and become root and remove root control from me, for example. What is a good setup for the sudoers file so that he can do things like: *install software (through apt-get) restart apache access mysql configure mysql/apache reboot edit web development configuration type files in /etc * And can't do things like: take away other admin permissions change the root password have control over other security/administrative functions Example sudoer files that accomplish something like that could be useful, I'm sure that people have needed to do this before.

    Read the article

  • SQL Select * from multiple tables

    - by zaf
    Using PHP/PDO is it possible to use a wildcard for the columns when a select is done on multiple tables and the returned array keys are fully qualified to avoid column name clash? example: SELECT * from table1, table2; gives: Array keys are 'table1.id', 'table2.id', 'table1.name' etc. I tried "SELECT table1.*,table2.* ..." but the returned array keys were not fully qualified so columns with the same name clashed and were overwritten.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 343 344 345 346 347 348 349 350 351 352 353 354  | Next Page >