Search Results

Search found 23955 results on 959 pages for 'insert query'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 407/959 | < Previous Page | 403 404 405 406 407 408 409 410 411 412 413 414  | Next Page >

  • Are Parameters really enough to prevent Sql injections?

    - by Rune Grimstad
    I've been preaching both to my colleagues and here on SO about the goodness of using parameters in SQL queries, especially in .NET applications. I've even gone so far as to promise them as giving immunity against SQL injection attacks. But I'm starting to wonder if this really is true. Are there any known SQL injection attacks that will be successfull against a parameterized query? Can you for example send a string that causes a buffer overflow on the server? There are of course other considerations to make to ensure that a web application is safe (like sanitizing user input and all that stuff) but now I am thinking of SQL injections. I'm especially interested in attacks against MsSQL 2005 and 2008 since they are my primary databases, but all databases are interesting. Edit: To clarify what I mean by parameters and parameterized queries. By using parameters I mean using "variables" instead of building the sql query in a string. So instead of doing this: SELECT * FROM Table WHERE Name = 'a name' We do this: SELECT * FROM Table WHERE Name = @Name and then set the value of the @Name parameter on the query / command object.

    Read the article

  • Dependency injection and factory

    - by legenden
    Trying to figure out how to best handle the following scenario: Assume a RequestContext class which has a dependency to an external service, such as: public class RequestContext : IRequestContext { private readonly ServiceFactory<IWeatherService> _weatherService; public RequestContext(ServiceFactory<IWeatherService> weatherService, UserLocation location, string query) { _weatherService = weatherService; ... What sort of dependency should I require in the class that will ultimately instantiate RequestContext? It could be ServiceFactory<IWeatherService>, but that doesn't seem right, or I could create an IRequestContextFactory for it along the lines of: public class RequestContextFactory : IRequestContextFactory { private readonly ServiceFactory<IWeatherService> _weatherService; public RequestContextFactory(ServiceFactory<IWeatherService> weatherService) { _weatherService = weatherService; } public RequestContext Create(UserLocation location, string query) { return new RequestContext(_weatherService, location, query); } } And then pass the IRequestContextFactory through constructor injection. This seems like a good way to do it, but the problem with this approach is that I think it hinders discoverability (devs must know about the factory and implement it, which is not really apparent). Is there a better/more discoverable way that I'm missing?

    Read the article

  • URL Navigation and SQL Insertion After RadioButtonList Selection

    - by SidC
    Good Morning, I have a radiobuttonlist in my ASP.NET webforms application that is used as a voting tool. The concept is as follows: Users will vote for the blurb in the contentplaceholder using the radiobuttonlist. My list item values are 1 through 3 and my list item text is something like low, medium and high. Questions: 1. I want to save and accumulate votes for a given blurb. The blurb ID is referenced in a meta tag on the content page. How do I reference the meta tag in my SQL insert statement? 2. When the radiobuttonlist is used, can it cause the next content page to be loaded after the SQL insert is done? That is, I don't necessarily want the user to make the radiobuttonlist selection, then have to click a separate button to cast vote and move to next page. I want all that done in the radiobuttonlist. Is this possible? Thanks, Sid

    Read the article

  • SqlCe odd results why? -- Same SQL, different results in different apps. Issue with

    - by NitroxDM
    When I run this SQl in my mobile app I get zero rows. select * from inventory WHERE [ITEMNUM] LIKE 'PUMP%' AND [LOCATION] = 'GARAGE' When I run the same SQL in Query Analyzer 3.5 using the same database I get my expected one row. Why the difference? Here is the code I'm using in the mobile app: SqlCeCommand cmd = new SqlCeCommand(Query); cmd.Connection = new SqlCeConnection("Data Source="+filePath+";Persist Security Info=False;"); DataTable tmpTable = new DataTable(); cmd.Connection.Open(); SqlCeDataReader tmpRdr = cmd.ExecuteReader(); if (tmpRdr.Read()) tmpTable.Load(tmpRdr); tmpRdr.Close(); cmd.Connection.Close(); return tmpTable; UPDATE: For the sake of trying I used the code found in one of the answers found here and it works as expected. So my code looks like this: SqlCeConnection conn = new SqlCeConnection("Data Source=" + filePath + ";Persist Security Info=False;"); DataTable tmpTable = new DataTable(); SqlCeDataAdapter AD = new SqlCeDataAdapter(Query, conn); AD.Fill(tmpTable); The issue appears to be with the SqlCeDataReader. Hope this helps someone else out!

    Read the article

  • MySqlDataReader giving error at build

    - by TuxMeister
    Hey there. I have a function in VB.net that authenticates a user towards a MySQL DB before launching the main application. Here's the code of the function: Public Function authConnect() As Boolean Dim dbserver As String Dim dbuser As String Dim dbpass As String dbserver = My.Settings.dbserver.ToString dbuser = My.Settings.dbuser.ToString dbpass = My.Settings.dbpass.ToString conn = New MySqlConnection myConnString = "server=" & dbserver & ";" & "user id=" & dbuser & ";" & "password=" & dbpass & ";" & "database=rtadmin" Dim myCommand As New MySqlCommand Dim myAdapter As New MySqlDataAdapter Dim myData As New DataTable Dim myDataReader As New MySqlDataReader Dim query As String myCommand.Parameters.Add(New MySqlParameter("?Username", login_usr_txt.Text)) myCommand.Parameters.Add(New MySqlParameter("?Password", login_pass_txt.Text)) query = "select * from users where user = ?Username and passwd = ?Password" conn.ConnectionString = myConnString Try conn.Open() Try myCommand.Connection = conn myCommand.CommandText = query myAdapter.SelectCommand = myCommand myDataReader = myCommand.ExecuteReader If myDataReader.HasRows() Then MessageBox.Show("You've been logged in.", "RT Live! Information", MessageBoxButtons.OK, MessageBoxIcon.Information) End If Catch ex As Exception End Try Catch ex As Exception End Try End Function The function is not yet complete, there are a few other things that need to be done before launching the application, since I'm using a MessageBox to display the result of the login attempt. The error that I'm getting is the following: Error 1 'MySql.Data.MySqlClient.MySqlDataReader.Friend Sub New(cmd As MySql.Data.MySqlClient.MySqlCommand, statement As MySql.Data.MySqlClient.PreparableStatement, behavior As System.Data.CommandBehavior)' is not accessible in this context because it is 'Friend'. C:\Users\Mario\documents\visual studio 2010\Projects\Remote Techs Live!\Remote Techs Live!\Login.vb 43 13 Remote Techs Live! Any ideas? Thanks.

    Read the article

  • SQL Server: Output an XML field as tabular data using a stored procedure

    - by Pawan
    I am using a table with an XML data field to store the audit trails of all other tables in the database. That means the same XML field has various XML information. For example my table has two records with XML data like this: 1st record: <client> <name>xyz</name> <ssn>432-54-4231</ssn> </client> 2nd record: <emp> <name>abc</name> <sal>5000</sal> </emp> These are the two sample formats and just two records. The table actually has many more XML formats in the same field and many records in each format. Now my problem is that upon query I need these XML formats to be converted into tabular result sets. What are the options for me? It would be a regular task to query this table and generate reports from it. I want to create a stored procedure to which I can pass that I need to query "<emp>" or "<client>", then my stored procedure should return tabular data.

    Read the article

  • Help Reading Binary Image Data from SQL Server into PHP

    - by Joe Majewski
    I cannot seem to figure out a way to read binary data from SQL server into PHP. I am working on a project where I need to be able to store the image directly in the SQL table, not on the file system. Currently, I have been using a query like this one: INSERT INTO myTable(Document) SELECT * FROM OPENROWSET(BULK N'C:\image.jpg', SINGLE_BLOB) as BLAH This works fine to actually insert the image into the table, but I haven't yet figured a way to retrieve it and get my image back. I am doing this with PHP, and ultimately will have to make a stored procedure out of it, but can anyone enlighten me on a way to get that binary data (varbinary(MAX)) and generate an image on the fly. I expected it to be simple to use a SELECT statement and add a content-type to the headers that indicated it was an image, but it's simply not working. Instead, the page will just display the name of the file, which I have encountered in the past and understand it to be an error with the image data.

    Read the article

  • Rails 3.1. Cocoon link_to_add_association example needed

    - by BazZy
    pls show any example of using Cocoon's 'link_to_add_association' with html_options. https://github.com/nathanvda/cocoon Documentation says: html_options: extra html-options (see link_to) There are two extra options that allow to conrol the placement of the new link-data: data-association-insertion-node : the jquery selector of the node data-association-insertion-position : insert the new data before or after the given node. But i can not understand what to do, if i want insert partial just before my "add element" link. Not just after parent's div begin. This not gonna work: <%= link_to_add_association "add element", f, :production_years, :position = "after_all" %

    Read the article

  • How can I make multi-line, vertically and horizontally aligned labels for radio buttons in HTML Form

    - by Patrick Klingemann
    Assuming the following markup: <fieldset> <legend>Radio Buttons</legend> <ol> <li> <input type="radio" id="x"> <label for="x"><!-- Insert multi-line markup here --></label> </li> <li> <input type="radio" id="x"> <label for="x"><!-- Insert multi-line markup here --></label> </li> </ol> </fieldset> How do I style radio button labels so that they look like the following in most browsers (IE6+, FF, Safari, Chrome:

    Read the article

  • Need some help to determine the amount of recursive calls in PHP

    - by Ben Fransen
    Hi all, I've got a, I think fairly easy question, but this is bugging me for a while now. So I figured, maybe I can get some help here. Since recursive functions are always a bit tricky, and sometimes a bit unclear to me, I keep struggling to create a nice working solution to get my menudata. In one of my classes I have this function, which gives me all menu-items recursivly. The thing I want is to determine at which recursionlevel a certain object was retrieved so I can create a nicely looking HTML output with indents for the levels of nesting. public function GetObjectList($parentID = 0, $objectlist = null) { if(is_null($objectlist)) { $objectlist = new ObjectList("Model_Navigation"); } $query = MySQL::Query("SELECT * FROM `Navigation` WHERE `WebsiteID` = ".SITE_ID. " AND `LanguageID` = ".LANG_ID." AND `ParentID` = ".$parentID); while($result = MySQL::FetchAssoc($query)) { $object = new Model_Navigation(); $object->ID = $result["ID"]; $object->WebsiteID = $result["WebsiteID"]; $object->LanguageID = $result["LanguageID"]; $object->ParentID = $result["ParentID"]; $object->Name = $result["Name"]; $object->Page = Model_Page::GetObjectByID($result["PageID"]); $object->ExternalURL = $result["ExternalURL"]; $object->Index = $result["Index"]; $object->Level = [here lies my problem]; $objectlist->Add($object); self::GetObjectList($object->ID, $objectlist); } return $objectlist; } Hope to hear from you! Greetings from Holland, Ben Fransen

    Read the article

  • C++ boost.asio server and client connection undersanding

    - by Edgar Buchvalov
    i started learning boost.asio and i have some problems with undersanding tcp connections. There is example from official boost site: #include <ctime> #include <iostream> #include <string> #include <boost/asio.hpp> using boost::asio::ip::tcp; std::string make_daytime_string() { using namespace std; // For time_t, time and ctime; time_t now = time(0); return ctime(&now); } int main() { try { boost::asio::io_service io_service; tcp::acceptor acceptor(io_service, tcp::endpoint(tcp::v4(), 13)); for (;;) { tcp::socket socket(io_service); acceptor.accept(socket); std::string message = make_daytime_string(); boost::system::error_code ignored_error; boost::asio::write(socket, boost::asio::buffer(message), boost::asio::transfer_all(), ignored_error); } } catch (std::exception& e) { std::cerr << e.what() << std::endl; } return 0; } there is question, why if i want to connet to this server via client i have t write: boost::asio::io_service io_service; tcp::resolver resolver(io_service); tcp::resolver::query query(host_ip, "daytime"); //why daytime? tcp::resolver::iterator endpoint_iterator = resolver.resolve(query); tcp::resolver::iterator end; why daytime?, what it meant and where it is inicialized in server, or i just doesn't missed somefing? there is full client code : www.boost.org/doc/libs/1_39_0/doc/html/boost_asio/tutorial/tutdaytime1.html thanks for explanation in advance

    Read the article

  • Logging into table in MS SQL trigger

    - by Martin
    I am coding MS SQL 2005 trigger. I want to make some logging during trigger execution, using INSERT statement into my log table. When there occurs error during execution, I want to raise error and cancel action that cause trigger execution, but not to lose log records. What is the best way to achieve this? Now my trigger logs everything except situation when there is error - because of ROLLBACK. RAISERROR statement is needed in order to inform calling program about error. Now, my error handling code looks like: if (@err = 1) begin INSERT INTO dbo.log(date, entry) SELECT getdate(), 'ERROR: ' + out from #output RAISERROR (@msg, 16, 1) rollback transaction return end

    Read the article

  • sending email with codeigniter

    - by Maru
    I have this MODEL and I get the email which I want to send class Cliente_Model extends CI_Model{ public function getInfo($id){ $this->db->select('*'); $this->db->from('pendientes'); $query = $this->db->get(); if($query->num_rows() > 0) { foreach ($query->result_array() as $row) { return $row['email']; } } else { return FALSE; } } } CONTROLLER $this->load->model('cliente_model', 'client'); $clientInfo = $this->client->getInfo($id); $this->email->from('[email protected]', 'Demo'); $this->email->to($clientInfo); $this->email->subject('Email Test'); $this->email->message('your user is '.$clientInfo.' and your password is '.$clave); $this->email->send(); and I need some help here, I can get the email and it can send it perfectly but in the message I need to send the password also and I don't know how I can get it from the model. thanks in advance!

    Read the article

  • B-Tree Revision

    - by stan
    Hi, If we are looking for line intersections (horizontal and vertical lines only) and we have n lines with half of them vertical and no intersections then Sorting the list of line end points on y value will take N log N using mergesort Each insert delete and search of our data structue (assuming its a b-tree) will be < log n so the total search time will be N log N What am i missing here, if the time to sort using mergesort takes a time of N log N and insert and delete takes a time of < log n are we dropping the constant factor to give an overal time of N log N. If not then how comes < log n goes missing in total ONotation run time? Thanks

    Read the article

  • .net Studio Local Database

    - by testerwpf
    Hello everyone, i am designing a local database in .net with wpf as gui. I have added a new database, and added a new table. Through the TableAdapter i generated 2 statements ( 1 statement is a select stmt and 1 is a insert) , i insert name and firstname (id is auto generated). It works fine, i can display the table in a datagrid (wpf toolkit) and also add new items (name,firstname), when i close and start the application everything is fine (data in table is stored) BUT when i try to preview data in my database dataset (where my Adapters exist) , no data is displayed and then the table gets deleted.. why? public partial class MainWindow : Window { public MainWindow() { this.InitializeComponent(); PlayerTableAdapter objPlayerTableAdapter = new PlayerTableAdapter(); objDataGridResults.ItemsSource = objPlayerTableAdapter.GetDataAllPlayer(); } //Button Event onClick private void m_voidAddPlayer(object sender, System.Windows.RoutedEventArgs e) { PlayerTableAdapter objPlayerTableAdapter = new PlayerTableAdapter(); objPlayerTableAdapter.InsertQueryPlayer(objTextBoxPlayerName.Text.ToString(), objTextBoxPlayerFirstName.Text.ToString()); objDataGridResults.ItemsSource = objPlayerTableAdapter.GetDataAllPlayer(); } }

    Read the article

  • Creating an Excel file using .NET (C#) - Problems with columns headers!

    - by tsocks
    Hello, I want to create & fill a .xls file using ADO.NET or LINQ, but I do not want to have the columns names in the first row. I just want to insert rows starting in row no. 1. I know I have to insert colums first, but... is there a way to 'hide' those columns headers? The problem is that, in first row of my spreadsheet, I must have only two values (one in A1 and the other in B1), but in the remaining rows I'll be inserting more than just two values (maximum 15 columns). I'm open to suggestions/hacks/tricks even if that's not the best way of doing this. Thanks!

    Read the article

  • How to perform Linq select new with datetime in SQL 2008

    - by kd7iwp
    In our C# code I recently changed a line from inside a linq-to-sql select new query as follows: OrderDate = (p.OrderDate.HasValue ? p.OrderDate.Value.Year.ToString() + "-" + p.OrderDate.Value.Month.ToString() + "-" + p.OrderDate.Value.Day.ToString() : "") To: OrderDate = (p.OrderDate.HasValue ? p.OrderDate.Value.ToString("yyyy-mm-dd") : "") The change makes the line smaller and cleaner. It also works fine with our SQL 2008 database in our development environment. However, when the code deployed to our production environment which uses SQL 2005 I received an exception stating: Nullable Type must have a value. For further analysis I copied (p.OrderDate.HasValue ? p.OrderDate.Value.ToString("yyyy-mm-dd") : "") into a string (outside of a Linq statement) and had no problems at all, so it only causes an in issue inside my Linq. Is this problem just something to do with SQL 2005 using different date formats than from SQL 2008? Here's more of the Linq: dt = FilteredOrders.Where(x => x != null).Select(p => new { Order = p.OrderId, link = "/order/" + p.OrderId.ToString(), StudentId = (p.PersonId.HasValue ? p.PersonId.Value : 0), FirstName = p.IdentifierAccount.Person.FirstName, LastName = p.IdentifierAccount.Person.LastName, DeliverBy = p.DeliverBy, OrderDate = p.OrderDate.HasValue ? p.OrderDate.Value.Date.ToString("yyyy-mm-dd") : ""}).ToDataTable(); This is selecting from a List of Order objects. The FilteredOrders list is from another linq-to-sql query and I call .AsEnumerable on it before giving it to this particular select new query. Doing this in regular code works fine: if (o.OrderDate.HasValue) tempString += " " + o.OrderDate.Value.Date.ToString("yyyy-mm-dd");

    Read the article

  • Regex Searching in Emacs

    - by Inaimathi
    I'm trying to write some Elisp code to format a bunch of legacy files. The idea is that if a file contains a section like "<meta name=\"keywords\" content=\"\\(.*?\\)\" />", then I want to insert a section that contains existing keywords. If that section is not found, I want to insert my own default keywords into the same section. I've got the following function: (defun get-keywords () (re-search-forward "<meta name=\"keywords\" content=\"\\(.*?\\)\" />") (goto-char 0) ;The section I'm inserting will be at the beginning of the file (or (march-string 1) "Rubber duckies and cute ponies")) ;;or whatever the default keywords are When the function fails to find its target, it returns Search failed: "[regex here]" and prevents the rest of evaluation. Is there a way to have it return the default string, and ignore the error?

    Read the article

  • NHibernate stored procedure problem

    - by Calvin
    I'm having a hard time trying to get my stored procedure works with NHibernate. The data returned from the SP does not correspond to any database table. This is my mapping file: <?xml version="1.0" encoding="utf-8" ?> <hibernate-mapping xmlns="urn:nhibernate-mapping-2.2" assembly="DomainModel" namespace="DomainModel.Entities"> <sql-query name="DoSomething"> <return class="SomeClass"> <return-property name="ID" column="ID"/> </return> exec [dbo].[sp_doSomething] </sql-query> </hibernate-mapping> Here is my domain class: namespace DomainModel.Entities { public class SomeClass { public SomeClass() { } public virtual Guid ID { get; set; } } } When I run the code, it fails with Exception Details: NHibernate.HibernateException: Errors in named queries: {DoSomething} at line 80 Line 78: config.Configure(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "NHibernate.config")); Line 79: Line 80: g_sessionFactory = config.BuildSessionFactory(); When I debug into NHibernate code, it seems that SomeClass is not added to the persister dictionary because there isn't a class mapping (only sql-query) defined in hbm.xml. And later on in CheckNamedQueries function, it is not able to find the persistor for SomeClass. I've checked all the obvious things (e.g. make hbm as an embedded resource) and my code isn't too much different from other samples I found on the web, but somehow I just can't get it working. Any idea how I can resolve this issue?

    Read the article

  • SQL Server search filter and order by performance issues

    - by John Leidegren
    We have a table value function that returns a list of people you may access, and we have a relation between a search and a person called search result. What we want to do is that wan't to select all people from the search and present them. The query looks like this SELECT qm.PersonID, p.FullName FROM QueryMembership qm INNER JOIN dbo.GetPersonAccess(1) ON GetPersonAccess.PersonID = qm.PersonID INNER JOIN Person p ON p.PersonID = qm.PersonID WHERE qm.QueryID = 1234 There are only 25 rows with QueryID=1234 but there are almost 5 million rows total in the QueryMembership table. The person table has about 40K people in it. QueryID is not a PK, but it is an index. The query plan tells me 97% of the total cost is spent doing "Key Lookup" witht the seek predicate. QueryMembershipID = Scalar Operator (QueryMembership.QueryMembershipID as QM.QueryMembershipID) Why is the PK in there when it's not used in the query at all? and why is it taking so long time? The number of people total 25, with the index, this should be a table scan for all the QueryMembership rows that have QueryID=1234 and then a JOIN on the 25 people that exists in the table value function. Which btw only have to be evaluated once and completes in less than 1 second.

    Read the article

  • transactions and delete using fluent nhibernate

    - by Will I Am
    I am starting to play with (Fluent) nHibernate and I am wondering if someone can help with the following. I'm sure it's a total noob question. I want to do: delete from TABX where name = 'abc' where table TABX is defined as: ID int name varchar(32) ... I build the code based on internet samples: using (ITransaction transaction = session.BeginTransaction()) { IQuery query = session.CreateQuery("FROM TABX WHERE name = :uid") .SetString("uid", "abc"); session.Delete(query.List<Person>()[0]); transaction.Commit(); } but alas, it's generating two queries (one select and one delete). I want to do this in a single statement, as in my original SQL. What is the correct way of doing this? Also, I noticed that in most samples on the internet, people tend to always wrap all queries in transactions. Why is that? If I'm only running a single statement, that seems an overkill. Do people tend to just mindlessly cut and paste, or is there a reason beyond that? For example, in my query above, if I do manage it to get it from two queries down to one, i should be able to remove the begin/commit transaction, no? if it matters, I'm using PostgreSQL for experimenting.

    Read the article

  • How to efficiently SELECT rows from database table based on selected set of values

    - by Chau Chee Yang
    I have a transaction table of 1 million rows. The table has a field name "Code" to keep customer's ID. There are about 10,000 different customer code. I have an GUI interface allow user to render a report from transaction table. User may select arbitrary number of customers for rendering. I use IN operator first and it works for few customers: SELECT * FROM TRANS_TABLE WHERE CODE IN ('...', '...', '...') I quickly run into problem if I select few thousand customers. There is limitation using IN operator. An alternate way is create a temporary table with only one field of CODE, and inject selected customer codes into the temporary table using INSERT statement. I may then using SELECT A.* FROM TRANS_TABLE A INNER JOIN TEMP B ON (A.CODE=B.CODE) This works nice for huge selection. However, there is performance overhead for temporary table creation, INSERT injection and dropping of temporary table. Do you aware of better solution to handle this situation?

    Read the article

  • Inserting non-pod struct into a GHashTable

    - by RikSaunderson
    Hi there, I'm trying to build a GHashTable of instances of a struct containing ints, a time_t and a few char*'s. My question is, how do you insert an instance of a struct into a GHashTable? there are plenty of examples of how to insert a string or an int (using g_str_hash and g_int_hash respectively), but I'm guessing thatI want to use the g_direct_hash, and I can't seem to find any examples of that. Ideally, my code would look like this: GHashtable table; table = g_hash_table_new(g_direct_hash, g_direct_equal); struct mystruct; mystruct.a = 1; mystruct.b = "hello"; mystruct.c = 5; mystruct.d = "test"; g_hash_table_insert(table,mystruct.a,mystruct); Clearly, this is incorrect as it does not compile. Can anyone provide an example that does do what I want? Thanks, Rik

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 403 404 405 406 407 408 409 410 411 412 413 414  | Next Page >