Search Results

Search found 98443 results on 3938 pages for 'sql server'.

Page 408/3938 | < Previous Page | 404 405 406 407 408 409 410 411 412 413 414 415 | Next Page >

Potential for SQL injection here?

- by Matt Greer

This may be a really dumb question but I figure why not... I am using RIA Services with Entity Framework as the back end. I have some places in my app where I accept user input and directly ask RIA Services (and in turn EF and in turn my database) questions using their data. Do any of these layers help prevent security issues or should I scrub my data myself? For example, whenever a new user registers with the app, I call this method: [Query] public IEnumerable<EmailVerificationResult> VerifyUserWithEmailToken(string token) { using (UserService userService = new UserService()) { // token came straight from the user, am I in trouble here passing it directly into // my DomainService, should I verify the data here (or in UserService)? User user = userService.GetUserByEmailVerificationToken(token); ... } } (and whether I should be rolling my own user verification system is another issue altogether, we are in the process of adopting MS's membership framework. I'm more interested in sql injection and RIA services in general)

Read the article
Storing And Using Microsoft User Account Credentials in MS SQL Srv 2008 Database

- by instantmusic

I'm not exactly positive how to word this for the sake of the title so please forgive me. Also I can't seem to figure out how to even google this question, so I'm hoping that I can get a lead in the right direction. Part of my software(VB.NET App) requires the ability to access/read/write a shared network folder. I have an option for the user to specify any credentials that might be needed to access said folder. I want to store these credentials given in the MS SQL Database as part of the config(I have a table which contains configuration). My concern is that the password for the user account will be unencrpyted. Yet, if I encrypt the password the VB.NET App And/Or database will be unable to use the credentials for file i/o operations unless the Password is unencrypted before use. I'm fishing for suggestions on how to better handle this situation.

Read the article
SQL Server 2008 - Conditional Range

- by user208662

Hello, I have a database that has two tables. These two tables are defined as: Movie ----- ID (int) Title (nvchar) MovieReview ----------- ID (int) MovieID (int) StoryRating (decimal) HumorRating (decimal) ActingRating (decimal) I have a stored procedure that allows the user to query movies based on other user's reviews. Currently, I have a temporary table that is populated with the following query: SELECT m.*, (SELECT COUNT(ID) FROM MovieReivew r WHERE r.MovieID=m.ID) as 'TotalReviews', (SELECT AVG((r.StoryRating + r.HumorRating + r.ActingRating) / 3) FROM MovieReview r WHERE r.MovieID=m.ID) as 'AverageRating' FROM Movie m In a later query in my procedure, I basically want to say: SELECT * FROM MyTempTable t WHERE t.AverageRating >= @lowestRating AND t.AverageRating <= @highestRating My problem is, sometimes AverageRating is zero. Because of this, I'm not sure what to do. How do I handle this scenario in SQL?

Read the article
VB.NET - ASP.NET - MS-Access - SQL Statement

- by Brian

I have a button which when pressed, sets the user's rights in the db. (If Administrator UserTypeID is set to '2' and if Customer it is set to '1'). However when I run the below code, everything remains the same. I think it's from the SQL statement but I;m not sure. Can anyone help please? Protected Sub btnSetUser_Click(sender As Object, e As System.EventArgs) Handles btnSetUser.Click Dim conn As New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\Brian\Documents\Visual Studio 2010\WebSites\WebSite3\db.mdb;") Dim cmd As OleDbCommand = New OleDbCommand("UPDATE [User] SET [UserTypeID] WHERE Username=?", conn) conn.Open() cmd.Parameters.AddWithValue("@Username", txtUser.Text) If ddUserType.SelectedItem.Text = "Administrator" Then cmd.Parameters.AddWithValue("@UserTypeID", "2") cmd.ExecuteNonQuery() lblSetUser.Text = txtUser.Text + "was set to Administrator." ElseIf ddUserType.SelectedItem.Text = "Customer" Then cmd.Parameters.AddWithValue("@UserTypeID", "1") cmd.ExecuteNonQuery() lblSetUser.Text = txtUser.Text + "was set to Customer." End If conn.Close() End Sub End Class

Read the article
problem with sql job and datetime parameter

- by geoff swartz

Another developer created a stored procedure that is set up to run as a sql job each month. It takes one parameter of datetime. When I try to invoke it in the job or in just a query window I get an error "Incorrect syntax near ')'" The call to execute it is... exec CreateHeardOfUsRecord getdate() When I give it a hard coded date like exec CreateHeardOfUsRecord '4/1/2010' it works fine. Any idea why I can't use getdate() in this context? Thanks.

Read the article
Minimizing SQL queries using join with one-to-many relationship

- by Brian

So let me preface this by saying that I'm not an SQL wizard by any means. What I want to do is simple as a concept, but has presented me with a small challenge when trying to minimize the amount of database queries I'm performing. Let's say I have a table of departments. Within each department is a list of employees. What is the most efficient way of listing all the departments and which employees are in each department. So for example if I have a department table with: id name 1 sales 2 marketing And a people table with: id department_id name 1 1 Tom 2 1 Bill 3 2 Jessica 4 1 Rachel 5 2 John What is the best way list all departments and all employees for each department like so: Sales Tom Bill Rachel Marketing Jessica John Pretend both tables are actually massive. (I want to avoid getting a list of departments, and then looping through the result and doing an individual query for each department). Think similarly of selecting the statuses/comments in a Facebook-like system, when statuses and comments are stored in separate tables.

Read the article
I cannot connect to SQL Server Express using VB.NET

- by konin

Can someone tell me what I am missing? I am using this connection string to connect to my database and still it won't connect: Dim str As String = "Provider = .NET Framework Data Provider for SQL Server; Data Source=C:\Users\konin\Documents\UHMS\bin\Debug\UHMS.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True" This is the process I used to get the data source: right-click the database select properties and click select data source I hope I am clear enough. Thanks for reading. Edit: Error Message is as follows: unable to connect to database please contact administrator

Read the article
SQL Table Setup Advice

- by Ozzy

Hi all. Basically I have an xml feed from an offsite server. The xml feed has one parameter ?value=n now N can only be between 1 and 30 What ever value i pick, there will always be 4000 rows returned from the XML file. My script will call this xml file 30 times for each value once a day. So thats 120000 rows. I will be doing quite complicated queries on these rows. But the main thing is I will always filter by value first so SELECT * WHERE value = 'N' etc. That will ALWAYS be used. Now is it better to have one table where all 120k rows are stored? or 30 tables were 4k rows are stored? EDIT: the SQL database in question will be MySQL

Read the article
formatting the output of a sql query.

- by randeepsp

Hi! I am using solaris os. from solaris im logging into sql plus. my database is oracle 9i. i am spooling the output of my query into a file. i want in .csv format so that i can copy it into excel. can any1 help me out. my query is like. select name,id,location from employee;

Read the article
What's wrong with this SQL Server query ?

- by ClixNCash

What's wrong this T-SQL query : Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click Dim SQLData As New System.Data.SqlClient.SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True") Dim cmdSelect As New System.Data.SqlClient.SqlCommand("SELECT COUNT(*) FROM Table1 WHERE Name ='" + TextBox1.Text + "'", SQLData) SQLData.Open() If cmdSelect.ExecuteScalar > 0 Then Label1.Text = "You have already voted this service" Return End If Dim con As New SqlConnection Dim cmd As New SqlCommand con.Open() cmd.Connection = con cmd.CommandText = "INSERT INTO Tabel1 (Name) VALUES('" & Trim(Label1.Text) & "')" cmd.ExecuteNonQuery() Label1.Text = "Thank You !" SQLData.Close() End Sub

Read the article
T-SQL out of order insert

- by tearman

Basically I have a User-Defined Table Type (for use as a table-valued variable) which I'm referencing in a stored procedure that effectively just calls two other stored procedures, then inserts those values into the table type. Id est INSERT INTO @tableValuedVariable (var1, var2, var3, var4, var5) EXEC [dbo].StoredProcedure1; INSERT INTO @tableValuedVariable (var1, var2, var5) EXEC [dbo].StoredProcedure2; You can probably already tell what I'm going to ask. Basically StoredProcedure2 only returns a few of the values the table is set to hold, and I'd like those other variables to just be null (as defined as default). Only SQL is complaining that I'm not specifying all the variables available to that table. The return datasets can be quite sizable so I'd like to avoid loops and such for obvious reasons. Thanks for any help.

Read the article
Please help me to create a insert query (error of foreign key constrant)

- by Rajesh Rolen- DotNet Developer

I want to move data from one database's table to another database's table its giving me foreign key error. please tell me how can i insert all those data which is valid except those rows who have error of foreign key. i am using sql server 2005 My query is : SET IDENTITY_INSERT City ON INSERT INTO City ([cityid],[city],[country],[state],[cityinfo] ,[enabled],[countryid],[citycode],[stateid],[latitude],[longitude]) SELECT [cityid],[city],[country],[state],[cityinfo] ,[enabled],[countryid],[citycode],[stateid],[latitude],[longitude] FROM TD.DBo.City getting this error: The INSERT statement conflicted with the FOREIGN KEY constraint "FK__city__countryid__3E52440B". The conflict occurred in database "schoolHigher", table "dbo.country", column 'countryId'. please tell how can i move those data whose foreign key is valid.

Read the article
Procedure or function expects parameter which was not supplied

- by eftpotrm

Driving me mad on a personal project; I know I've done this before but elsewhere and don't have the code. As far as I can see, I'm setting the parameter, I'm setting its value, the connection is open, yet when I try to fill the dataset I get the error 'Procedure or function expects parameter "@test" which was not supplied'. (This is obviously a simplified test! Same error on this or the real, rather longer code though.) C#: SqlCommand l_oCmd; DataSet l_oPage = new DataSet(); l_oCmd = new SqlCommand("usp_test", g_oConn); l_oCmd.Parameters.Add(new SqlParameter("@test", SqlDbType.NVarChar)); l_oCmd.Parameters[0].Value = "hello world"; SqlDataAdapter da = new SqlDataAdapter(l_oCmd); da.Fill(l_oPage); SQL: create procedure usp_test ( @test nvarchar(1000) ) as select @test What have I missed?

Read the article
Prepare and import data into existing database

- by Álvaro G. Vicario

I maintain a PHP application with SQL Server backend. The DB structure is roughly this: lot === lot_id (pk, identify) lot_code building ======== buildin_id (pk, identity) lot_id (fk) inspection ========== inspection_id (pk, identify) building_id (fk) date inspector result The database already has lots and buildings and I need to import some inspections. Key points are: It's a one-time initial load. Data comes in an Excel file. The Excel data is unaware of DB autogenerated IDs: inspections must be linked to buildings through their lot_code What are my options to do such data load? date inspector result lot_code ========== =========== ======== ======== 31/12/2009 John Smith Pass 987654X 28/02/2010 Bill Jones Fail 123456B

Read the article
SQL: Find difference between dates with grouping

- by ajbeaven

I have a problem that seems similar to this fellow - I just want to display the data slightly differently. I'm pretty terrible with SQL so can't modify it to suit, but perhaps someone else can. My table looks similar to this (date format is dd/mm/yyyy): ID User Date_start Role 1 Andy 01/04/2010 A 2 Andy 10/04/2010 B 3 Andy 20/04/2010 A 4 John 02/05/2010 A I want to show the total number of days that anyone was in a certain role. Users stay in the role until there is another entry into the table. Users can only be in one role at a time. So the summary data would look like this (assuming that the date is 04/05/2010): A: 26 days B: 10 days Thanks for any help :)

Read the article
MS Sql Full-text search vs. LIKE expression

- by Marks

Hi. I'm currently looking for a way to search a big database (500MB - 10GB or more on 10 tables) with a lot of different fields(nvarchars and bigints). Many of the fields, that should be searched are not in the same table. An example: A search for '5124 Peter' should return all items, that ... have an ID with 5124 in it, have 'Peter' in the title or description have item type id with 5124 in it created by a user named 'peter' or a user whose id has 5124 in it created by a user with '5124' or 'peter' in his street address. How should i do the search? I read that the full-text search of MS-Sql is a lot more performant than a query with the LIKE keyword and i think the syntax is more clear, but i think it cant search on bigint(id) values and i read it has performance problems with indexing and therefore slows down inserts to the DB. In my project there will be more inserting than reading, so this could be a matter. Thanks in advance, Marks

Read the article
sql select statement with a group by

- by user85116

I have data in 2 tables, and I want to create a report. Table A: tableAID (primary key) name Table B: tableBID (primary key) grade tableAID (foreign key, references Table A) There is much more to both tables, but those are the relevant columns. The query I want to run, conceptually, is this: select TableA.name, avg(TableB.grade) where TableB.tableAID = TableA.tableAID The problem of course is that I'm using an aggregate function (avg), and I can rewrite it like this: select avg(grade), tableAID from TableB group by tableAID but then I only get the ID of TableA, whereas I really need that name column which appears in TableA, not just the ID. Is it possible to write a query to do this in one statement, or would I first need to execute the second query I listed, get the list of id's, then query each record in TableA for the name column... seems to me I'm missing something obvious here, but I'm (quite obviously) not an sql guru...

Read the article
node.js with SQL Server Native Client 11 scope_identity not being returned

- by binderbound

I'm having trouble with inserting a value into a database through node.js. Here is the offending code: sql.query(conn_str ,"INSERT INTO Login(email, hash, salt, firstName, lastName) VALUES(?, ?, ?, ?, ?); SELECT SCOPE_IDENTITY() AS 'Identity';" , [email, hash, salt, firstName, lastName], function(err, results){ console.log(results) } Unfortunately, the console is just echoing [], meaning results is an empty array, I suppose. Does anyone know why the identity is not being returned? Even if it was null, why isn't results then [{Identity: null }] ? Database is on Azure, which does have a "Scope_Identity" function, and the native client also recognises this function. Using node package "msnodesql" Please Help

Read the article
SQL - Counting sets of Field-B values for each Field-A value

- by potrnd

Hello, First of all sorry that I could not think of a more descriptive title. What I want to do is the following using only SQL: I have some lists of strings, list1, list2 and list3. I have a dataset that contains two interesting columns, A and B. Column A contains a TransactionID and column B contains an ItemID. Naturally, there can be multiple rows that share the same TransactionIDs. I need to catch those transactions that have at least one ItemID in each and every list (list1 AND list2 AND list3). I also need to count how many times does that happen for each transaction. [EDIT] That is, count how many full sets of ItemIDs there are for each TransactionID", "Full Set" being any element of the list1 with any element of the list2 with any element of the list3 I hope that makes enough sense, perhaps I will be able to explain it better with a clear head. Thanks in advance

Read the article
Query to return internal details about stored function in SQL Server database

- by Anthony

I have been given access to a SQL Server database that is currently used by 3rd party app. As such, I don't have any documentation on how that application stores the data or how it retrieves it. I can figure a few things out based on the names of various tables and the parameters that the user-defined functions takes and returns, but I'm still getting errors at every other turn. I was thinking that it would be really helpful if I could see what the stored functions were doing with the parameters given to return the output. Right now all I've been able to figure out is how to query for the input parameters and the output columns. Is there any built-in information_schema table that will expose what the function is doing between input and output?

Read the article
C# and Linq: Generating SQL Backup/Restore From Code

- by mdvaldosta

I'm working with a C# and Linq to SQL Winforms app and needed to integrate backup and restores through the program. I used SMO and got it working pretty smoothly. The issue, however, is that the app is deployed using ClickOnce, which I like very much - but since I had to include the dll's the download size jumped from 3mb = 15mb. I know they've only got to download it once, but it also sucks for me as Visual Studio 2010 seems to upload the dll's every time and that takes a while on AT&T broadband (eh). So, anyone have any suggestion on how I can work out an effective backup/restore solution without using SMO objects?

Read the article
Recovering transaction log from corrupt SQL database

- by Don Kirkham

We have a database that is backed up weekly in simple mode. Yesterday, we had a crc error corrupt the mdf file and we were unable to save it. I restored the backup from last week, but now we have a gap from the time of the backup to the time of the restore. Since I have the ldf file from that database, is there any way to "replay" that transaction log to fill in the gap? I have tried reattaching the ldf file to the recovered mdf file, but SQL will not allow me to do that. (It just creates a new ldf file with a different name when I reattach the database.) Any ideas would help. This is a lot of data to lose and although it is not critical data, I'd like to get it back (as well as learn as well as learn how to do it.)

Read the article
DataReader Behaviour With SQL Server Locking

- by Graham

We are having some issues with our data layer when large datasets are returned from a SQL server query via a DataReader. As we use the DataReader to populate business objects and serialize them back to the client, the fetch can take several minutes (we are showing progress to the user :-)), but we've found that there's some pretty hard-core locking going on on the affected tables which is causing other updates to be blocked. So I guess my slightly naive question is, at what point are the locks which are taken out as a result of executing the query actually relinquished? We seem to be finding that the locks are remaining until the last row of the DataReader has been processed and the DataReader is actually closed - does that seem correct? A quick 101 on how the DataReader works behind the scenes would be great as I've struggled to find any decent information on it. I should say that I realise the locking issues are the main concern but I'm just concerned with the behaviour of the DataReader here.

Read the article
MDB2 With SQL Express 2008

- by Narcissus

Hi all, So basically here's my problem. I'm looking for a solution to allow us to connect with SQL Express 2008, while still using MDB2 as our database abstraction layer. I need something like this, mainly because we still need to be able to use MySQL and Postgres (and ORMs seem to be not an option at this point in time). Preferably, there would be a solution that works for both PHP5.2 and PHP5.3. At first I went down the php_mysql extension road... it seems, though, as though that is not available in PHP 5.3. php_pdo_mssql doesn't seem to be usable with MDB2, so that seems to be out. Finally, there's the MS developed 'SQLSRV' extension, and while it seems as though there was work on a MDB2 'extension' for it at one point, it doesn't seem to have ever made it into the main branch. Please... does anyone have any solutions for me?

Read the article
How to refer to a previously computed value in SQL Query statement

- by Mort

I am trying to add a CASE statement to the end of my SQL query to compute a value depending upon another table value and a previously computed value in the SELECT. The error is returned that DelivCount is an invalid column name. Is there a better way to do this or am I missign something? SELECT jd.FullJobNumber, jd.ProjectTitle, jd.ClientName, jd.JobManager, jd.ProjectDirector, jd.ServiceGroup, jd.Status, jd.HasDeliverables, jd.SchedOutsideJFlo, jd.ReqCompleteDate,(SELECT COUNT(*)FROM DeliverablesSchedule ds WHERE jd.FullJobNumber = ds.FullJobNumber) as DelivCount, SchedType = CASE WHEN (jd.SchedOutsideJFlo = 'Yes') THEN 'outside' WHEN (jd.HasDeliverables = 'No ') THEN 'none' WHEN (DelivCount > 0) THEN 'has' WHEN (jd.HasDeliverables = 'Yes' AND DelivCount = 0) THEN 'missing' ELSE 'unknown' END FROM JobDetail jd

Read the article

< Previous Page | 404 405 406 407 408 409 410 411 412 413 414 415 | Next Page >