Search Results

Search found 37012 results on 1481 pages for 'sql query'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 455/1481 | < Previous Page | 451 452 453 454 455 456 457 458 459 460 461 462  | Next Page >

  • Login code sample which has been hacked via SQL Injection, although mysql_real_escape_string...

    - by artmania
    Hi friends, I use CodeIgniter, and having trouble with hacking :( is it possible to make SQL Injection to the login code below: function process_login() { $username = mysql_real_escape_string($this->input->post('username')); $password = mysql_real_escape_string(MD5($this->input->post('password'))); //Check user table $query = $this->db->getwhere('users', array('username'=>$username, 'password'=>$password)); if ($query->num_rows() > 0) { // success login data Am I using the mysql_real_escape_string wrong? or what? Appreciate helps!

    Read the article

  • How to capture SQL with parameters substituted in? (.NET, SqlCommand)

    - by Bryan
    Hello, If there an easy way to get a completed SQL statement back after parameter substitution? I.e., I want to keep a logfile of all the SQL this program runs. Or if I want to do this, will I just want to get rid of Parameters, and do the whole query the old school way, in one big string? Simple Example: I want to capture the output: SELECT subcatId FROM EnrollmentSubCategory WHERE catid = 1 .. from this code: Dim subCatSQL As String = "SELECT subcatId FROM EnrollmentSubCategory WHERE catid = @catId" Dim connectionString As String = "X" Dim conn As New SqlConnection(connectionString) If conn.State = ConnectionState.Closed Then conn.Open() End If Dim cmd As New SqlCommand(subCatSQL, conn) With cmd .Parameters.Add(New SqlParameter("@catId", SqlDbType.Int, 1)) End With Console.WriteLine("Before: " + cmd.CommandText) cmd.Prepare() Console.WriteLine("After: " + cmd.CommandText) I had assumed Prepare() would do the substitutions, but apparently not. Thoughts? Advice? Thanks in advance.

    Read the article

  • Is there a standard practice for synchronizing SQL Server tables?

    - by EngineeringAutomation
    I've written an application that retrieves pricing and part options from a SQL database to generate a 3D Model of the product and create a sales proposal. My client likes it so much they want to be able to use it on laptops in the field now. The catch is, they won't have an internet connection. I'm considering setting up a SQLite database as part of the standard installation. The SQLite database on each laptop will synchronize with the main database when the internet connection is re-established. Are there best practices regarding synchronizing SQL tables like this? Are there any pitfalls I should consider? I'm open to all options. Thank you.

    Read the article

  • Is it possible to partition more than one way at a time in SQL Server?

    - by meeting_overload
    I'm considering various ways to partition my data in SQL Server. One approach I'm looking at is to partition a particular huge table into 8 partitions, then within each of these partitions to partition on a different partition column. Is this even possible in SQL Server, or am I limited to definining one parition column+function+scheme per table? I'm interested in the more general answer, but this strategy is one I'm considering for Distributed Partitioned View, where I'd partition the data under the first scheme using DPV to distribute the huge amount of data over 8 machines, and then on each machine partition that portion of the full table on another parition key in order to be able to drop (for example) sub-paritions as required.

    Read the article

  • How can I programatically convert SQL data-types to .Net data-types?

    - by Simon
    Can anyone show me a way of converting SQL Server data-types (varchar for example) to .Net data-types (String for example). I'm assuming that automatic conversion is not possible? I have an 'EntityProperty' object and would like it to have an appropriate 'Type' property (string, decimal, int32 etc), at the moment this property is just a string - 'int32' for example. A little background: I'm using SQL DMO in an internal code generation app to query a database and generate a stored procedure based DAL from the database. Being an internal app I can take quite a few shortcuts and make quite a few assumptions. To get the app working at the moment this data-type conversion is handled by a Select Case statement which just converts the types to strings and generates a set of properties based on these strings but I would prefer a little more flexibility in being able to handle the types (use of TypeOf etc). Anyone worked on something similar? I know EF, nHibernate, Subsonic etc could do all this for me but in this case, for various reasons, I am having to roll my own. :)

    Read the article

  • Is there a SQL Server error numbers C# wrapper anyone knows of?

    - by Mr Grok
    I really want to do something useful when a PK violation occurs but I hate trapping error numbers... they just don't read right without comments (they're certainly not self documenting). I know I can find all the potential error numbers at SQL Server books online but I really want to be able to pass the error number to some helper class or look it up against a Dictionary of some sort rather than have non-descript err numbers everywhere. Has anyone got / seen any code anywhere that encapsulates the SQL Server Error numbers in this way as I don't want to re-invent the wheel (or I'm lazy maybe).

    Read the article

  • Is it possible to rebind sql paramters using the result from a cfquery?

    - by Larry
    When I run the following code: <cfquery name="someQuery" result="queryResult" datasource="wetakepictures"> SELECT id FROM events WHERE category_id = <cfqueryparam value="1" cfsqltype="cf_sql_integer"> OR title like <cfqueryparam value="%test%" cfsqltype="cf_sql_varchar"> </cfquery> <cfoutput> #queryResult.sql# <br /> #ArrayToList(queryResult.sqlparameters)# </cfoutput> It outputs: SELECT id FROM events WHERE category_id = ? OR title like ? 1,%test% I need the actual string "SELECT id FROM events WHERE category_id = 1 OR title like '%test%'". Is there a way to rebind the parameters to the sql?

    Read the article

  • How to get all the fields of a row using the SQL MAX function?

    - by Yiannis Mpourkelis
    Consider this table (from http://www.tizag.com/mysqlTutorial/mysqlmax.php): Id name type price 123451 Park's Great Hits Music 19.99 123452 Silly Puddy Toy 3.99 123453 Playstation Toy 89.95 123454 Men's T-Shirt Clothing 32.50 123455 Blouse Clothing 34.97 123456 Electronica 2002 Music 3.99 123457 Country Tunes Music 21.55 123458 Watermelon Food 8.73 This SQL query returns the most expensive item from each type: SELECT type, MAX(price) FROM products GROUP BY type Clothing $34.97 Food $8.73 Music $21.55 Toy $89.95 I also want to get the fields id and name that belong to the above max price, for each row. What SQL query will return a table like this? Id name type price 123455 Blouse Clothing 34.97 123458 Watermelon Food 8.73 123457 Country Tunes Music 21.55 123453 Playstation Toy 89.95

    Read the article

  • stored procedures and triggers the same in sql server than mysql?

    - by user314877
    Hello, I have two stored procedures and one trigger for a class I am taking that are done in sql server 2005. I want to recreate them in mysql with phpmyadmin. Everytime i put them in I get a 1064 error. Is this becuase phpmyadmin does not handle stored procedures or triggers well, or is it becuase the syntax from sql server 2005 to mysql is very different? If it is this, then where could i go online to learn the correct syntax to write my stored procedures and triggers in mysql/phpmyadmin... or should I just pick up a book at barnes and nobles? This is my senior project.

    Read the article

  • What is a SQL statement that can tally up the counts even including the Zeros? (all in 1 statement)

    - by Jian Lin
    A SQL statement can give a list of the most popular gifts that are sent in a Social application, all the way to the ones that are sent 1, or 2 times, but it won't include the Zeros. I think the same goes for getting the list of the most popular Classes that students are registering for, when the registration process for all students is 10 days and now it is the 3rd day. Again, we get the count but the Zeros are not there. Is there a simple SQL statement that can show the whole list, including the zeros?

    Read the article

  • Hopefully simple topic to spark some good opinions, Question is MySQL or SQL Server???

    - by magellings
    I'm beginning development of a website and a high priority is for it to be extremely optimized, quick responses, etc. There will ultimately end up being large amounts of rows in the main tables (millions), so scalability is also important. It will need to use a database on the back-end for data storage and my web hosting service supports either MySQL or Sql Server. This website will be developed with .NET ASP.NET MVC with NHibernate (hopefully it can run in medium trust mode, as that is a requirement of my web hosting and reflection requirements of NHibernate may be problematic, maybe someone has a comment on this too). I'd also prefer to use the database that will require the least attention in regards to management. I don't want to have to be a DBA here. :) I wanted to through this topic out to the public to see what the community thinks? So MySQL or Sql Server, generally, which one would be better to use?

    Read the article

  • Possible to get the line number of the currently executing sproc in SQL Server?

    - by Ian Kemp
    A few years back I worked in a Sybase/Delphi environment, using the BDE to connect to the DB server. We had a little Delphi app that, given the name of a currently executing stored procedure, could tell you what line of that sproc was currently being executed. This was exceptionally useful for debugging sprocs that seemed to be hanging. I'd like to use this functionality in SQL Server, but I can't remember whether it was a Sybase or a BDE feature. Is this functionality available in SQL Server and if so, what command(s) do I need to use to view this information?

    Read the article

  • Can profiler templates be migrated to newer versions of SQL Profiler?

    - by EBarr
    Is it possible to migrate Profiler templates to newer versions of SQL Server? In my case I want to take my SQL 2008 templates to 2012. I've tried (1) a straight file copy and (2) an export/import. In both cases the older templates run, but cannot be modified. Modifications result in the following error: I've got a bunch of custom templates and I'm trying to avoid recreating them by hand. Although, I guess that is the fallback position. Thoughts?

    Read the article

  • How do I UPDATE a Linked Server table where "alias" is required, in SQL Server 2000?

    - by Mark Hurd
    In SQL Server 2005 tablename can be used to distinguish which table you're referring to: UPDATE LinkedServer.database.user.tablename SET val=u.val FROM localtable u WHERE tablename.ID=u.ID In SQL Server 2000 this results in Server: Msg 107, Level 16, State 2 The column prefix 'tablename' does not match with a table name or alias name used in the query. Trying UPDATE LinkedServer.database.user.tablename SET val=u.val FROM localtable u WHERE LinkedServer.database.user.tablename.ID=u.ID results in Server: Msg 117, Level 15, State 2 The number name 'LinkedServer.database.user.tablename' contains more than the maximum number of prefixes. The maximum is 3. And, of course, UPDATE LinkedServer.database.user.tablename SET val=u.val FROM localtable u WHERE ID=u.ID results in Server: Msg 209, Level 16, State 1 Ambiguous column name 'ID'. (In fact searching on "The number name contains more than the maximum number of prefixes. The maximum is 3." I found the answer, but I've typed up this question and I'm going to post it! :-) )

    Read the article

  • Is there a way to give a subquery an alias in Oracle 11g SQL?

    - by Matt Pascoe
    Is there a way to give a subquery in Oracle 11g an alias like: select * from (select client_ref_id, request from some_table where message_type = 1) abc, (select client_ref_id, response from some_table where message_type = 2) defg where abc.client_ref_id = def.client_ref_id; Otherwise is there a way to join the two subqueries based on the client_ref_id. I realize there is a self join, but on the database I am running on a self join can take up to 5 min to complete (there is some extra logic in the actual query I am running but I have determined the self join is what is causing the issue). The individual subqueries only take a few seconds to complete by them selves. The self join query looks something like: select st.request, st1.request from some_table st, some_table st1 where st.client_ref_id = st1.client_ref_id;

    Read the article

  • How do I list all tables in all databases in SQL Server in a single result set?

    - by msorens
    I am looking for T-SQL code to list all tables in all databases in SQL Server (at least in SS2005 and SS2008; would be nice to also apply to SS2000). The catch, however, is that I would like a single result set. This precludes the otherwise excellent answer from Pinal Dave: sp_msforeachdb 'select "?" AS db, * from [?].sys.tables' The above stored proc generates one result set per database, which is fine if you are in an IDE like SSMS that can display multiple result sets. However, I want a single result set because I want a query that is essentially a "find" tool: if I add a clause like WHERE tablename like '%accounts' then it would tell me where to find my BillAccounts, ClientAccounts, and VendorAccounts tables regardless of which database they reside in.

    Read the article

  • Is there a way to give a subquery an alias in Oracle 10g SQL?

    - by Matt Pascoe
    Is there a way to give a subquery in Oracle 11g an alias like: select * from (select client_ref_id, request from some_table where message_type = 1) abc, (select client_ref_id, response from some_table where message_type = 2) defg where abc.client_ref_id = def.client_ref_id; Otherwise is there a way to join the two subqueries based on the client_ref_id. I realize there is a self join, but on the database I am running on a self join can take up to 5 min to complete (there is some extra logic in the actual query I am running but I have determined the self join is what is causing the issue). The individual subqueries only take a few seconds to complete by them selves. The self join query looks something like: select st.request, st1.request from some_table st, some_table st1 where st.client_ref_id = st1.client_ref_id;

    Read the article

  • How to use SQL - INSERT...ON DUPLICATE KEY UPDATE?

    - by Probocop
    Hi, I have a script which captures tweets and puts them into a database. I will be running the script on a cronjob and then displaying the tweets on my site from the database to prevent hitting the limit on the twitter API. So I don't want to have duplicate tweets in my database, I understand I can use 'INSERT...ON DUPLICATE KEY UPDATE' to achieve this, but I don't quite understand how to use it. My database structure is as follows. Table - Hash id (auto_increment) tweet user user_url And currently my SQL to insert is as follows: $tweet = $clean_content[0]; $user_url = $clean_uri[0]; $user = $clean_name[0]; $query='INSERT INTO hash (tweet, user, user_url) VALUES ("'.$tweet.'", "'.$user.'", "'.$user_url.'")'; mysql_query($query); How would I correctly use 'INSERT...ON DUPLICATE KEY UPDATE' to insert only if it doesn't exist, and update if it does? Thanks

    Read the article

  • What are some useful SQL statements / usage patterns that should be known by all developers who may

    - by Jian Lin
    What are some useful SQL statements that should be known by all developers who may touch the Back end side of the project? (Update: just like in algorithm, we know there are sorting problems, shuffling problems, and we know some solutions to them. This question is aiming at the same thing). For example, ones I can think of are: Get a list of Employees and their boss. Or one with the employee's salary greater than the boss. (Self-join) Get a list of the most popular Classes registered by students, from the greatest number to the smallest. (Count, group by, order by) Get a list of Classes that are not registered by any students. (Outer join and check whether the match is NULL, or by Get from Classes table, all ClassIDs which are NOT IN (a subquery to get all ClassIDs from the Registrations table)) Are there some SQL statements that should be under the sleeve of all developers that might touch back end data?

    Read the article

  • What are some useful SQL statements that should be known by all developers who may touch the Back en

    - by Jian Lin
    What are some useful SQL statements that should be known by all developers who may touch the Back end side of the project? (Update: just like in algorithm, we know there are sorting problems, shuffling problems, and we know some solutions to them. This question is aiming at the same thing). For example, ones I can think of are: Get a list of Employees and their boss. Or one with the employee's salary greater than the boss. (Self-join) Get a list of the most popular Classes registered by students, from the greatest number to the smallest. (Count, group by, order by) Get a list of Classes that are not registered by any students. (Outer join and check whether the match is NULL, or by Get from Classes table, all ClassIDs which are NOT IN (a subquery to get all ClassIDs from the Registrations table)) Are there some SQL statements that should be under the sleeve of all developers that might touch back end data?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 451 452 453 454 455 456 457 458 459 460 461 462  | Next Page >