Search Results

Search found 24201 results on 969 pages for 'andrew case'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 346/969 | < Previous Page | 342 343 344 345 346 347 348 349 350 351 352 353  | Next Page >

  • Prevent SQL Injection in Dynamic column names

    - by Mr Shoubs
    I can't get away without writing some dynamic sql conditions in a part of my system (using Postgres). My question is how best to avoid SQL Injection with the method I am currently using. EDIT (Reasoning): There are many of columns in a number of tables (a number which grows (only) and is maintained elsewhere). I need a method of allowing the user to decide which (predefined) column they want to query (and if necessary apply string functions to). The query itself is far too complex for the user to write themselves, nor do they have access to the db. There are 1000's of users with varying requirements and I need to remain as flexible as possible - I shouldn't have to revisit the code unless the main query needs to change - Also, there is no way of knowing what conditions the user will need to use. I have objects (received via web service) that generates a condition (the generation method is below - it isn't perfect yet) for some large sql queries. The _FieldName is user editable (parameter name was, but it didn't need to be) and I am worried it could be an attack vector. I put double quotes (see quoted identifier) around the field name in an attempt to sanitize the string, this way it can never be a key word. I could also look up the field name against a list of fields, but it would be difficult to maintain on a timely basis. Unfortunately the user must enter the condition criteria, I am sure there must be more I can add to the sanatize method? and does quoting the column name make it safe? (my limited testing seems to think so). an example built condition would be "AND upper(brandloaded.make) like 'O%' and upper(brandloaded.make) not like 'OTHERBRAND'" ... Any help or suggestions are appreciated. Public Function GetCondition() As String Dim sb As New Text.StringBuilder 'put quote around the table name in an attempt to prevent some sql injection 'http://www.postgresql.org/docs/8.2/static/sql-syntax-lexical.html sb.AppendFormat(" {0} ""{1}"" ", _LogicOperator.ToString, _FieldName) Select Case _ConditionOperator Case ConditionOperatorOptions.Equals sb.Append(" = ") ... End Select sb.AppendFormat(" {0} ", Me.UniqueParameterName) 'for parameter Return Me.Sanitize(sb) End Function Private Function Sanitize(ByVal sb As Text.StringBuilder) As String 'compare against a similar blacklist mentioned here: http://forums.asp.net/t/1254125.aspx sb.Replace(";", "") sb.Replace("'", "") sb.Replace("\", "") sb.Replace(Chr(8), "") Return sb.ToString End Function Public ReadOnly Property UniqueParameterName() As String Get Return String.Concat(":" _UniqueIdentifier) End Get End Property

    Read the article

  • PDB: exception when in console - full stack trace

    - by EoghanM
    When at the pdb console, entering a statement which causes an exception results in just a single line stack trace, e.g. (Pdb) someFunc() *** TypeError: __init__() takes exactly 2 arguments (1 given) However I'd like to figure out where exactly in someFunc the error originates. i.e. in this case, which class __init__ is attached to. Is there a way to get a full stack trace in Pdb?

    Read the article

  • Online editing gettext files?

    - by NeoNmaN
    Online editing gettext files, is it possible? I use gettext for all my PHP projects, but sides with a minor problem, want to mine user may translate my language from as Danish to Norwegian, but in this case it enste I know is that I need to export my file from Poedit there is any. other software that can export / import my files? for Poedit can I do with export as. hope i could help me a little.

    Read the article

  • NHibernate criteria construction

    - by brianberns
    I am trying to recreate something like the following SQL using NHibernate criteria: select Range, count(*) from ( select case when ent.ID between 'A' and 'N' then 'A-M' else 'Other' end as Range from Subject ) tbl group by tbl.Range I am able to create the inner select as follows: session.CreateCriteria<Subject>() .SetProjection( Projections.Conditional( Expression.Between("Name", "A", "N"), Projections.Constant("A-N"), Projections.Constant("Other"))) .List(); However, I can't figure out how to pipe those results into a grouping by row count. Any suggestions? Thanks. -- Brian

    Read the article

  • WCF Troubleshooting from ASP.NET Client -- Help!

    - by Kobojunkie
    I am trying to call a method in my service that is as below, from an ASP.NET application. public bool ValidateUser(string username, string password) { try { // String CurrentLoggedInWindowsUserName = WindowsIdentity.GetCurrent().Name; // //primary identity of the call // String CurrentServiceSecurityContextPrimaryIdentityName = // ServiceSecurityContext.Current.PrimaryIdentity.Name; // } catch (Exception ex) { FaultExceptionFactory fct = new FaultExceptionFactory(); throw new FaultException<CustomFaultException>(fct.CreateFaultException(ex)); } return false; } The Config for the client end of my service is as below <binding name="WSHttpBinding_IMembershipService" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="false" allowCookies="false"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /> <security mode="Message"> <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /> <message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true" /> </security> </binding> Problem I keep having is when I call it; I get the following exception message. Server Error in '/' Application. The communication object, System.ServiceModel.Channels.ServiceChannel, cannot be used for communication because it is in the Faulted state. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.ServiceModel.CommunicationObjectFaultedException: The communication object, System.ServiceModel.Channels.ServiceChannel, cannot be used for communication because it is in the Faulted state. Stack Trace: [CommunicationObjectFaultedException: The communication object, System.ServiceModel.Channels.ServiceChannel, cannot be used for communication because it is in the Faulted state.] System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +7596735 System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) +275 System.ServiceModel.ICommunicationObject.Close(TimeSpan timeout) +0 System.ServiceModel.ClientBase`1.System.ServiceModel.ICommunicationObject. Close(TimeSpan timeout) +142 System.ServiceModel.ClientBase`1.Close() +38 System.ServiceModel.ClientBase`1.System.IDisposable.Dispose() +4 Controls.Membership.accountLogin.ValidateUserCredentials(String UserName, String Password) in C:\ Petition.WebClient\Controls\ Membership\accountLogin.ascx.cs:49 Controls.Membership.accountLogin.Login1_Authenticate(Object sender, AuthenticateEventArgs e) in C:\ WebClient\ Controls\Membership \accountLogin.ascx.cs:55 I am not entirely sure why I keep getting this. Just in case, here is how I call my service from the client private bool ValidateUserCredentials(string UserName, string Password) { bool boolReturnValue = false; using(Members.MembershipServiceClient client = new Controls.Members.MembershipServiceClient()) { try { boolReturnValue = client.ValidateUser(UserName, Password); } catch (FaultException<CustomFaultException> ex) { throw ex; } } return boolReturnValue; } Anyone have any idea what I need to do in this case?

    Read the article

  • c# uploading file - error

    - by user228058
    I have a webpage where the user can upload an excel file. I'm trying 2 different files - one works without a problem, and the other one gives me this error: Error: Length cannot be less than zero. Parameter name: length I know that sometimes this occurs when the file size is zero, but that is not the case here. Can anyon shed light on this issue? Please let me know if you need more info.

    Read the article

  • Boggling Direct3D9 dynamic vertex buffer Lock crash/post-lock failure on Intel GMA X3100.

    - by nj
    Hi, For starters I'm a fairly seasoned graphics programmer but as wel all know, everyone makes mistakes. Unfortunately the codebase is a bit too large to start throwing sensible snippets here and re-creating the whole situation in an isolated CPP/codebase is too tall an order -- for which I am sorry, do not have the time. I'll do my best to explain. B.t.w, I will of course supply specific pieces of code if someone wonders how I'm handling this-or-that! As with all resources in the D3DPOOL_DEFAULT pool, when the device context is taken away from you you'll sooner or later will have to reset your resources. I've built a mechanism to handle this for all relevant resources that's been working for years; but that fact nothingwithstanding I've of course checked, asserted and doubted any assumption since this bug came to light. What happens is as follows: I have a rather large dynamic vertex buffer, exact size 18874368 bytes. This buffer is locked (and discarded fully using the D3DLOCK_DISCARD flag) each frame prior to generating dynamic geometry (isosurface-related, f.y.i) to it. This works fine, until, of course, I start to reset. It might take 1 time, it might take 2 or it might take 5 resets to set off a bug that causes an access violation either on the pointer returned by the Lock() operation on the renewed resource or a plain crash -- regarding a somewhat similar address, but without the offset that it has tacked on to it in the first case because in that case we're somewhere halfway writing -- iside the D3D9 dll Lock() call. I've tested this on other hardware, upgraded my GMA X3100 drivers (using a MacBook with BootCamp) to the latest ones, but I can't reproduce it on any other machine and I'm at a loss about what's wrong here. I have tried to reproduce a similar situation with a similar buffer (I've got a large scratch pad of the same type I filled with quads) and beyond a certain amount of bytes it started to behave likewise. I'm not asking for a solution here but I'm very interested if there are other developers here who have battled with the same foe or maybe some who can point me in some insightful direction, maybe ask some questions that might shed a light on what I may or may not be overlooking. Another interesting artifact is that the vertex buffer starts to bug if I supply both D3DLOCK_DISCARD and D3DLOCK_NOOVERWRITE together which, even though not very logical (you're not going to overwrite if you've just discarded all), gives graphics glitches. Thanks and any corrections are more than welcome. Niels p.s - A friend of mine raised the valid point that it is a huge buffer for onboard video RAM and it's being at least double or triple buffered internally due to it's dynamic nature. On the other hand, the debug output (D3D9 debug DLL + max. warning output) remains silent. p.s 2 - Had it tested on more machines and still works -- it's probably a matter of circumstance: the huge dynamic, internally double/trippled buffered buffer, not a lot of memory and drivers that don't complain when they should.. Unless someone has a better suggestion; I'd still love to hear it :)

    Read the article

  • General RewriteRule for many undefined parameters in URL

    - by FedericoBiccheddu
    I'm trying to write a rule to make that one can generalize, since multiple pages to pass the values are different. Right now I could do: RewriteRule ^forum/([^/]{1,255})/([\+]{1})/((([a-z]+)([_]{1})([a-zA-Z0-9]+)([/]?))+)$ forum.php?name=$1&$5=$7 [L] To address such as: Nome+del+Forum/+/page_1/action_do Should return: forum.php?name=Nome+del+Forum&page=1&action=do Instead, take only the last parameter (in this case action=do): forum.php?name=Nome+del+Forum&action=do How can I fix? Thanks in advance!

    Read the article

  • Testing chess game

    - by mousey
    There is a software for chess game and we need to test the following method: boolean canMoveTo(int x, int y) x and y are the coordinates of the chess board and it returns true/false whether the piece can move to that position or not. We need to test this method for a pawn piece and you can set up the board any way you like prior to running a test case. Source code is not provided

    Read the article

  • SQL IF ELSE BEGIN END

    - by Swami
    If there are no begin and end statements in sql, the next statement is the only one that gets executed if the if condition is true...in the case below, is there anyway the insert statement will also get executed if the if condition is true? IF (a > 1) SET @b = 1 + 2 INSERT INTO #F (a, b, c) VALUES (1, 2, 3)

    Read the article

  • How to store date into Mysql database with play framework in scala?

    - by Rahul Kulhari
    I am working with play framework with scala and what am i doing : login page to login into web app sign up page to register into web app after login i want to store all databases values to user what i want to do: when user register for web app then i want to store user values into database with current time and date but my form is giving error. error: List(FormError(dates,error.required,List())),None) controllers/Application.scala object Application extends Controller { val ta:Form[Keyword] = Form( mapping( "id" -> ignored(NotAssigned:Pk[Long]), "word" -> nonEmptyText, "blog" -> nonEmptyText, "cat" -> nonEmptyText, "score"-> of[Long], "summaryId"-> nonEmptyText, "dates" -> date("yyyy-MM-dd HH:mm:ss") )(Keyword.apply)(Keyword.unapply) ) def index = Action { Ok(html.index(ta)); } def newTask= Action { implicit request => ta.bindFromRequest.fold( errors => {println(errors) BadRequest(html.index(errors))}, keywo => { Keyword.create(keywo) Ok(views.html.data(Keyword.all())) } ) } models/keyword.scala case class Keyword(id: Pk[Long],word: String,blog: String,cat: String,score: Long, summaryId: String,dates: Date ) object Keyword { val keyw = { get[Pk[Long]]("keyword.id") ~ get[String]("keyword.word")~ get[String]("keyword.blog")~ get[String]("keyword.cat")~ get[Long]("keyword.score") ~ get[String]("keyword.summaryId")~ get[Date]("keyword.dates") map { case id~blog~cat~word~score~summaryId~dates => Keyword(id,word,blog,cat,score, summaryId,dates) } } def all(): List[Keyword] = DB.withConnection { implicit c => SQL("select * from keyword").as(Keyword.keyw *) } def create(key: Keyword){DB.withConnection{implicit c=> SQL("insert into keyword values({word},{blog}, {cat}, {score},{summaryId},{dates})").on('word-> key.word,'blog->key.blog, 'cat -> key.cat, 'score-> key.score, 'summaryId -> key.summaryId, 'dates->new Date()).executeUpdate } } views/index.scala.html @(taskForm: Form[Keyword]) @import helper._ @main("Todo list") { @form(routes.Application.newTask) { @inputText(taskForm("word")) @inputText(taskForm("blog")) @inputText(taskForm("cat")) @inputText(taskForm("score")) @inputText(taskForm("summaryId")) <input type="submit"> <a href="">Go Back</a> } } please give me some idea to store date into mysql databse and date is not a field of form

    Read the article

  • objective C NSString retain

    - by Amarsh
    If I create a String with [NSString StringWithFormat], do I have to [retain] it? My understanding is that convenience methods add the objects to autorelease pool. If that is the case, shouldnt we retain the object so that it doesnt get drained with pool at the end of the event loop?

    Read the article

  • Disable Back Button (showing cached version) without JavaScript

    - by vigna hari karthik
    Hey Friends, I want to disable the broswer back button without using javascript. So far i have used this coding: Response.CacheControl = "no-cache" Response.CacheControl = "private" Response.CacheControl = "public" It's working fine in the internet explorer 8 but in case of mozilla fire fox it is not working.pls say same the solution to work in all browsers. Thanks in advance With Regards V.karthik

    Read the article

  • Facebook php client

    - by AlfaTeK
    I'm trying to use facebook connect in my site so users can register/login with it and I'm having a little bit of trouble understanding all the tutorials around the web. My question is simple, does the facebook php client lib work in my use case or only to develop facebook applications that run inside fb ?

    Read the article

  • Remove querystring from URL

    - by Malcolm Frexner
    What is an easy way to remove the querystring from a Path in Javascript? I have seen a plugin for Jquery that uses window.location.search. I can not do that: The URL in my case is a variable that is set from AJAX. var testURL = '/Products/List?SortDirection=dsc&Sort=price&Page=3&Page2=3&SortOrder=dsc'

    Read the article

  • jQuery set ISO charset to ajax request

    - by mck89
    Hi, i'm using jQuery for sending ajax requests to the server, but i have some problems with the charset. In the ajax function documentation is written that data is always sent in UTF-8 according to the W3C XMLHTTPRequest standard, so i don't think that jQuery allows you to change the request charset (except if you load a script, but that's not my case). So do you know a way to set the ISO-8859-1 charset for the ajax request in jQuery?

    Read the article

  • Immutable Dictionary overhead?

    - by Roger Alsing
    When using immutable dictionaries in F# , how much overhead is there when adding / removing entries? Will it treat entire buckets as immutable and clone those and only recreate the bucket whos item has changed? Even if that is the case, it seems like there is alot of copying that needs to be done in order to create the new dictionary(?)

    Read the article

  • Does a wrapper class for a COM interop IStream already exist?

    - by AnthonyWJones
    I'm about to write a Wrapper for a COM interop IStream so that code that expects a standard .NET Stream can use it. However it occurs to me that this sort of thing may already have been done before (although I haven't been able to find it myself with web searching). So I'm just putting this out here in case I'm about to re-invent the wheel. Note I've come across code implementing IStream wrapping a .NET stream but I need the reverse.

    Read the article

  • Coding styles for html

    - by Hulk
    Hi, Please the coding standard followed for HTML .Please suggest links that the has the coding styles for html.(like Camel case or .....) <table> <tr> <td> Data </td> </tr> </table> Thanks..

    Read the article

  • Problem accessing updated variables within OnTouch

    - by Jay Smith
    I have an OnTouch and a setOnTouchListener that updates varibles which contain screen coord info. The problem is it doesnt seem to ever update them. On line 78, RGB.setText(test); it never changes from 0.0. If i were to move that line and the line above it into the onTouch it updates. any idea what is wrong? Thank you. package com.evankimia.huskybus; import com.test.huskybus.R; import android.app.Activity; import android.os.Bundle; import android.view.MotionEvent; import android.view.View; import android.view.View.OnTouchListener; import android.widget.TextView; public class HuskyBus extends Activity { TextView RGB; private CampusMap mCampusMap; private float startX = 0; //track x from one ACTION_MOVE to the next private float startY = 0; //track y from one ACTION_MOVE to the next float scrollByX = 0; //x amount to scroll by float scrollByY = 0; //y amount to scroll by /** Called when the activity is first created. */ @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.main); RGB = (TextView) findViewById(R.id.coordBox); mCampusMap = (CampusMap) findViewById(R.id.map); mCampusMap.setOnTouchListener(new OnTouchListener() { @Override public boolean onTouch(View v, MotionEvent event) { // TODO Auto-generated method stub switch (event.getAction()) { case MotionEvent.ACTION_DOWN: // Remember our initial down event location. startX = event.getRawX(); startY = event.getRawY(); break; case MotionEvent.ACTION_MOVE: float x = event.getRawX(); float y = event.getRawY(); // Calculate move update. This will happen many times // during the course of a single movement gesture. scrollByX = x - startX; //move update x increment scrollByY = y - startY; //move update y increment startX = x; //reset initial values to latest startY = y; mCampusMap.invalidate(); break; }//end switch return false; } ; }); //end onDraw? String test = "" + scrollByX; RGB.setText(test); } }

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 342 343 344 345 346 347 348 349 350 351 352 353  | Next Page >