.net - Parameterized Query - Use Escaping Characters Technique To Avoid The User Input Errors?

Jan 19, 2011

i have my own DLL (for the data access layer),,i use escaping characters technique to avoid the user input errors ,, but recently i decided to enhance my classes and using parametrized query to prevent all possible errors,Is the modification will be easy or difficult ??how to convert this way to use the parametrized query ..

View 1 Replies


Similar Messages:

Security :: Login Failed For User ' Only With Parameterized Query Using SQL Server Authentication

Nov 29, 2010

I've narrowed the problem down to the following:

Receive "Login failed" for user ASPNET error message SQL Server 2005 is db and IIS is web server (both on same computer) Mixed authentication used on SQL Server I have created user ASPLogin with password that is correctly typed int the web.config:
add
name="masterConnectionString"
connectionString="Data
Source=computernameGMOSERVER;Initial Catalog=Portal;Persist Security Info=True;User ID=ASPLogin;Password=password" providerName="System.Data.SqlClient"
/>

I am able to access my webpages that query the database as long as they are not parameterized.However, the parameterized queries (e.g., SELECT * FROM SUPP_DASH_RESULTS WHERE organization_code = @orgcode) are the ones that do not work, and give me the "Login failed" error message

View 5 Replies

Databases :: SELECT ... WHERE ... IN ... Using Parameterized Query (odp.net)

Apr 6, 2010

I am trying to do a SELECT ... WHERE ... IN construct, using a parametrized query with Oracle (odp.net) and I cannot make it work correctly.

[Code]....

The STATUS column is NUMBER(2) in the database. My problem seems to be related to getting the correct OracleDbType. I've tried Varchar2, Long, Decimal... nothing works. Should I go for the ArrayBindSize construct?

View 5 Replies

Databases :: Parameterized Query And Date Field?

Sep 17, 2010

[Code]....

This is a query to an old FoxPro database on a server (Same Network). This work in the execution, but just passing the date values as aaaa/mm/dd.On my page when a pass two DateTime Parameters from two TextBox it throw "Unable to recognize the string as a valid DateTime Value"I'm using Ajax Calendar exterder on the textbox to be more specific.Here, (My Country) the format i'm using es dd/mm/aaaaAnd when i select the datepicker it comes in this format, and then a get the DateTime error type.I can get the rows in the query builder just passing the date like "2010/01/15" and "2010/01/30" for example.Hay can i force the texbox to get this format aaaa/mm/dd?

View 4 Replies

C# - Use A String Collection To Pass In The Output From The Textboxes To A Parameterized Query

Feb 22, 2011

I have a dynamic gridview which can be used to add new rows of two columns to specify a start date and an end date. I am trying to use a string collection to pass in the output from the textboxes to a parameterized query as shows. I am getting an incorrect syntax near 9 error. How can I make this work? I need to use the stringbuilder.

protected void btnSaveIterations_Click(object sender, EventArgs e)
{
int rowIndex = 0;
StringCollection sc = new StringCollection();
if (ViewState["CurrentTable"] != null)
{
DataTable dtCurrentTable = (DataTable)ViewState["CurrentTable"];
if (dtCurrentTable.Rows.Count > 0)
{
for (int i = 1; i <= dtCurrentTable.Rows.Count; i++)
{
//extract the TextBox values
TextBox box1 = (TextBox)Gridview1.Rows[rowIndex].Cells[1].FindControl("start_iteration");
TextBox box2 = (TextBox)Gridview1.Rows[rowIndex].Cells[2].FindControl("end_iteration");
start_date = box1.Text;
end_date = box2.Text;...............

View 3 Replies

DataSource Controls :: How To Convert Textbox To Datetime In A Parameterized Query

Jun 29, 2010

I succes with this code

if (InitDateStart.Text != "" && InitDateEnd.Text != "")
{
strWhere += "And ((Convert(DateTime, InitDate, 105) >= Convert(DateTime,'" + InitDateStart.Text + "', 105)) And (Convert(DateTime, InitDate, 105) <= DateAdd(day, 1, Convert(DateTime,'" + InitDateEnd.Text + "', 105))))";

}
How do I do this code as a parameterized query ??I tried this but with no succes.I got some strange result by this

strWhere += "And Convert(varchar(10), ServiceInitDate, 105) >= @InitDate............. ";
GridDatasource.SelectCommand += strWhere; [code]...

View 2 Replies

ADO.NET :: Linq Search - Dynamic Query Based On User Input?

Jan 12, 2011

I have two text boxes for the user to enter UserName & First Name, both these fields are optional and not mandatory to fill.

once the user presses the Search button, i execute the following query to fetch matching records.

[Code]....

The problem is, in cases where User leaves both the textbox or one of the textbox empty/blank, in that case that particular field should be removed from where clause.

More like if something is entered then search for that particular record otherwise search for all the records.

View 2 Replies

Security :: Storing And Displaying User Input (encoding Query)?

Aug 30, 2010

how to handle html and scriptswhat . if I build my own CMS? Isn't it inevitable that I'll want to store html code, possibly scripts, and almost certainly apostrophes and special characters, and then display them again.

What's the best way to do this, since I wont want to display the encoded html, but the html itself.

Would it be to encode everything then when I want to actually display the html, decode it, but everywhere else, keep it encoded?

I'm just trying to think of all the scenario's that I could come across when I accept user input where I don't know what they could be typing in. What if I WANT the user to be able to display html? Is it possible to decode only some tags but leave all other tags encoded?

View 10 Replies

Web Forms :: Trying To Write A Linq Query That Has Multiple Where Clauses Depening On User Input?

Jan 27, 2010

I have a quick Linq to SQL question. I am trying to write a Linq query that has multiple where clauses depening on user input. What I would intuitively code is:

Dim arrTerms As Array = txtUserInput.Text.Split(" ")
Dim q = From newsitem In db.MyNewsTable _
Where newsitem.Contains(arrTerms) _
Select newsitem
Listview1.DataSource = q
Listview1.Databind()

Unfortunately, though, the "Contains" operattor does not accept an arraylist, or array, or anything but String.

View 1 Replies

C# - Avoid Errors In Multiple Insertion With Unique Stored Procedure?

Feb 8, 2011

I wonder how is it possible to manage transaction in c# code.. I have to do multiple insertion of same object with unique storedprocedure. So I have to launch the same stored procedure with same parameters multiple times.

But if a problem appear in the process (lost connection,...) I don't want just a part of insertions done and the rest failed, I want all the insertion cancelled. So I would like a SQLtransaction but within the application code because a can't change database.

View 3 Replies

Web Forms :: Avoid Xml Break Due To Special Characters?

Apr 15, 2010

I have issue with special characters. I would like to know how to write condition to avoid this xml break due to special characters. I need to set condition to accept only 256 ascii characters in textbox and all other should be replace with "#".

View 3 Replies

Access :: Data Type Mismatch While Inserting Into A Number Field In An Access Database Using A Parameterized Query?

Jun 9, 2010

I have a data type mismatch while inserting into a number field in an access database using a parameterized query.I think this should be pretty simple but I am still learning a lot.

[Code]....

I have some commented out as I am working one field at a time. The working fields are textboxes and the non working ones are dropdown lists. But I think it may be the field that the list is drawing from? Not sure.

View 2 Replies

.net - Technique Of ASP.NET Session Access Multi-user Is Safe?

Mar 9, 2010

I am looking at a design pattern which has come up in quite a few of my firm's projects.It has historically functioned correctly, however I have heard some other developers argue that there is a possibility of session corruption using this pattern. I'm looking for insight from other .NET developers here on Stack Overflow. Basically, there's a class -- usually either static or a Singleton pattern, depending largely on the developer who wrote it -- stored in App_Code.This class encapsulates access to the current session via properties.All of these properties take the form of:

[code]...

However,because this is just a static entry to HttpContext.Current.Session,it seems like it should be safe, as it is not fundamentally any different than the Page class encapsulating this in the Session property.As I said,no other site on which my company has worked that used this pattern saw it ever have any issues -- and that includes some pretty large and highly active userbases.But I want to just get a fresh perspective.
Are there potential multi-user issues, race conditions, or other failings/flaws which specifically could cause session corruption in the above pattern?

View 2 Replies

MVC 2 Technique To Hide A Part Of A View Based On User Permissions?

Aug 30, 2010

What's the best technique to hide part of a view depending of the credentials of the user?

To explain my self little better and as example i have the following code in my view:

<%= this.Model.Name %> <%=Html.ActionLink("Edit",....)%>

And i would like to hide the edit button for those that aren't administrators for instance...

Could you give me a hand?

View 2 Replies

ADO.NET :: Cleaning A String Input From Bad Characters

Nov 15, 2010

Can anyone advice of the best way to clean an input string from characters that will cause SQL Update error? For instance:

Dim sText as string = 'this is line to a break <br> before the end.'
Dim SQLString as string = "update sometable set somefield='"
& sText & "'"

Executing SQLString will fail because of the <br> it contains. how to filter out all possible characters that will cause the update query to fail?

View 5 Replies

Transform Html Input With Special Characters?

Mar 22, 2010

I would like to transform an html input to xml. But the input will have as part of its content an "&", e.g. Texas A&M. But calling XslCompliledTransform.Transform(htmldocument, xmlwriter) causes an xmlexception to be thrown.

View 4 Replies

Disallow Typing Of Few Of Characters E.g.'<', '>' In All Input Textboxes Using Jquery?

Jun 16, 2010

How do I achieve this:-When user types character like 'abcd' and then '>'(an invalid character for my application), I want to set the text back to 'abcd'. Better if we can cancel the input itself as we do in winforms application. This should happen when user is typing and not on a click of button.I want this to be applied on all text boxes in my web page. This will be easy if the solution is jQuery based. May be something which will start like this.$("input[type='text']")SOLUTIONI used both of the answer provided by @jAndy and @Iacopo (Sorry, couldn't mark as answer to both) as below.

$(document).ready(function() {
//makes sure that user cannot enter < or > sign in text boxes.
$("input:text").keyup(purgeInvalidChars)

[code]...

View 4 Replies

AJAX :: HtmlEditor: Convert Input Characters To Uppercase?

Sep 16, 2010

Here is the style sheet.

body
{
width:
100px;
text-transform:capitalize;
}

Only the first input character was automatically converted to uppercase. The rest inputs are not converted. Do you know what changes I need to make it work?

View 2 Replies

Access :: Query Input Must Contain At Least One Table Or Query?

Jan 21, 2010

why I get the following error: Query input must contain at least one table or query

for this code...

Insert into BlogPost (BlogID,BlogTitle,BlogContent,Attatchments,IsEnabled,IsVisible) values

((SELECT BLOGID FROM Blog WHERE BlogOwnerID =7),'test','aaaaa','aaaa',true,true);

all i know that it is a problem with how i have nested the select statement...

View 1 Replies

Web Forms :: How To Generate Rtf File Based On Input Field (textbox Input By User) C#

May 27, 2010

how can i generate rtf file based on input field(textbox input by user) c#

View 3 Replies

VB.NET Web Application Input Box / Input Box That Comes Up When A User Clicks 'Find' Button?

Aug 4, 2010

I would like to program an Input Box that comes up when a user clicks 'Find' button. It asks 'Please enter an employee number'. Then it takes the employee number typed into a text box and searches a dataset for that specific employee record.

I know that it should be server side because the client may not have the proper javascript installed or diabled. Therefore, can someone give me some code to put in code behind that can pop up an input box and use the input after, if this can be done?

View 1 Replies

Avoid Error When No Results From Entity Query

Mar 14, 2011

I have a simple Entity query:

[code]....

I then check whether one of the result values is more recent than six months ago using an if..then like so:

If rhcexists.First.SignatureDate > Date.Today.AddMonths(-6) Then
End If

However, if there are no results returned this will return an error. Is there a way for me to tell it to act as if the date is older than six months if there is no value at all? e.g., could I in pseudo do something like:

If Exists(rhcexists.First.SignatureDate, Date.Today.AddMonths(-8)) > Date.Today.AddMonths(-6) Then
End If

View 2 Replies

Security :: Avoid Copy Query String?

Jun 18, 2010

I have a java application that send to a aspx page the user name and password in a Query String. How can I authenticate the user in this aspx web page, and how can I avoid that a user copy the link in the internet explore and acces to the page.

View 1 Replies

C# - Avoid Query String That Appears In The Address Bar?

Dec 11, 2010

I have applied a filter on a page using drop downs.

When i click on apply filter.. the page gets filtered. Now i click on the edit of filtered result.. which redirects me to another page.

I want to send the selected data from the drop downs from the filter page to the redirected page.. and again to the filter page.. to retain the filter. I am doing all this by sending the values in Query string.

Is there anyway.. i can avoid the visibility of the query string in the address bar and still get the values and required result.

View 2 Replies

Entity Query - Combine Into One And Avoid Merging The Results

Nov 6, 2010

I can't seem to figure out how to write this query properly. I've tried various combinations but nothing's worked yet. Below is the relevant portion of my database model: I need to select the products that match a given Category and Group, and that match a given Year, Make, Model, submodel. This I've done below:

ItemList = From P In gDataContext.Products.Include("Groups").Include("Groups.Category1").Include("LookupYearMakeModels") From G In P.Groups Where G.Category = Cat And G.Grp = Group From Y In P.LookupYearMakeModels Where Y.Year = YMM.Year And Y.Make = YMM.Make And Y.Model = YMM.Model And Y.Submodel = YMM.Submodel Select P

I now also have to select products that match the Category, and Group but are Universal (Product.Univeral = True). I'm currently writing two queries, the one above and the one below. I'm merging the results of the two by simply using ItemList.AddRange(ItemList2) ItemList2 = From P In gDataContext.Products.Include("Groups").Include("Groups.Category1") where P.Universal From G In P.Groups Where G.Category = Cat And G.Grp = Group Select P But I want to combine both queries into one and avoid merging the results. How can I do it?

View 2 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved