DataSource Controls :: Allowing All Characters In SQL Insert?
May 14, 2010
I'm using SQL Server 2005 and am getting security errors when the user enters certain characters in the aspx page. For example, the simple string,
&#
causes an error. How do I allow the user to enter anything they want and keep the site secure? In my VB all fields are sent with Parameters.AddWithValue.
I need a regular expression on a RegularExpressionValidator that just checks if the minimum length is 3 characters, it doesnt matter what characters are typed in...
I need to allow the user to submit queries as follows;
/search/"my search string"
but it's failing because of request validation, as outlined in the following 2 questions:
[URL]
I'm currently trying to figure out how to disable request validation for the quote character, but i'd like to know the risks before I actually put the site live with this disabled?
I am trying to pass in as an insert parameter for SQLds2 the scope_identity of the insert of SQLds1.
Exception Details: System.InvalidOperationException: Error executing 'InsertCommand' in SqlDataSource 'SqlDataSource1'. Ensure the command accepts the following parameters: @Name1, @NewId
I do have a details view, which insert data to a database table using SQL Datasource. Now i need the data to be inserted in to 2 tables instead of one.
I am using 1 textbox with a Ajax Calendar extender to allow my user's to select a date graphically (exp: 12/15/2009). I have another textbox for the hour and minutes in military time(exp: 15:30). I think i have the code to grab the data from the 2 textbox's and combine them to be inserted into the field (exp: 12/15/2009 15:30). Here is my insert code for the Field:
[Code]....
However unless I make all the fields Nullable the insert fails, on top of that none of the other field that I have selected on the Detailsview Insert or Edit are inserted into there fields. Half of my fields have to be non-null values. So how do I fix this?
I can supply additional vb code and the aspx code if needed.
This is the error I'm getting: Cannot insert the value NULL into column 'Operation_type', table '/GAOSDB.MDF.dbo.BC_Perf_Log'; column does not allow nulls. INSERT fails. The statement has been terminated.'
This is the first non-null column.
I need to get this figured out because I have 30 other web pages that will be utilizing the same approach.
Conseptually what I'm doing is simple, and technically it may even be simple, but I'm still rusty. Here's what I'm trying to do:
I have a webform that allows the user to enter a new record, and in there I have also included a couple FileUpload controls. Upon clicking the "Save" button, I'm saving the details entered into one table (ITEMS), and also inserting the FileUpload details (path, id, upload_user) into another table ATTACHMNTS). Because one ITEM can have many attachments, I needed to split the tables up. So on save, I need to save the ITEM, save the ATTACHMENT, and then also put the ITEM_ID in the ATTACHMENT table. I'm second guessing myself because I think all I'd have to do is after I do the ITEM insert, do a SELECT MAX on the ITEM table and hold the newest (MAX) id in a variable and then use it in the ATTACHMENTS update. I'm not 100% on this because there IS a chance that someone else could save a few milliseconds later and I'll link the wrong ITEM. See my delima?
I have a project that I was using Access for but now find I have to change to SQL Express. Well I have no big problem with that but I now find that the SQL Statement I have been using was for OLE and does not work in SQL/Express. I am not even sure anymore if I can dump the entire CSV file in at one time? The statement I was using is below.
[Code]....
Here is my problem. What is the INSERT statement to insert a complete flat (CSV) into SQL Express? OR what method can I use to preform this task?
I'm trying to remove extraneous characters like quotes, commas, etc from my dataset. I get the fact in the standard way of doing things in your code behind you simply go
string data = data.replace(",",""); or something like this. However, a datasource doesn't seem to give me that capability. What can I do to make it do this? I'm importing data from an excel sheet into a gridview. The commas are goofing up my view. I'd like to replace any commas in the dataset with spaces. Here is the code I have.
I developed a website using asp.net 2.0 and sql server 2005. I m using Turkish language content as entries to database tables. But when I try to add any record from my web interface I see strange characters. for example "ş,ğ,İ," characters are viewed like Å,? characters. I set my globalization to culture turkish in web.config. So there s no problem with static data on the page and no problem with records I added earlier in my own machine. I just need to send data in a correct encoding to the database.I first thought it was about collation, but changing collation doesn t differ data sent to database, I think I need to do something from my web app, but still couldn't get any ideas.
I am trying to create a table in my MS SQL database for Languages. I want to store an English name of Language and a local name of language in the database.
i.e. Language, Language(local) English, English German, Deutsch Italian, Italiano Japanese, 日本語 ... ...
I have 279 languages that I want to import, but when I import it shows '?????' for some like japanese, Russian and arabic etc. The database Collation is Latin1_General_CI_AS.
I would also like advise on multilingual websites; if i have a database of product descriptions and I want to have translation in multiple languages, should I go for separate databases or Can I have translation in one databse? (I prefer not to duplicate data!). Anything else to make sure users are able to write comments in different languages (char encoding on web?) and can be stored in database.
I have managed to import data but, I cannot select and view correctly and therefore cannot verify if import was successful; I am getting following results on select:
How to programatically insert string with special characters into RTF? I have rtf template I load to string and then replace all $MY_VARIABLE$ with data. Data contains special chars like 'ąęść' and the problem is that in result file these characters are replaced with '?'. It's something wrong with encoding but what?
My code looks like:
StreamReader reader = new StreamReader("template.rtf"); StringBuilder form = new StringBuilder(reader.ReadToEnd()); // here I replace variables in rtf with data Encoding srcEncoding = new UTF8Encoding(); Encoding dstEncoding = new ASCIIEncoding(); byte[] utf = srcEncoding.GetBytes(form.ToString()); byte[] asci = Encoding.Convert(Encoding.UTF8, Encoding.ASCII, utf); return dstEncoding.GetString(asci);
how do I go about inserting into a database special characters such as the uppercase O, umlaut Ö Please understand that I have been able to insert the special character from inside MMS by putting an N in front of the value but when I run the SQL file from inside an ASP.net 4.0 page it comes up as a diamond with a question mark in it
i have two sqldatasource controls. one i use to display data in textbox's ,filter'd by a select parameter in page behind code. Once checked, i want to copy this data to the other datasource ,by selecting checkbox.Then display this data in detailsview control.
At present the two datasource controls declared , render data to the page simultaneously during pageload. I want to first check data in textbox's from first source, before second datasource is rendered to screen. note, both are filtered by a page variable. i wish to leave the textbox datasource control in situ, as other controls and code depend on it.The other detailsview datasource is my problem?
I am using this code to find titles depending on user criteria:
[Code]....
The search is non-english charachters, and it has some problems. when you looks for "Marker" and in database you have this title: "Markers" it won't find it..... This search just not good enough and I am looking to replace it urgently....
I'm using the following C# code to insert the data from my webform. I'm trying to add additional information inside the SQL server database which holds the information about my memebership system.I added a table to it with the following fields:UserId (F.k) , FirstName, LastName, StudentId, Status.My user does get created however my additional data doesn't get inserted.I recive no errors, so I really don't know what I'm doing wrong.Here is my C# code:
I'm very new to this area and am using ASP.NET 3.5 with WMD 2008 Express Edition and VB code.
How do I write records to the SQL database using VB? I want to use the connection string, etc used in the ASP.NET controls if possible.
My website is a Rugby Club site and I've an SQL database of match fixtures which include TeamId(1XV, 2XV, etc.), Season(2008, 2009, etc) and match date.
I allow some users to update the fixture details but want to insert a series of new fixture records for the neext season which contain just TeamId Season and Match Dates. I therefore want to take the season and Team Id from label fields and then create match dates by adding seven days to a start date.
but when I run it inserts '@test' (no quotes) into the database. What am I doing wrong? It's probably really simple but I've been looking at it for ages! :(
No matter what I do I keep getting the error that my input string is not valid and that the system cannot convert a string to a double. I have a table with two fields, both are defined as nvarchar(25). My command text is:INSERT INTO OtherProducts VALUES ('Sample','Test') am using Visual Web Developer. This is as simple as it gets. I have tried parameters as well.
I'm trying to catch (in string "s") the primary key for the record being inserted via DetailsView. I have an SqlDataSource connection to an Access 2003 database. The primary key is auto-increment integer (long) field.