I use a sp to insert/update records. Parsing a DataTable (many) to a user-define table typesTable type:
[Code]....
Table to Insert/Update:
[Code]....
Will this work (snipp from sp)
[Code]....
I'm using the 'Configure Data Source' wizard to connect to my database and show the dataset in Gridview. I want to be able to update, insert and delete entries but am unsure how to build the query. I can write simple update statments to change database entries but how can I do this for entries that have been changed within the gridview?
View 6 RepliesI have been in the process of updating my code with security methods, and I've been learning this from [URL] (or "Security Guidelines: ASP.NET 2.0"). In the middle of the page under "When Constructing SQL Queries, Use Type Safe SQL Parameters" it says "Use type safe parameters when constructing SQL queries to avoid possible SQL injection attacks that can occur with unfiltered input". Now, what they suggested was to use code like:
"DataSet userDataset = new DataSet();
SqlDataAdapter myCommand = new SqlDataAdapter(LoginStoredProcedure", connection);
myCommand.SelectCommand.CommandType = CommandType.StoredProcedure;
myCommand.SelectCommand.Parameters.Add("@au_id", SqlDbType.VarChar, 11);........"
But, I was already using code like:
"var dataSource = (SqlDataSource)form1.FindControl("sqlDataSource5") ;
dataSource.UpdateParameters.Add("someVal", val);"
So now, to use type safe parameters, I decided to include it like:
"var dataSource = (SqlDataSource)form1.FindControl("sqlDataSource5") ;
dataSource.UpdateParameters.Add("@someVal", DbType.Int16, val);
dataSource.UpdateParameters["@someVal"].Size = 1;"
So, that would be how I would modify my current code base to use type safe parameters in sql updating/inserting.
Getting to my actual question, as it was said "Use type safe parameters when constructing SQL queries to avoid possible SQL injection attacks that can occur with unfiltered input". First off, this suggests that this should apply to unfiltered input. Also, in their example they only did this for an ID.
So, what I'd like to know, when it comes to "unfiltered input", does this mean as long as the input is unfiltered I must use type safe parameters, or even filtered input shall have this (just to be sure), like, input that has been ran through a regularexpression check? Shall I do this for all values I insert/update into the database, or just IDs and important things?
The way I see it right now is that it would be a good precaution to just do type safe checks on everything (literally) that updates/inserts into the database just to be extra safe. But, I really am unsure if this is really the best idea, because if I did, would this possibly cause overprocessing of information? Can this cause too much strain on server resources? If my fears serve true, what would be a good suggestion of how I could implement this properly without having to worry about what I said?
when i want insert a record i see an error like this Can't perform Create, Update, or Delete operations on 'Table(MainMenuLink)' because it has no primary key. with this codes:
MyLinqDataClassesDataContext db = new MyLinqDataClassesDataContext();
MainMenuLink li = new MainMenuLink { Link = "www.tprogrammer.com", LinkSubject = "subject" };
db.MainMenuLinks.InsertOnSubmit(li); [code]....
i am using an ImageButton with onClick Event above a profile on a footballer.
On Click event, a logged in user on the site can save the footballer to a Junction table called FavouriteFootballer that has
a GUID UserId and FootballerId GUID as Primary Keys.
The problems is I need to warn the user if they already have the Footballer Stored as a favourite in the database
(With a Label or MessageBox PopUp) and not sure how to with the code I have.
In code behind I have the following
[code]....
I am using 1 textbox with a Ajax Calendar extender to allow my user's to select a date graphically (exp: 12/15/2009). I have another textbox for the hour and minutes in military time(exp: 15:30). I think i have the code to grab the data from the 2 textbox's and combine them to be inserted into the field (exp: 12/15/2009 15:30). Here is my insert code for the Field:
[Code]....
However unless I make all the fields Nullable the insert fails, on top of that none of the other field that I have selected on the Detailsview Insert or Edit are inserted into there fields. Half of my fields have to be non-null values. So how do I fix this?
I can supply additional vb code and the aspx code if needed.
This is the error I'm getting: Cannot insert the value NULL into column 'Operation_type', table '/GAOSDB.MDF.dbo.BC_Perf_Log'; column does not allow nulls. INSERT fails. The statement has been terminated.'
This is the first non-null column.
I need to get this figured out because I have 30 other web pages that will be utilizing the same approach.
how can i select a record from A table and insert into B table using linq?
View 2 RepliesBasically i deal with two tables.i have a table T1 of the following format:id company_name i need to read this data and create a table T2 as followsi wrote the following code. it worked fine for retrieving data and modification but fails to insert the modified data into the 2nd table.the error is, it does not recognise the value for @token
ArrayList dynarr=new ArrayList(); // global variable
protected void Button2_Click(object sender, EventArgs e)
{
int row = 1; int i;
string strcmd = null;
string Connection = "Data Source=....";
SqlConnection conn = new SqlConnection(Connection);
string str = "select company_name from T1 where ID=@ID";
[code]...
I have two tables - Student and Advert.
I want to do the following;
1. Student is logged into their account (session is authenticated)
2. StudentID is primary key for that table, it is a foreign key for table Advert
3. When student is logged in, they create advert
What I want is their student Id to be input into the advert table when this new advert is created. How is this possible?
I'm trying to create a validation layer that will contain methods to validate all my objects (in my Business Objects layer) .. but when I try to reference both the validation and business objects to each other I get a circular dependency error .. so I've decided to create a new layer (BLL) to validate the objects for me and I'll be able to reference both the validation and the object layers.
so I want to build some kind of class/interface -I don't know what fits more- to be like a generic type or a parent type that my method could accept it as a parameter and check for it's Name/ID property. Instead of defining a new method overload for each object type I have
Simplification
I'm sure this has been answered many times already, but I still can't seem to find exactly how to search for this issue, so apologies in advance.
Anyway, I have a VB script for entering a row of data into a table by a web user. When this row of data is entered, I wish to take some of the values from the columns of the "primary" table, and have that data automatically create a new row of data in a "secondary" table. I think I'm part of the way there, here is my script:
[code]...
"ProductsByMfr" is the "primary" table - the table that the user adds data into when the button click event is fired.
"DealerPricing" is a "secondary" table that I wish to have some of the data from the newly-entered row in ProductsByMfr copied into. Am I even close here?
This is SQL Server 2008 database. I have a tables which has a XML datatype column, Is XML Document = true, and ScemaCollection = InternalAttributeCollection.This is my schema
[Code]....
This is my table
[Code]....
I inserted this:
[Code]....
Now, the xml column is nullable and is currently is null for the John Doe record. I tried this update:
[Code]....
I get this error: "XML Validation: Declaration not found for element 'InternalAttributes'. Location: /*:InternalAttributes[1]"
I'm trying to update one my my tables from a field in another table.
I have Address fields on both tables and the old table has some addresses I need to copy over (I dont want to copy/paste or type them all in obviously). I basically need to:
[code]...
I want to insert a bunch of images into a SQL table I made.
Not sure how to get the data into a Image data Type. It's not like typing in a date or text.
Can is be done manually or must it use an insert statement?
If insert how is best done?
simple Table
ImageData Image
ImageID Int
ImageName nvarchar
ImageDescription nvarchar
Thay are all in the same folder
I have a table with a lot of records - it has a column called CallID I have another table with no records, but one that also has a CallID column I want to insert all the values from the CallID column in the first table into the CallID column of the second table.
View 6 RepliesI have a dBA who designed a table with a gender field, which the value can only be M or F. He designed the gender field as binary(1).
View 6 RepliesI attempted to change a table columns data type and in the process caused a lot of issues. I had a date column in one of my tables and stupidly changed it from varchar to date. When I tried to run queries on it I keep getting the 'cant find column 3 error'. Now that tables structure is :
[Code]...
So column 4 is actually the date column. All other queries work for this table. I then tried to change it back and then copied all data to a new table and now I am using the new table and converting the dates as needed but I am still getting the error.
SELECT * FROM postlinks WHERE postlinks.date >= CONVERT(datetime,CONVERT(varchar(10),GetDate(),112))
Not sure where I went wrong with this one, but I can't figure it out now... I've got a DetailsView in an UpdatePanel. A dropdownlist controls which person's details are displayed in the DetailsView. I have the DataSource set to an ObjectDataSource, which has select, insert and update methods defined. I also have a method for the ItemCommand, ItemInserting, ItemUpdating and DataBound events of the DetailsView specified.
When I click "New" or "Edit" on the DetailsView I get the open form with either the details for the current person, or a blank form, exactly as I would expect. But when I click the "Update" or "Insert" buttons it does absolutely nothing. I have it running in debug, and have put breakpoints in the ItemCommand, ItemInserting and ItemUpdating methods, right at the top, and it never goes there. The form remains open, and nothing happens. If I click "Cancel", it posts back and goes back to ReadOnly mode.
A couple more minor details that may be important: This page is using a Master page, which is where the ScriptManager is. I'm actually using the ScriptManager from the AjaxControlToolkit. I also have a GridView in this same UpdatePanel, and that has a FileUpload control in it. Because the FileUpload control doesn't work properly without some tweaking, I have to call a RegsiterPostbackTrigger method on page load to link it back to the Master page's scriptmanager. Not sure if that's causing any issues...?
I had this working fine, but then as the page got more complex and I had to change some of the code, at some point it just stopped working and now I can't figure out how to get this working again... I'm happy to post code if necessary, just thought I'd try this first to see if anyone has a quick idea for what to check.
An option to add a range of computers based on tag numbers, for instance, user input 800101 and 800110 would add computers SYS800101, SYS800102, SYS800103, SYS 800104, SYS800105, SYS800106, SYS800107, SYS800108, SYS800109, and SYS800110. Currently the app adds a single computer at a time.
Here I am using ASP.NET using C# and my backend in active directory.
how can I insert a list (of int) to table?
View 1 RepliesI have a web project with more than 100 input boxes , so in every INSERT and UPDATE to sql server in front of sql statement I must put the golden N word, so it will be in UNICODE mode. Do we have some alternative of this? How can i make it in EVERY UPDATE and INSERT to sql server in data layer level- make it like u insert UNICODE (without N word) How can you get MSSQL server to accept Unicode data by default into a VARCHAR or NVARCHAR column?
I know that you can do it by placing a N in front of the string to be placed in the field but to by quite honest this seems a bit archaic in 2008 and particuarily with using SQL Server 2005. Example:
cmd = New SqlCommand(sql, ConnectionFromEnum(whichDatabase))
cmd.Connection.Open()
i = cmd.ExecuteNonQuery()
so....
the question is : Am I suppose to make something with SQLCOMMAND to set- "enter evthng like it is UNICODE, with N auto"? or i must specify UNICODE by default in somewhere else? just to indicate that i already set in web.config
<globalization requestEncoding="utf-8" responseEncoding="utf-8" fileEncoding="utf-8" responseHeaderEncoding="UTF-8" culture="en-GB"/>
So global questions HOW TO MAKE INSERT AND UPDATE Unicode by default in every insert and update methods, without placing N word in front of literal string?
Is there a way to create a contact form that takes the name. address and other info for the master record; Then, somehow, on the same page, allow the user to enter multiple contact info as chid records (i.e. phone, email, etc.)
All this using the Objec DataSource or SQL DataSource (which ever is easy) and doesn't require writing too much code.
[Code]....
After this and in the same procedure i want to update the inserted or the updated record which occared in the above code with the follwing update statment :
[Code]....
updating mark is completed successfully if the record is existed (Update Case) but if the record does not exist (new record) ... the update of the mark is not occured ..
Existing records can be updatedNew records can be insertedAll existing records can be deleted & new ones can be insertedExisting records have a primary key field
New ones are just blank inserts
All this detail is stored in a data table. On form update I only want to update existing (only modified rows) & insert new rows. I have gone about loading the changed records in a new data table
DataTable changedRecordsTable = dataTable_old.GetChanges();
How do I compare it with all the records in the old datatable and pass them to the save query ?
the code to insert the data from asp.net application to sql database table
like user registration form filelds in sql db table