Security :: Apostrophes In String For SQL Not Working?
Nov 16, 2010
I have tried everything all day and cannot figure this out.
I tested the Insert Statement in MS Access and it works.
INSERT INTO user ([user_login], [email], [create_date]) VALUES ('user67', 'suesargis@yahoo.com', '11/15/2010 8:18:14 PM';
So how do I add the apostrophes in the string below to get the above when using executenonquery.? The string produces everything ok but it is missing the apostrophes.
string querystring = "INSERT INTO user ([user_login], [email], [create_date]) VALUES (" + CreateUserWizard1.UserName + ", " + CreateUserWizard1.Email + ", " + tbdate +";";
View 6 Replies
Similar Messages:
Nov 25, 2010
I have a query which gets the text from a textbox and inputs it into the database.
It works fine if the value is something like Taylor but errors when it's O'Neill because the apostrophe gives a syntax error unclosed quotation mark Is there a way to add O'Neill to the database with the apostrophe still there?
I don't want to replace it with a double single quote I want it to be put in the database as it shows.
View 4 Replies
Mar 1, 2010
In my XML, it's possible for an apostrophe to appear in a node's value:
[code]....
I've noticed that the text is correctly displayed in the asp:TextBox but not in the INPUT element. I'm assuming that it's because server controls correctly escape the apostrophe. To work around this, I tried changing the Description node in the XML to the following:
<Description>This is section 'A'</Description>
Again, this displayed correctly in the asp:TextBox, but not in the INPUT element.
My next attempt was to wrap the node's value in a CDATA:
<Description><![CDATA[This is section 'A']]></Description>
Finally it was displaying correctly in the INPUT element, but now the asp:TextBox displayed the two "& # 3 9 ;". I've even tried "& a p o s ;" but the result is the same.
What is the best approach for the use of apostrophes in XML where the value can be displayed in either a server control or HTML element?
View 2 Replies
May 28, 2010
I am importing a comma seperated, single quote delimited file based off of client specifications. The only problem is now the client is sending apostophes in the file and is throwing off the single quote delimiter.
For Example:
'FirstName','LastName'
'John','O'Grady'
I need to figure out somehow to escape or replace that character before it goes into my OLE dataset import and then handle it before it hits my SQL table. Here is my current process flow:
Save the file to the App_Data using a FileUpload control Build a schema.ini for the ' delimeter Import into a dataset using Microsoft Jet OLE Use a for loop to pick out the fields that I need and build an insert into SQL I was trying to replace the ' with an underscore but then ended up replacing the whole file instead of just the one in the name.
View 3 Replies
Dec 24, 2010
I have two sub routines that I've created to pull in my Membership user roles and assign the value/name of that role to the value of a cookie.
My first subroutine looks like this
[Code]....
At this point, role ID is a 1-dimentional array which is not acceptable for a cookie's value (it must be a string), but in Debug mode, I can see that the array does contain the correct roleID value. In my 2nd subroutine I change the value from array to string for no other reason than that it gives me an opportunity to see that the value of CookieValue() before it is converted does have the correct roleID.
[Code]....
Even though it still shows that string as having the correct value, it returns the object "System.String[]"
View 1 Replies
Mar 15, 2010
How to Encrypt a string using C# and Decrypt that string using javascript?
View 2 Replies
Feb 21, 2011
I have a login control that is working beautifully on my localhost, but not working on the server. It validates my username & password - and gives me an error if I enter an invalid username/password. However, if I enter the correct username/password, the page refreshes, but does not redirect me to the "ReturnUrl" that I see in the URL. I've seen posts on this, but nothing that I tried worked. I've tried setting the 'MembershipProvider'attribute of the login control. I don't want to set the DestinationUrl...I want it to take what is in the ReturnUrl in the querystring. I don't think it's a web.config issue cuz it works on localhost??
View 3 Replies
Feb 8, 2011
am working with Login page,but is not working.so what can i do. This is my code.
string connect = ConfigurationManager.ConnectionStrings["CarsalesConnectionString"].ToString(); protected void btnLogin_Click(object sender, EventArgs e) { Session["Username"] = txtUsername.Text; Session["Password"] = txtPassword.Text; string status = "Active";
string Query = "Select * from tbl_User where Username = '" + txtUsername.Text + "' and Password = '" + txtPassword.Text + "' and Active = 1 and Status ='" + status + "' "; SqlDataAdapter cnAccess = new SqlDataAdapter(Query, connect); DataSet myAccessDataSet
= new DataSet(); cnAccess.Fill(myAccessDataSet, "tbl_User"); if (myAccessDataSet.Tables["tbl_User"].Rows.Count != 0) { //condition A lblErr.Text = "Invalid Username and Password!"; //Response.Redirect("~/Customer/CustomerForm.aspx"); //Response.Redirect("~/Mainpage.aspx");
} else { //condition B Response.Redirect("~/Mainpage.aspx"); //lblErr.Text = "Invalid Username and Password!"; }
View 2 Replies
Oct 4, 2010
// Build email link
confirmLink = Master.siteDomain + "/newsLetter.aspx?action=confirm&e=" + emailAddress + "&code=" + verCode;
using (SqlCommand cmd = new SqlCommand("SELECT newRegEmailBody, newRegEmailSubj FROM tblSiteSettings WHERE (isActive = 1)", Master.cn))
{
SqlDataReader rdr = cmd.ExecuteReader();
if (rdr.Read())
{
emailBody = rdr[0].ToString();
emailSubj = rdr[1].ToString();
}
rdr.Close();
}
emailBody.Replace("[CONFIRMATION_LINK]", confirmLink);
emailer.sendEmail(emailAddress, Master.noReplyEmail, emailSubj, emailBody);
It all seems to work fine, except the body is still showing up with [CONFIRMATION_LINK] in the text,
View 4 Replies
Mar 3, 2011
I am trying the following:
[Code]....
Where @Resource.Info is "{0} - {1}".
But I always get <p>0</p> - <p>1</p>.
I tried a few more options like using @<text>, @Html.Raw but I always end up with an exception or the same result.
Basically I have a localized resource, @Resource.Info, and I need to insert in the phrase some htm code.
View 2 Replies
Jan 21, 2011
I stored string in Variable then i assigned that value to TempData like this ,
String securityques = "Whats ur name";
TempData["SecQuesti"] = securityques;
When i use this code <%: TempData["DisplayName"]%> to display. it displays only
Whats , i want to display the full string...
Whats wrong in my coding ??
View 3 Replies
Oct 22, 2010
I'm trying to bind a List<String> to a DropDownList in a user control. I think I'm doing the right thing, but it seems that after my code executes the bindings are cleared. Here's the code for review!
User control:
<asp:DropDownList ID="subjectNameDropDown" runat="server"/>
<asp:DropDownList ID="yearLevelDropDown" runat="server"/>
Auto-generated designed code-behind:
public partial class NewSiteMetadataUserControl {
protected global::System.Web.UI.WebControls.DropDownList subjectNameDropDown;
protected global::System.Web.UI.WebControls.DropDownList yearLevelDropDown;
}
Code-behind:
public partial class NewSiteMetadataUserControl : UserControl
{
protected override void CreateChildControls()
{
subjectNameDropDown = new DropDownList();
yearLevelDropDown = new DropDownList();
}
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
EnsureChildControls();
// Attempt 1
List<String> subjectNames = GetSubjectValues();
foreach (var subjectName in subjectNames)
subjectNameDropDown.Items.Add(subjectName);
subjectNameDropDown.DataBind();
// Attempt 2
List<String> yearLevels = GetYearLevelValues();
yearLevelDropDown.DataSource = yearLevels;
yearLevelDropDown.DataBind();
}
}
Should this approach work? If it should, how can I debug what happens after the code executes?
View 2 Replies
Mar 28, 2011
why my dataformat string is not working. Below is the code I am using
<asp:BoundField HeaderText="Log Date" DataField="Log_Date" DataFormatString="{0:dd/MM/yy HH:mm}" ItemStyle-Font-Names="Arial" ItemStyle-Font-Size="13px" ItemStyle-HorizontalAlign="Right" HtmlEncode="false"/>
I need this in around 6 to 7 places. When I changed it everywhere to the same as above, it worked in only 2 places but others are not working. Its the same but dont know whats the reason.
View 5 Replies
Jan 20, 2010
I am accumulating a string for a SQL IN clause, so the format needs to be WHERE var IN ('string1','string2','string3',etc)
The strings are coming from a multiline textbox where they are pasted in from the user (one per line).
For some reason, I always get a space right after the tick and before the value in every value after the first. For instance my DataReader is only returning one record because the input string turns out like this:
SELECT * FROM Table
WHERE ID IN ('12345',' 23456',' 34567')
Here is how I am processing the string, and I can't see why it is not taking that space out.
[Code]....
Even if I move the replace space (line 2) to the end of the code block, it still wont trim it out...
View 3 Replies
Dec 12, 2010
I am using VB.NET and I can't compare the radio button lists selectedItem.Value to a string, it doesn't work...here is the code: (I have also tried selectedValue it does not work either)
Response.Write("RB1: " + rblOne.SelectedItem.Value + " FML FML FML<br/>")
If rblOne.SelectedItem.Value = "No" Then
Response.Write("Hey there!<BR/>")
pnlR1.Visible = True
If NumberOfAnswers = 7 Then
Score = Score - 10
ElseIf NumberOfAnswers = 6 Then
Score = Score - 15
Else
Score = Score - 20
End If
Response.Write("Score: " + Score.ToString)
End If
Response.End()
If rblOne.SelectedItem.Value = "No" Then is not working, notice the debug statements in there, here is the output: Why won't it evaluate that rblOne.SelectedItem.Value = "No" !?!?!? I tried rblOne.SelectedValue, that doesn't work, AND I added .ToString to both
View 1 Replies
Aug 5, 2010
I have a ListView control that pulls a phone number from a db table. I'd like to format the phone number in the presentation layer to look like (###) ###-####.
The code line currently looks like this. The page displays the phone# but unformatted, i.e. 9999999999.
[Code]....
Based on other posts I've looked at in this forum, I've also tried:
<li>Phone: <%# String.Format("{0:(###) ###-####}", Databinder.Eval (Container.DataItem("Phone"))) %> with no success. In fact, this particular line throws an exception in my application (Input string not in the correct format).
The datatype I'm using in SQL is varchar(15)
The MSDN documentation for the String.Format method hasn't been very helpful thus far.
View 20 Replies
Aug 26, 2012
I have the following Repeater, I need to bind multiple querystring parameter inĀ HREF
<li class="current">
<a href="house.aspx?H_name=all"></a>
<ul>
<asp:Repeater ID="rptMenu" runat="server">
<ItemTemplate>
[code]...
View 1 Replies
Feb 10, 2011
look at the pic guys, im using visual studio 2010, and sql server 2008, the password field should turn into md5 code, but its not working, it changed into system.data.
View 1 Replies
Jul 18, 2010
[URL]UserFiles/ArticlesFiles/633574997433655321_Raja_images.jpg when I click any of secure page like (user page , admin or user ) and I am not login then it will show me in url like this http://localhost:59847/FormsAuthenticationAdvanced/login.aspx?ReturnUrl=/FormsAuthenticationAdvanced/secure/securepage.aspx
& displays login form. After login it will redirect me to that respective page which I clicked ( like if secure page is clicked before login then after login it will redirect me to secure page ).
View 1 Replies
Sep 23, 2010
what is integrated security in connection string in asp.net.
View 1 Replies
Jul 22, 2010
I have an external site developed in php that send me a string cripted with this php function:
const SALT = "chiave";
public static function myEncrypt($text)
{
return rawurlencode(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, self::SALT, $text, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))));
}
and then I need to decrypt this in asp.net.
How can I do?
[Code]....
View 1 Replies
Jun 16, 2010
Ok I created a web app with membership & role, intially I had 2 db but combined data with the default aspnetdb.mdf created to simplify.I then used "copy web" to move all asp files & roles folders to remote server in a sub domain directory.Created a backup of the aspnetdb.mdf and then ftp to sub domain directory which was then loaded by the host as MS SQL db name: aspnetdb3.Now, I know I need to change the web.config connection settings but to what???here is the initial connection setting:
[code]...
View 5 Replies
Jun 30, 2010
I've added the identity tag for impersonation. I've configured my site under IIS 5.1. The identity i've added is my domain username/password. But when I run any exe file from my asp.net file, it still runs under "aspnet" user name.
View 1 Replies
Sep 2, 2010
I am using impersonation in my ASP.NET application to access network resources. It works fine when I run on my computer, however when I setup the site on IIS6, it does not work. Is there some extra configuration, I need make in IIS for it?1. I created an account "TestUser" with the privilege as "act as operating system" on a server that has the resources which I want to access.2. The impersonation works fine on my computer, when I run from visual studio. My computer is on the network under same domain where the "TestUser" is created.
View 5 Replies
Sep 12, 2010
[Code]....
View 1 Replies
