|
Can you double check my syntax on this? I keep getting an error of too many literals in the string
ScnQuestionNo and MeasID are number fields
<br />
string strInsert ="Insert INTO DataElements (Checked, Requirement, RequirementTitle," + <br />
" MeasID,DeNr, Duplicate, LiveQuestionNo, ScnQuestionNo, DataElement, Form, QType," +<br />
" Format, [Default], SME, [User], SA, IASME, Security, [Table], FieldName," + <br />
" TQScenario, TQLive, Subtitle, DA) Values (" + Convert.ToInt16(ckChecked.Checked) + ",'" + Requirement.Text + "','" +RequirementTitle.Text+ "'," + MeasID.Text + ",'" + DeNr.Text + "'," + Convert.ToInt16(ckDuplicate.Checked) + ",'" + LiveQuestionNo.Text + "'," + ScnQuestionNo.Text + ",'" + DataElement.Text + "','" + Form.SelectedValue + "','" + QType.SelectedValue + "','" + Format.Text + "','" + Default.Text + "'," + Convert.ToInt16(ckSME.Checked) + "," + Convert.ToInt16(ckUser.Checked) + "," + Convert.ToInt16(ckSA.Checked) + "," + Convert.ToInt16(ckIASME.Checked) + "," + Convert.ToInt16(ckSecurity.Checked) + ",'" + TableName.SelectedValue + "','" + FieldName.Text + "'," + Convert.ToInt16(ckTQScenario.Checked) + "," + Convert.ToInt16(ckTQLive.Checked) + ",'" + Subtitle.Text + "'," + Convert.ToInt16(ckDA.Checked) + ")";<br />
<br />
<br />
Here's my debug output:
strInsert: "Insert INTO DataElements (Checked, Requirement, RequirementTitle, MeasID,DeNr, Duplicate, LiveQuestionNo, ScnQuestionNo, DataElement, Form, QType, Format, [Default], SME, [User], SA, IASME, Security, [Table], FieldName, TQScenario, TQLive, Subtitle, DA) Values (0,'Unk','Unk',,'DE 0.1.17',0,'',,'Last four digits of SSN','Demographics','N/A','char','',0,0,0,0,0,'Demographics','LastFour',0,0,'N/A',0)"
Now I get "Line 1: Incorrect syntax near ','."
|
|
|
|
|
Whoah - that is one really insecure statement. Have you considered what this is going to do if you become the victim of a Sql Injection Attack[^]? Please reconsider before you go any further down this path.
|
|
|
|
|
I am on an Govt Secure server. That is not actually out on the web. I don't have to worry about a SQL Injection Attack. I am no skilled programmer, nor trained, this is the only way I know how to do what I am doing.
|
|
|
|
|
Ibuprofen wrote:
I am on an Govt Secure server. That is not actually out on the web. I don't have to worry about a SQL Injection Attack.
What? You think that public sector workers are all above reproach. SQL Injection attacks can occur ANYWHERE where the code is running unprotected. Take the advice given in the article and use it - it will make your code easier to use AND more secure. You won't have to worry about balancing apostrophes.
|
|
|
|
|
Anyone that uses my application, has a security clearance, you have to have access to our network, to get to the application, if any of the people cause a SQL Injection attack. Well then, that will end with a nice prison sentence. I am reading the article, and I will always take whatever help I can get, I am not a trained programmer, the article is a bit above my head.
|
|
|
|
|
Still no excuse for poor coding techniques. As Pete said, an attack can occur ANYWHERE. Do you want to handle it after the fact, if it is ever detected at all, or prevent it from happening in the first place?
only two letters away from being an asset
|
|
|
|
|
Ibuprofen wrote: Anyone that uses my application, has a security clearance
The vast majority of security breaches are inside jobs.
Ibuprofen wrote: if any of the people cause a SQL Injection attack. Well then, that will end with a nice prison sentence.
If they get caught!
Ibuprofen wrote: I am not a trained programmer, the article is a bit above my head
I wrote the article. If I can help you understand it then let me know what you'd like help with.
Upcoming FREE developer events:
* Developer! Developer! Developer! 6
* Developer Day Scotland
My website
|
|
|
|
|
Though I agree w/Pete O'Hanlon's comment and suggest you take what he says into consideration, maybe what I have highlighted in red is (are) the source(s) of your error...
Ibuprofen wrote: Values (0,'Unk','Unk',,'DE 0.1.17',0,'',,'Last four digits of
|
|
|
|
|
In additional to researching sql paramaters, you should look at StringBuilder[^]
only two letters away from being an asset
|
|
|
|
|
Is it possible to parametrize a generic collection by user controls (*.ascx)?
thx
|
|
|
|
|
Since user controls derive from System.Web.UI.UserControl, you can use this class to store them, like in a List<UserControl> .
|
|
|
|
|
hello
thanks for the time
I work in a company car and
i have to do a small page to calculate Available hours in the workshop
i have my data base and i have Researching how use
dataset datareader custom entity with objective to process the data
and Giving results
i read the article Dude, where's my business logic?
in my work all logic is in the store procedure
i will wish Implementing the business logic in the BUSINESS LAYER
GET the data and process this in the business layer.
doing the store procedure very simple
some one have a example o link
thanks for the time
regards,
|
|
|
|
|
Go to ASP.NET and look at the samples provided.
|
|
|
|
|
thanks for the comment
i am gointo see the example that asp.net provide
regards
|
|
|
|
|
I have a scnario in my page. when user entered two dates(From and Todate) in textboxes and click on a button the gridview should display two boundcolumns and template columns(vary depends on dates range). Ex, user give 19/11/2007 and 21/11/2007. and clicked on button the Gridview will be
____________________________________________________________
ID(col1) Name(col2) 19/11/2007(col3) 20/11/2007(col4) 21/11/2007 (col5)
------------------------------------------------------------
12 aaaaa image1 Image2 Image2
13 bbbbb image2 image3 Image4
......................................
.......................................
ID and Name are boundfield columns but 19/11/2007 20/11/2007 21/11/2007(Headers) are template columns......template column contains imagebutton control....
if user give the dates 19/11/2007 and 20/11/2007 and clicked on button, the gridview will be
___________________________________________
ID.... Name... 19/11/2007... 20/11/2007 (Headers)
--------------------------------------------
12.... aaaaa .... image1 ........ Image2
13.... bbbbb .... image2 ......... image3
......................................
.......................................
Can anyone give me solution ?am using asp.net 2.0 and c#
Thanks in advance.
so template columns are varying depends on dates range....
|
|
|
|
|
protected void Button2_Click1(object sender, EventArgs e)
{
for(Int32 i=0; i
|
|
|
|
|
you can load the ID from database and use it as datakey in gridview. and then get it using
<br />
GridView2.DataKeys[i];<br />
-----
|
|
|
|
|
get two tables in a dataset for both repeaters (parent table for first repeater and child table for second repeater). add a parent-child relation between both tables and use the createchildview command to populate child repeater
-----
|
|
|
|
|
I have provisional design I'd like some feedback on, in terms of feasibility and usability. My requirement is to allow an admin to maintain Teams within a division. One division may have zero to many teams, and each team zero to many users. Users may belong to many teams. The admin needs to be able to select a division, then add, edit, or delete teams in that division. Editing a team involves changing its name, and adding or removing users.
My initial design uses a header DropDownList, to select a division, then below that a ListBox on the left, with Users for that Division, and a TreeView on the right, with Teams as root nodes and users in teams as child nodes under the teams. Between these I have Add and Remove buttons, to add or remove users from a selected team. To the right of the teams treeview I have buttons to add, or remove a team, and to edit the team name. I don't yet know how to implement the editing of the team name.
Calling all South African developers! Your participation in this local dev community will be mutually beneficial, to you and us.
|
|
|
|
|
How to output a web control so that it can be postbacked from the page?
I write the code like this:
LinkButton btnTest = new LinkButton();<br />
btnTest.Text = "Test";<br />
btnTest.Click += new EventHandler(btnTest_Click);<br />
StringWriter sw = new StringWriter();<br />
HtmlTextWriter htw = new HtmlTextWriter(sw);<br />
btnTest.RenderControl(htw);<br />
lblTest.Text = sw.ToString();
Now the control could be outputed by HTML code,
but it cannot be postbacked from the page.
It be outputed like a normal text, not a LinkButton.
I want it can be clicked, and raise the click event.
So, what can I do for it?
|
|
|
|
|
Hi,
btnTest.PostbackUrl="specify to which u want to postback";
I hope this will suffice ur requirement.
Happy Programming.
|
|
|
|
|
No, it doesn't it!
At last, the server output the HTML's code like <a>Test</a>.
So the LinkButton cannot be clicked!!!
|
|
|
|
|
Hi,i wan to show the video in asp.net page,so am using embed object.it is working in my local machine but after hosting that page not working in my machine.am adding this code in datalist control.embed code as follows
<embed id="vd" autostart="true" src="<%# DataBinder.Eval(Container.DataItem,"VIDEO")%>"
="" controller="true" loop="false" visible="true" width="318" height="320" scale="tofit" type="video/x-ms-wmv" />
Databindcode as follows
DataTable VideoTable = new DataTable();
DataColumn VideoColumn;
VideoColumn = new DataColumn();
VideoColumn.DataType = Type.GetType("System.String");
VideoColumn.ColumnName = "VIDEO";
VideoTable.Columns.Add(VideoColumn);
foreach (string Files in Directory.GetFiles(System.Web.HttpContext.Current.Server.MapPath("Video"), "*.wmv"))
{
VideoTable.Rows.Add(Files);
}
One more doubt.will the embed object work all the browsers or it is a browser specific.in my local machine it is IE6 only.if it is a browser specific which is the best solution for showing the video
|
|
|
|
|
Hi everyone,
Can anyone help me out in opening the .oft file using asp.net and vb(code-behind).
Regards,
Manowj
|
|
|
|
|
hello
i want three if codition how can run it.
in this code
if (flag == 0)
{
funSearchSecurityCode();
}
this if condition run.
this is also run---
if (drpdwnAnalystName.SelectedItem.Value == strDropdown)
{
funSearchAnalyst();
}
but in this pointer is not go inside directly go outside funStyle().
if (flag==1)
{
funSearchFromDate();
}
funStyle();
code--------
protected void btnSearch_Click1(object sender, EventArgs e)
{
string strDropdown = drpdwnAnalystName.SelectedItem.Text;
string strSecurityCode = txtSecurityCode.Text;
string strFromDate = dtpFrom.SelectedDate.ToString();
int flag = 0;
if (flag == 0)
{
funSearchSecurityCode();
}
if (drpdwnAnalystName.SelectedItem.Value == strDropdown)
{
funSearchAnalyst();
}
if (flag==1)
{
funSearchFromDate();
}
funStyle();
txtSecurityCode.Text = "";
drpdwnAnalystName.SelectedItem.Text = "";
}
Gayatri
|
|
|
|
|