|
this my code:
public DataSet GetLs(string que)
{
DataSet ds1 = new DataSet();
try
{
cn.Open();
cm.Connection = cn;
cm.CommandText = que;
cm.CommandType = CommandType.Text;
OdbcDataAdapter da1 = new OdbcDataAdapter(cm);
da1.Fill(ds1);
return ds1;
}
catch (Exception e)
{
throw e;
}
finally
{
cn.Close();
}
}
my function
public JsonResult LstDepartement()
{
DataSet ds2 =Dt.GetLsts ("select * from Departement");
List<Departement> lstDepart = new List<Departement>();
foreach (DataRow dr1 in ds2.Tables[0].Rows)
{
lstDepart.Add(new Departement
{
ID = dr1["Id_Depart"].ToString(),
Désignation = dr1["Departement"].ToString(),
});
}
return Json(lstDepart, JsonRequestBehavior.AllowGet);
}
|
|
|
|
|
Except ... The first bit of code doesn't call the second:
public DataSet GetLs(string que)
{
...
}
public JsonResult LstDepartement()
{
DataSet ds2 =Dt.GetLsts ("select * from Departement");
...
} GetLs and GetLsts are not the same method ...
And to be honest, doing SQL that way is a very poor idea.
The trouble is that it's prone to SQL Injection. Suppose you want to get departments that all use the same SalesCode - that's easy, add a WHERE clause that specifies the code:
DataSet ds2 =Dt.GetLsts ("SELECT * FROM Departement WHERE SalesCode = " + salescCode);
But ... that's really dangerous!
Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.
When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood' The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable; Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x'; A perfectly valid SELECT
DROP TABLE MyTable; A perfectly valid "delete the table" command
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.
So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
And your system has no way to add parameters to a command, because you don't create the command until you have built the command string!
I'd strongly suggest you scrap that code and "do it properly" instead.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
GetLs and GetLsts both have the same instructions.
I don't add the where clause because I populate a dropdown list.
that's the reason why I use it.
my GetLsts is:
public DataSet GetLsts(string que)
{
DataSet ds1 = new DataSet();
try
{
cnxs.Open();
cmds.Connection = cnxs;
cmds.CommandText = que;
cmds.CommandType = CommandType.Text;
SqlDataAdapter da1 = new SqlDataAdapter(selectCommand: cmds);
da1.Fill(ds1);
return ds1;
}
catch (Exception e)
{
throw e;
}
finally
{
cnxs.Close();
}
}
I don't know if
|
|
|
|
|
Read the error message - it's pretty explicit.
The OdbcConnection object is not open.
That means that you have created an instance, and either tried to open it but the operation failed (and you swallowed the exception), you didn't try to open it, or you opened it then subsequently closed it again.
Without your code, there isn't a lot we can add to that...
Your code should look something like this:
using (OdbcConnection con = new OdbcConnection(strConnect))
{
con.Open();
using (OdbcCommand cmd = new OdbcCommand("SELECT Age, Description FROM myTable WHERE ID = @ID", con))
{
cmd.Parameters.AddWithValue("@ID", myTextBox.Text);
using (OdbcDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
{
int age = (int) reader["Age"];
string desc = (string) reader["Description"];
Console.WriteLine($"{age}\n{desc}");
}
}
}
}
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Hi all, I have a Winforms application which I want to use a local DAL when a remote Net Core API is not available. Currently I have if statements (lots of them ) such as
if(! APIAvailable())
Call the local DAL;
else
Call the Remote API;
The API and local DAL have identical methods and properties, I would like a more elegant and extendable way of handling this
Any ideas guys ?
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
|
|
|
|
|
Surely that check need to be in your local DAL where there are limited methods and you choose between the source.
Or using the accepted nomenclature create a datacontext based on the availability at initiation and use that everywhere.
Never underestimate the power of human stupidity -
RAH
I'm old. I know stuff - JSOP
|
|
|
|
|
That check need to be in your local DAL where there are limited methods and you choose between the source.
That's what I currently do and it results in lots of if statements
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
|
|
|
|
|
Your DAL should only have about 6 methods accessing the database/API, called by your business object layer. I suspect your BO layer is calling into the database.
If the DAL has a property IsAPIAvailable set at initialisation which should set a DataContext property that all the methods in the DAL call to access the data source.
Never underestimate the power of human stupidity -
RAH
I'm old. I know stuff - JSOP
|
|
|
|
|
How is APIAvailable implemented, and how likely is it to change?
Perhaps you could have both services implement an interface, and do something with DI to inject the correct implementation.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Hi Richard, what I do to see if my API service is running is, ping it and if I get a reply create a socket on the port and try to open it
This is the code I use ( which I believe I got from OG years ago )
using System;
using System.Text;
using System.Net;
using System.Net.Sockets;
using System.Runtime.InteropServices;
namespace BOMBuilder
{
public class NetworkUtils
{
private StringBuilder errormessage = new StringBuilder();
private bool portIsOpen = false;
private bool serverIsUp = true;
private bool hasErrors = false;
private bool HasErrors
{
get
{
return hasErrors;
}
set
{
hasErrors = value;
}
}
private bool ServerIsUp
{
get
{
return serverIsUp;
}
set
{
serverIsUp = value;
}
}
private bool PortIsOpen
{
get
{
return portIsOpen;
}
set
{
portIsOpen = value;
}
}
private StringBuilder Errormessage
{
get
{
return errormessage;
}
set
{
errormessage = value;
}
}
public string GetErrorMessage()
{
return Errormessage.ToString();
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi)]
private struct ICMP_OPTIONS
{
public byte Ttl;
public byte Tos;
public byte Flags;
public byte OptionsSize;
public IntPtr OptionsData;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi)]
private struct ICMP_ECHO_REPLY
{
public int Address;
public int Status;
public int RoundTripTime;
public short DataSize;
public short Reserved;
public IntPtr DataPtr;
public ICMP_OPTIONS Options;
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 250)]
public string Data;
}
[DllImport("icmp.dll", SetLastError = true)]
private static extern IntPtr IcmpCreateFile();
[DllImport("icmp.dll", SetLastError = true)]
private static extern bool IcmpCloseHandle(IntPtr handle);
[DllImport("icmp.dll", SetLastError = true)]
private static extern int IcmpSendEcho(IntPtr icmpHandle, int destinationAddress, string requestData, short requestSize, ref ICMP_OPTIONS requestOptions, ref ICMP_ECHO_REPLY replyBuffer, int replySize, int timeout);
public void Ping(IPAddress ip, int port)
{
this.ServerIsUp = false;
this.PortIsOpen = true;
IntPtr icmpHandle = IcmpCreateFile();
ICMP_OPTIONS icmpOptions = new ICMP_OPTIONS();
icmpOptions.Ttl = 20;
ICMP_ECHO_REPLY icmpReply = new ICMP_ECHO_REPLY();
string sData = "x";
IcmpSendEcho(icmpHandle, BitConverter.ToInt32(ip.GetAddressBytes(), 0), sData, (short)sData.Length, ref icmpOptions, ref icmpReply, Marshal.SizeOf(icmpReply), 1);
IcmpCloseHandle(icmpHandle);
ServerIsUp = icmpReply.Status == 0;
Socket s = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
try
{
if (ServerIsUp)
s.Connect(ip, port);
}
catch (SocketException se)
{
PortIsOpen = false;
HasErrors = true;
Errormessage.Append(se.Message);
}
finally
{
if (s.Connected)
s.Disconnect(false);
}
}
public bool ServerIsRunningOn(IPAddress iPAddress, int port)
{
this.Ping(iPAddress, port);
return (this.ServerIsUp && this.PortIsOpen);
}
}
}
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
|
|
|
|
|
I tried that once in a WinForms app, it didn't work very well.
I wrote the same thing, a ping check, but it sort of got unstable as sometimes pings were rejected. I think the webmaster turned off pings after I wrote the code, or it was turned off somewhere in the pipe. It became an issue after I deployed the program in production use.
Then I went to another form of checking, not a ping but a HTTP reply and it worked much better.
My WinForms app already had a qualified DAL and business logic, which worked fine, but the online check is the part that was not stable. Basically what I'm saying is that after you fix the part your working on now, you'll end up revisiting the check part again.
In hindsight, I think bullet proofing the API server and it's controller actions, such as writing very simple code using a model and repository, and load testing that API call is the correct thing to do.
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
Yes I think you're right I should forget about whether I have access to the the internet - like everything these days you're screwed without it - thanks for your time
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
|
|
|
|
|
Face some problem when using checkbox list..
need some help
the checkbox with the text. no matter how i adjust.. it also wont be align...
this is my code:
<asp:CheckBoxList ID="ChkEditAccess" runat="server" OnSelectedIndexChanged="ChkEditAccess_SelectedIndexChanged" AutoPostBack="true" RepeatLayout="Flow" TextAlign="Right" Style="text-align:left;" RepeatDirection="Vertical" CellSpacing="20">
<asp:ListItem >Admin</asp:ListItem>
<asp:ListItem>Report</asp:ListItem>
<asp:ListItem>Dashboard</asp:ListItem>
</asp:CheckBoxList>
the outcome result :
the checkbox and the text, is, not align to center,
the checkbox is slightly higher than the text.
<img src="https://i.postimg.cc/xJZ0ZGpy/OutCome.jpg" alt="Result" >
i try different way. vertical align, text align, align item all dint work...
modified 30-May-20 12:25pm.
|
|
|
|
|
Hi all, I have a net core 3.1 api service which runs perfectly on my Linux dev machine but fails to start on a remote Linux machine with a HTTP/1.1 500 Internal Server Error - I know this a very sweeping error message !! how can I track / catch the exception ? I've tried the usual try catch method but because this doesn't have a front end I don't see any feedback
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
|
|
|
|
|
Do you have access to log in to the remote server? If so, you could try using the dotnet command to run the application from the command line.
Otherwise, you might need to enable detailed errors:
ASP.NET Core Web Host | Microsoft Docs[^]
You can either set the ASPNETCORE_DETAILEDERRORS environment variable to true , or add:
.UseSetting(WebHostDefaults.DetailedErrorsKey, "true") to your host builder.
Handle errors in ASP.NET Core | Microsoft Docs[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Hi Richard, I found the problem it was incorrect access settings to a postgresql database , for some reason my remote Linux box defaults to using IPV6 addresses and I didn't have a rule for that in my pg_hba.conf file - but your information is useful as I need to get a handle on exceptions with web stuff as I've not done much of it. Thanks for your answer.
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
|
|
|
|
|
Hello everybody,
Is there a way to set multiple groups in Active Directory ?
For example :
DirectoryEntry grp;
grp = aduser.Children.Find($"CN={group},OU=Gruppen,OU=FIR", "group")
grp = aduser.Children.Add(group, "group");
|
|
|
|
|
I have a POST method with [FromBody] attribute. I tried to call the same from PostMan. But everytime Postman gives 404 error. The Web Api is not hitting at all. Following is my source code:
[HttpPost]
[Route("api/CustomerService")]
public HttpResponseMessage GetServiceChats([FromBody]string to, string from)
{ }
What I have done is, I added the parameters by Selecting Body-->raw-->JSON options and type the parameters as below:
{
"to" : "919191919191",
"from" : "90909090900"
}
What could be the probable reason? If the same I attached in URL without the FromBody attribute, it works. Please provide any suggestions.
|
|
|
|
|
The [FromBody] attribute is used to read a single simple value from the request body:
Parameter Binding in ASP.NET Web API - ASP.NET 4.x | Microsoft Docs[^]
Given your signature, the from parameter needs to be a query-string parameter, and the request body needs to be simply:
"90909090900"
If you want the API to match the request you've shown, use a model to represent the parameters:
public class ServiceChatsModel
{
public string To { get; set; }
public string From { get; set; }
}
[HttpPost]
[Route("api/CustomerService")]
public HttpResponseMessage GetServiceChats(ServiceChatsModel model)
{
...
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Yes. Thank you Richard. I have done that in the meanwhile,and got it worked.Thank you. Worked both in Postman and Fiddler.
|
|
|
|
|
|
i able to call Get Method.
but fail to call PUT, DELETE Method.
i added in webconfig.
<system.webServer>
<handlers>
<remove name="BlockViewHandler"/>
<add name="BlockViewHandler" path="*" verb="*" preCondition="integratedMode" type="System.Web.HttpNotFoundHandler" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0"/>
<remove name="OPTIONSVerbHandler"/>
<remove name="TRACEVerbHandler"/>
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*."
verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS"
type="System.Web.Handlers.TransferRequestHandler"
preCondition="integratedMode,runtimeVersionv4.0"/>
</handlers>
</system.webServer>
below is my controller code :
[HttpPut]
[Route("api/PutEmployeeGenderEmpCode/{_EmpCode}")]
public void PutEmployeeGenderEmpCode(string _EmpCode)
{
string TempValue = "1";
SqlConnection Conn = new SqlConnection(ConnectionString);
CheckConnectionStatus(Conn);
Conn.Open();
string SQLCommand = "UPDATE [dbo].[M_EMP_MASTER] ";
SQLCommand = SQLCommand + "SET ";
SQLCommand = SQLCommand + "[EMP_GENDER] = '" + TempValue + "' ";
SQLCommand = SQLCommand + "WHERE [EMP_CODE] = '" + _EmpCode + "'";
var cmd2 = new SqlCommand(SQLCommand, Conn);
cmd2.ExecuteNonQuery();
Conn.Close();
Conn.Dispose();
}
when call : this is the error show :
http://localhost:44322/api/PutEmployeeGenderEmpCode/502
General
----------
request URL: https:
Request Method: GET
Status Code: 405
Remote Address: [::1]:44322
Referrer Policy: no-referrer-when-downgrade
Response Header
----------------
allow: PUT
cache-control: no-cache
content-length: 92
content-type: application/xml; charset=utf-8
date: Mon, 18 May 2020 08:39:04 GMT
expires: -1
pragma: no-cache
server: Microsoft-IIS/10.0
status: 405
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-sourcefiles: =?UTF-8?B?QzpcMjAyMFxDQlMyMDAwNCAtIE1PQklMRSAtIFRFU1RcV2ViQVBJXzNcV2ViQVBJM1xXZWJBUEkzXGFwaVxQdXRFbXBsb3llZUdlbmRlckVtcENvZGVcNTAy?=
Request Header
---------------
:authority: localhost:44322
:method: GET
:path: /api/PutEmployeeGenderEmpCode/502
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*
<error>
<message>
The requested resource does not support http method 'GET'.
Thanks in advance..
|
|
|
|
|
feelblue87 wrote: Request Method: GET
You've issued a GET request instead of a PUT request. The error is with your code to call the API, which you haven't shown.
feelblue87 wrote:
string SQLCommand = "UPDATE [dbo].[M_EMP_MASTER] ";
SQLCommand = SQLCommand + "SET ";
SQLCommand = SQLCommand + "[EMP_GENDER] = '" + TempValue + "' ";
SQLCommand = SQLCommand + "WHERE [EMP_CODE] = '" + _EmpCode + "'"; Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.
Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]
[HttpPut]
[Route("api/PutEmployeeGenderEmpCode/{_EmpCode}")]
public void PutEmployeeGenderEmpCode(string _EmpCode)
{
const string SQLCommand = "UPDATE [dbo].[M_EMP_MASTER] SET [EMP_GENDER] = @EmpGender WHERE [EMP_CODE] = @EmpCode";
string TempValue = "1";
using (var conn = new SqlConnection(ConnectionString))
using (var cmd2 = new SqlCommand(SQLCommand, conn))
{
cmd2.Parameters.AddWithValue("@EmpGender", TempValue);
cmd2.Parameters.AddWithValue("@EmpCode", _EmpCode);
CheckConnectionStatus(conn);
conn.Open();
cmd2.ExecuteNonQuery();
}
}
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
hi. I am bigginer.
I want to add button and create event in asp.net.
and how to link sql server
please help
|
|
|
|
|
Get a book and work through the examples or work through one of the many articles here. Once you have learned the basics feel free to ask for help with specific issues you will come across.
Never underestimate the power of human stupidity -
RAH
I'm old. I know stuff - JSOP
|
|
|
|
|