|
CleAkO wrote: I thought we established that all user input is evil and by giving the permission to do this it could be taken advantage of
You can sanitise the data to ensure that necessary tables are not dropped. The table may be dropped as part of a larger overall process and the drop functionality is not initiated by any specific user input.
Good (or best) practice shows ways to do things that that have a higher likelyhood of producing positive results. It does not deny the ability to do anything, it merely suggests better ways of doing things. If you need to drop a table then there are good ways of doing that.
The table name is 128 characters maximum (in SQL Server). If you ensure that all table names are made up of only specific characters (e.g. letters and numbers only) you can remove the possibility of people managing to inject malicious code into the drop statement because you can reject invalid characters. You can also surround your table name in square brackets. You can verify that the table exists prior to issuing the drop by querying the INFORMATION_SCHEMA.TABLES view using a parameterised query.
There are lots of things you can do to ensure that if you do need to drop a table from your application, you do it safely.
|
|
|
|
|
Just DROP the database. However, in order for this to work you need to ensure that no one is already using the database, and that the connection you are using connects to a different database (e.g. Master)
|
|
|
|
|
Sir/Madam
Can i insert the slashes in the textbox (two slashes) for the user to insert the date(day,month,year).
Please help
Thanks and Regards
Pankaj
|
|
|
|
|
Unless something has changed with 2.0, you will have to create a custom control for this. I did something similar but it was kind of ugly by taking 5 textboxes, the 1st, 3rd, and 5th had the appropriate borders blanked out and the 2nd and the 4th contained the slashes then you put them all side by side with no spaces. Then you use an autotab JS function to make it seem as if they are just typing through a mask in the textbox.
It will appear to be a textbox but there has to be a better way.
CleAkO
"I think you'll be okay here, they have a thin candy shell. 'Surprised you didn't know that." - Tommy Boy "Fill it up again! Fill it up again! Once it hits your lips, it's so good!" - Frank the Tank (Old School)
|
|
|
|
|
There is a MaskedTextBox in .Net 2.0 using Visual Studio 2005 that you can use.
|
|
|
|
|
Thank goodness!
CleAkO
"I think you'll be okay here, they have a thin candy shell. 'Surprised you didn't know that." - Tommy Boy "Fill it up again! Fill it up again! Once it hits your lips, it's so good!" - Frank the Tank (Old School)
|
|
|
|
|
if you need those / for date purposes..its easier to declare a date object to collect the information
and asign the input to that variable.. after the variable or object gets the input as string..u format it to represent what u want...
example:
dim TD as Date
TD = textbox1.text
msgbox(TD.tostring("dd/MM/yyyy")
i just use a message box to display the result..but the same applies were ever u use it..
Nab
|
|
|
|
|
Thats true but I think the OP is asking how to display those in the textbox so that someone understands that it is looking for a date.
CleaKO
"I think you'll be okay here, they have a thin candy shell. 'Surprised you didn't know that." - Tommy Boy "Fill it up again! Fill it up again! Once it hits your lips, it's so good!" - Frank the Tank (Old School)
|
|
|
|
|
just use a datetimepicker
Nab
|
|
|
|
|
Sir/Madam,
Can somebody please tell me the meaning of Referential classes and if possible please send the link of code that illustrates the referential classes
Thanks and regards
Pankaj
|
|
|
|
|
Sir/Madam,
I wanted to know the basic meaning of MyBase and one more thing , which is that , I read somewhere MyBase.Finalize Finalize is the destructor , I know but I wanted to know the meaning of MyBase.Finalize.
Please help
Thanks and Regards
Pankaj
|
|
|
|
|
Do you mean myBase[^], or what do you mean?
If MyBase is a class of yours that has a Finalze method, then that method is the finalizer of the class. A finalizer is usually only used as a backup for the Dispose method in a class that implements the IDisposable interface.
(Classes in C++ have destructors, and the same syntax is used for finalizers in C#, but finalizing in .NET works differently from destruction in C++, so I prefer the term finalizer to emphasise the difference).
When an object is about to be garbage collected, and it has a finalizer, the object will instead be placed in a queue of objects to be finalized. A background thread will run the Finalize method of each object in turn, and after that the object can be garbage collected.
---
single minded; short sighted; long gone;
|
|
|
|
|
MyBase refers to the base class that your class inherits from. It's normally used to call methods or set properties, or what have you, that are implemented in the base class.
Public Class MyTextBoxClass
Inherits System.Windows.Forms.TextBox
...
' Sets the location of the top left corner of our TextBox
MyBase.Location = New Point(40,20)
Also, there are no such things as destructors in the .NET Framework. Dispose and Finalize just gives an object it's last chance to clean up any resources it has to before the GC collects the object.
Dave Kreskowiak
Microsoft MVP - Visual Basic
|
|
|
|
|
Sir/madam,
I wanted to know the utility of IDispose interface in the code.Can u please explain with the help of an example.
Thanks and Regards
Pankaj
|
|
|
|
|
Here is a discussion I posted last month.
Implementing Implements System.IDisposable[^]
CleAkO
"I think you'll be okay here, they have a thin candy shell. 'Surprised you didn't know that." - Tommy Boy "Fill it up again! Fill it up again! Once it hits your lips, it's so good!" - Frank the Tank (Old School)
|
|
|
|
|
Sir/Madam,
I was trying a compression program in vb.net.I did it well in C++.But it is not getting possible in vb.net.Can somebody please send the code project link that illustrate the utility of single and double link list
Like the node that contains two sub nodes namely left node and right node.
the left node contains the address and right node too contains the address
in vb.net
Thanks and regards
Pankaj
|
|
|
|
|
i want to create dynamic crystal report.
fields of report will be chosen at the runtime.
|
|
|
|
|
How i create plugins to add to windows media center?
|
|
|
|
|
i have a form which has a groupbox with some labels and buttons
and i want to read this form in xml.i made a xml file but it doesn't work:
<object type="groupbox" name="fralogin">
<object type="commandbutton" name="cmdOk">
<capition value="OK">
<tooltiptext value="">
<object type="commandbutton" name="cmdCancel">
<capition value="Intrerupere">
<tooltiptext value="">
<object type="textbox" name="txtsyskey">
<capition value="">
<tooltiptext value="">
<object type="textbox" name="txtPassword">
<capition value="">
<tooltiptext value="">
<object type="textbox" name="txtUserName">
<capition value="">
<tooltiptext value="">
|
|
|
|
|
What do you expect this xml file to 'do' ? Xml doesn't 'do' anything, it's just a representation of data.
Christian Graus - Microsoft MVP - C++
Metal Musings - Rex and my new metal blog
"I am working on a project that will convert a FORTRAN code to corresponding C++ code.I am not aware of FORTRAN syntax" ( spotted in the C++/CLI forum )
|
|
|
|
|
I am retriving the image file from Database.. I've applied these coding part....So i got these Error...
"Conversion from string "D:\Documents and Settings\somasu" to type 'Integer' is not valid"
Pls help me
Private Sub cmb_id_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmb_id.SelectedIndexChanged
Try
MsgBox(cmb_id.SelectedItem)
con.Close()
con.Open()
cmd = New OleDbCommand("select * from emp_details_tab where emp_id=" & cmb_id.SelectedItem & "", con)
dr = cmd.ExecuteReader()
While dr.Read()
Dim file As String = ("D:\Documents and Settings\somasundaram\My Documents\My Pictures\Srinath.jpg")
Dim MyData() As Byte
MyData = dr("employ_image")
Dim k As Long
k = UBound(MyData)
'Dim fs As New IO.FileStream("D:\Documents and Settings\somasundaram\My Documents\My Pictures\AjayJadeja.jpg", IO.FileMode.OpenOrCreate, IO.FileAccess.Write)
Dim fs As New IO.FileStream(file, FileMode.OpenOrCreate, FileAccess.Write)
fs.Write(MyData, 0, k)
fs.Close()
txt_name.Text = dr.GetValue(1)
txt_address.Text = dr.GetValue(2)
MaskedTextBox1.Text = dr.GetValue(3)
MaskedTextBox2.Text = dr.GetValue(4)
txt_qualify.Text = dr.GetValue(5)
txt_no_yrs_exp.Text = dr.GetValue(6)
txt_worked_exp.Text = dr.GetValue(7)
(ERROR) Emp_image.Image = dr.GetValue(file)
End While
Catch ex As Exception
MsgBox(ex.Message)
Finally
con.Close()
End Try
somasundaram
|
|
|
|
|
I am retriving the image file from Database.. I've applied these coding part....So i got these Error...
"Conversion from string "D:\Documents and Settings\somasu" to type 'Integer' is not valid"
Pls help me
Private Sub cmb_id_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmb_id.SelectedIndexChanged
Try
MsgBox(cmb_id.SelectedItem)
con.Close()
con.Open()
cmd = New OleDbCommand("select * from emp_details_tab where emp_id=" & cmb_id.SelectedItem & "", con)
dr = cmd.ExecuteReader()
While dr.Read()
Dim file As String = ("D:\Documents and Settings\somasundaram\My Documents\My Pictures\Srinath.jpg")
Dim MyData() As Byte
MyData = dr("employ_image")
Dim k As Long
k = UBound(MyData)
'Dim fs As New IO.FileStream("D:\Documents and Settings\somasundaram\My Documents\My Pictures\AjayJadeja.jpg", IO.FileMode.OpenOrCreate, IO.FileAccess.Write)
Dim fs As New IO.FileStream(file, FileMode.OpenOrCreate, FileAccess.Write)
fs.Write(MyData, 0, k)
fs.Close()
txt_name.Text = dr.GetValue(1)
txt_address.Text = dr.GetValue(2)
MaskedTextBox1.Text = dr.GetValue(3)
MaskedTextBox2.Text = dr.GetValue(4)
txt_qualify.Text = dr.GetValue(5)
txt_no_yrs_exp.Text = dr.GetValue(6)
txt_worked_exp.Text = dr.GetValue(7)
(ERROR) Emp_image.Image = dr.GetValue(file)
End While
Catch ex As Exception
MsgBox(ex.Message)
Finally
con.Close()
End Try
I want to join in the website
|
|
|
|
|
somagunasekaran wrote: Emp_image.Image = dr.GetValue(file)
file is a string, as defined previously, that contains the name of the file. The method you call expects an integer, the ordinal position of the column you are trying to retrieve.
I don't know what, exactly, you are trying to achieve at this point. What do you think should be happening on this line?
|
|
|
|
|
Ok what to do???? pls tel me the error...
Emp_image.image=dr.GetValue(file)
this line only Error.. pls tel me ....
file is a pathname...so applied..So u pls correct this code.....pls
somasundaram
|
|
|
|
|
somagunasekaran wrote: Ok what to do???? pls tel me the error...
I've told you the error.
The error is you have put a string where an int was expected.
somagunasekaran wrote: file is a pathname...so applied..So u pls correct this code.....pls
You need to tell me what you EXPECT the code to do. I do not know what you are tying to do. Until you tell me what you are trying to do I cannot help you.
|
|
|
|