|
I think he is asking how to put his new button class into a DLL for reuse and distribution.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
I want to show user detailed information something like user account .username that can be get by session...but I want show in a page like that
Firstname:"the account holder firstname" dob:"date of birth"
like that .not only the username
krishnendu nandi
|
|
|
|
|
Please stop reposting questions. People here are volunteers and will help you when they can get to it.
|
|
|
|
|
Get the username/userid from session in pageload
Pass the username or userid to the Database and retrieve the values.
Assign it to appropriate controls
You have to learn to think like a computer or teach him to think like a human.
-Kornfeld Eliyahu Peter
|
|
|
|
|
|
|
First you'd need to define what an "activity" is; it's fairly easy to monitor for inactivity, like say a screensaver. It's harder to determine whether someone is actively using a terminal - there might not be mouse-movements nor keypresses for a longer period during a presentation. One could monitor the usage of files, or of the CPU, or the internetz..
It's also quite easy to *fake* activity, if one would want to. Even the beloved game called "Patience" would count as an activity
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
|
Don't repost.
Those who fail to learn history are doomed to repeat it. --- George Santayana (December 16, 1863 – September 26, 1952)
Those who fail to clear history are doomed to explain it. --- OriginalGriff (February 24, 1959 – ∞)
|
|
|
|
|
Gosh - you asked your question and didn't receive an answer within 10 minutes, so you asked it again? Next you'll be creating an URGENTZ post!
=========================================================
I'm an optoholic - my glass is always half full of vodka.
=========================================================
|
|
|
|
|
protected void GridView2_SelectedIndexChanged(object sender, EventArgs e)
{
if (GridView2.SelectedIndex == 0)
{
ada = new SqlDataAdapter("select m.member_code,m.Subscriber_code,m.SSN,m.First_name,m.Last_name from member m inner join subscribers s on m.Subscriber_Code=s.Subscriber_Code where m.Subscriber_Code='000000001'", cnn);
}
if (GridView2.SelectedIndex == 1)
{
ada = new SqlDataAdapter("select m.member_code,m.Subscriber_code,m.SSN,m.First_name,m.Last_name from member m inner join subscribers s on m.Subscriber_Code=s.Subscriber_Code where m.Subscriber_Code='000000002'", cnn);
}
if (GridView2.SelectedIndex == 2)
{
ada = new SqlDataAdapter("select m.member_code,m.Subscriber_code,m.SSN,m.First_name,m.Last_name from member m inner join subscribers s on m.Subscriber_Code=s.Subscriber_Code where m.Subscriber_Code='000000003'", cnn);
}
if (GridView2.SelectedIndex == 3)
{
ada = new SqlDataAdapter("select m.member_code,m.Subscriber_code,m.SSN,m.First_name,m.Last_name from member m inner join subscribers s on m.Subscriber_Code=s.Subscriber_Code where m.Subscriber_Code='000000004'", cnn);
}
if (GridView2.SelectedIndex == 4)
{
ada = new SqlDataAdapter("select m.member_code,m.Subscriber_code,m.SSN,m.First_name,m.Last_name from member m inner join subscribers s on m.Subscriber_Code=s.Subscriber_Code where m.Subscriber_Code='000000005'", cnn);
}
if (GridView2.SelectedIndex == 5)
{
ada = new SqlDataAdapter("select m.member_code,m.Subscriber_code,m.SSN,m.First_name,m.Last_name from member m inner join subscribers s on m.Subscriber_Code=s.Subscriber_Code where m.Subscriber_Code='000000006'", cnn);
}
DataTable dt = new DataTable();
ada.Fill(dt);
GridView1.DataSource = dt;
GridView1.DataBind();
|
|
|
|
|
It's still unclear what you are trying to accomplish. The only thing I got from this is you have GridView1 and GridView2 and on SelectedIndexChanged event of GridView2, you are updating GridView1.
Can you try to explain where are you stuck and what have you tried?
Whether I think I can, or think I can't, I am always bloody right!
|
|
|
|
|
Why not use language features to simplify your code, rather than all these if statements with most of the same information repeated.:
string sqlCommand = string.Format("select m.member_code,m.Subscriber_code,m.SSN,m.First_name,m.Last_name from member m inner join subscribers s on m.Subscriber_Code=s.Subscriber_Code where m.Subscriber_Code='{0:000000000}'", GridView2.SelectedIndex + 1);
ada = new SqlDataAdapter(sqlCommand, cnn);
That works for all values of the selected index.
|
|
|
|
|
Please don't suggest using string-concatenation, string.Format , or a StringBuilder to build a SQL query, even in simple cases where the only parameter is a number.
string sqlCommand = "select m.member_code, m.Subscriber_code, m.SSN, m.First_name, m.Last_name from member m inner join subscribers s on m.Subscriber_Code = s.Subscriber_Code where m.Subscriber_Code = @Code";
ada = new SqlDataAdapter(sqlCommand, cnn);
ada.SelectCommand.Parameters.AddWithValue("@Code", (GridView2.SelectedIndex + 1).ToString("000000000"));
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
modified 17-Apr-14 11:49am.
|
|
|
|
|
You obviously have no idea what string concatenation means.
|
|
|
|
|
Doesn't it simply mean that you add two strings together?
static void Main(string[] args)
{
string param = "';GO;DROP TABLE Members;--Have a nice day!";
string sqlCommand = string.Format("select m.member_code,m.Subscriber_code,m.SSN,m.First_name,m.Last_name from member m inner join subscribers s on m.Subscriber_Code=s.Subscriber_Code where m.Subscriber_Code='{0:000000000}'", param);
Console.WriteLine(sqlCommand);
Console.ReadKey();
}
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Richard MacCutchan wrote: You obviously have no idea what string concatenation means.
And you obviously have no idea how to write a SQL query!
Just because you're using string.Format to build your dynamic SQL rather than concatenating strings, that doesn't mean it's not susceptible to SQL injection. The ONLY way to avoid SQL injection is to use parameterized queries.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Sorry, but you obviously do not understand how SQL injection works. The command I provided to OP was in no way susceptible.
|
|
|
|
|
Richard MacCutchan wrote: you obviously do not understand how SQL injection works
And you "obviously do not understand" how a civilized conversation works! Let's agree to drop the insults and concentrate on the code.
The problem is not that the query you posted is susceptible to SQLi; the problem is that it encourages users to think that string.Format is a good way to build any SQL query, without understanding the details of why your particular query is immune. They will then use your code sample as the definitive way of putting parameters into a SQL query, which will result in SQLi vulnerabilities in their code.
It's not difficult to use parameterized queries in ADO.NET, so there's no reason not to use them for every query, even when you're absolutely certain that string.Format or string concatenation would not introduce a vulnerability.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Richard Deeming wrote: And you "obviously do not understand" how a civilized conversation works! Sorry, but I did not start this.
Richard Deeming wrote: it encourages users to think that string.Format is a good way to build any SQL query, without understanding the details of why your particular query is immune. No, it does nothing of the sort. It is a single example of how a string.Format statement can be used to create a string when a variable value is to be inserted at a particular point. You chose to make an assumption which has nothing to do with what I wrote, in particular the fact that inserting a formatted digit into a string has in no way anything to do with SQL injection.
|
|
|
|
|
Richard MacCutchan wrote: Sorry, but I did not start this.
Richard MacCutchan wrote: You obviously have no idea what string concatenation means.
That looks like the start to me, but whatever gets you through the day.
Richard MacCutchan wrote: It is a single example of how a string.Format statement can be used to create a string when a variable value is to be inserted at a particular point.
I'll assume you've never heard of Cargo cult programming[^] then?
Whenever you give a novice developer a "single example", particularly where you've taken a shortcut because you know that this particular example doesn't necessarily need the full and correct approach, that example will get copied and adapted by people who have no idea what the correct approach is, and don't understand the limitations of your shortcut. Before you know where you are, that "single example" is littered throughout their code-base, and used in ways that will introduce SQLi vulnerabilities.
The simplicity of using parameterized queries in ADO.NET means that there is never an excuse for doing it the "wrong" way, even in a short throwaway example, even if you are absolutely certain that your example is invulnerable to SQLi.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
|
Something like ...
if (gridView1[0][2].Value == gridView2[0][2].Value)
|
|
|
|
|
I want to make a page where user can upload photos like a photogallery ..how can i implement that ..if that user have a particular profile picture what is the implementation?
|
|
|
|
|
|