|
Thanks, you're right in principle.
Unfortunately MySQL does not like that approach.
To make it work, one has to settle for something like:
const string query = "SELECT answer FROM AnswersToAllQuestions WHERE question LIKE @question";
using (MySqlCommand dbCmd = new MySqlCommand(query, dbCon)) {
dbCmd.Parameters.AddWithValue("@question", "%"+question+"%");
|
|
|
|
|
|
Super Lloyd wrote: But now if fails That is like the people who post in QA who write, "but it is not working". Unless you provide some details of exactly what is failing then it's anyone's guess what might be happening.
|
|
|
|
|
By "not working" I mean that when I look for an existing user it was previously returning it and now it returns null.
maybe the sysadmin change some AD setting? I am not sure one can search AD properties in the LDAP query without some AD server customisation. Maybe there is an AD settings for that? I wonder if any one knows ....
|
|
|
|
|
Super Lloyd wrote: maybe the sysadmin change some AD setting? Maybe ...
|
|
|
|
|
Odd thing: I have some ToolStripMenuItems in a ContextMenuStrip: when the Text of the item begins with a '#' character, the text appears bolded.
This is an English language app; I'm using the default Segoe 9pt. font in the ContextMenuStrip; items are set to display text only; and, items are checkable.
Seen that one ?
«One day it will have to be officially admitted that what we have christened reality is an even greater illusion than the world of dreams.» Salvador Dali
|
|
|
|
|
Nope. It's just you.
|
|
|
|
|
|
Hi, this a ContextMenuStrip control; the 'RenderMode is set to 'ManagerRenderMode.
thanks, Bill
«One day it will have to be officially admitted that what we have christened reality is an even greater illusion than the world of dreams.» Salvador Dali
|
|
|
|
|
|
Hi, I'd check this out on another computer, if I had another one in use right now. Will post a screen shot soonish. thanks, Bill
«One day it will have to be officially admitted that what we have christened reality is an even greater illusion than the world of dreams.» Salvador Dali
|
|
|
|
|
I get this error message 'Access to the path 'F:\System Volume Information' is denied.' when I run the code below this text.
How can I ignore 'System Volume Information'?
string[] originalFiles = Directory.GetFiles(sourceFolder, "*", SearchOption.AllDirectories);
Array.ForEach(originalFiles, (originalFileLocation) =>
{
FileInfo originalFile = new FileInfo(originalFileLocation);
FileInfo destFile = new FileInfo(originalFileLocation.Replace(sourceFolder, destiniationFolder);
if (destFile.Exists)
{
if (originalFile.Length > destFile.Length)
{
originalFile.CopyTo(destFile.FullName, true);
}
else
{
Directory.CreateDirectory(destFile.DirectoryName);
originalFile.CopyTo(destFile.FullName, false);
}
});
|
|
|
|
|
Add an exception handler to catch that specific exception, like e.g.;
catch (System.UnauthorizedAccessException uax)
{
if (uax.Message.Contains("$Recycle.Bin"))
{
}
}
Also, use a REAL for-each loop so you can continue if you want to skip an item. object.ForEach has its uses, but it is not a replacement for a normal readable loop.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
exception handler does not work. And I don't know how to use object.ForEach.
I have also tried to use LINQ like this but it does work.
string[] originalFiles = Directory.GetFiles(sourceFolder, "*", SearchOption.AllDirectories).Where(f => !f.Contains("System Volume Information").ToString())
Is it possible in this case to use LINQ?
|
|
|
|
|
Member 14055879 wrote: exception handler does not work. It does; since "does not work" can mean anything, I tested it. The framework throws an exception as soon as GetFiles() fails. Meaning that if you try to "GetFiles" on something you don't have access to, it will throw an exception and not return any results.
Member 14055879 wrote: And I don't know how to use object.ForEach. You are already using that; there's a simpeler foreach loop that is almost always more appropriate.
Member 14055879 wrote: Is it possible in this case to use LINQ? No, since the exception will throw in the same place (Directory.GetFiles), and it wouldn't return a result. So filtering that result will still yield nothing.
Simple solution; write your own GetFiles that skips those and that returns the rest as the result. Code below been tested on my machine. Do remember that getting all files and folders from a drive will take "some time" - this might best be done from a separate thread, updating the UI as items are returned.
public Form1()
{
InitializeComponent();
string[] originalFiles = GetNonSystemFiles(@"C:\");
foreach (string originalFileLocation in originalFiles)
{
}
}
string[] GetNonSystemFiles(string path)
{
DirectoryInfo di = new DirectoryInfo(path);
List<string> result = new List<string>();
IEnumerable<DirectoryInfo> folders = null;
try
{
folders = di.EnumerateDirectories("*", SearchOption.TopDirectoryOnly);
}
catch (System.UnauthorizedAccessException uax)
{
System.Diagnostics.Debug.WriteLine("Unauthorized folder for: {0}, ex: {1}", di.Name, uax.Message);
}
if (null != folders)
foreach (DirectoryInfo folder in folders)
{
result.Add(folder.FullName);
if ((folder.Attributes & FileAttributes.System) != FileAttributes.System
&& (folder.Attributes & FileAttributes.Hidden) != FileAttributes.Hidden)
result.AddRange(GetNonSystemFiles(folder.FullName).ToList());
}
IEnumerable<FileInfo> fileInfos = null;
try
{
fileInfos = di.EnumerateFiles("*", SearchOption.TopDirectoryOnly);
}
catch (UnauthorizedAccessException uax)
{
System.Diagnostics.Debug.WriteLine("Unauthorized file for: {0}, ex: {1}", di.Name, uax.Message);
}
if (fileInfos != null)
foreach (FileInfo fileInfo in fileInfos)
{
result.Add(fileInfo.FullName);
}
return result.ToArray();
}
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
You can NOT use SearchOption.AllDirectories. It WILL fail when that search tries to get into folders the user has no access to.
LINQ will not help you get past this problem.
You have to write the code to traverse the directory tree yourself, wrapping the code inside the loop in a try/catch blockto handle the case of a folder not letting the user into it, and get the files in each folder separately.
It would also seem you need to read [^] because you apparently don't know the normal foreach statement even exists.
|
|
|
|
|
As you see in this (working) code excerpt:
if (usedates && d1 != null && d2 != null)
{
qstring.Append($"{dt1}{d1.Value}{dt2}{d2.Value}#");
}
I'm using predefined string constants (dt1, dt2), and parameters (nullable DateTime) passed in (d1, d2).
The thought occurred to me this is a lot like what produces the vulnerability to sql injection. But, perhaps this is comparing apples, and oranges ? After all, there's no equivalent to Commands in the very limited 'RowFilter ops.
p.s. I had to spend a ridiculous amount of time to figure out 'RowFilter syntax: maybe it's me ?
«One day it will have to be officially admitted that what we have christened reality is an even greater illusion than the world of dreams.» Salvador Dali
|
|
|
|
|
The documentation of the syntax is not the best, and it's only on the DataColumn.Expression page:
DataColumn.Expression Property (System.Data) | Microsoft Docs[^]
As far as I'm aware, the filter never goes anywhere near the database; it's only executed locally. And as you say, the syntax doesn't allow for data modification, so the worst that could happen is you'd see the wrong data in the resulting DataView .
Obviously if you're relying on the view to filter out data that the current user shouldn't be allowed to see, that could still be a problem. But that would be a data-disclosure vulnerability, rather than a data-modification vulnerability.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
A filter would only reduce the amount of data, so I see no risk of disclosure at all. Unless the filter itself is buggy of course, or the data is "drowning the fish" (not sure that means in English what it means over here: hide embarrassing info with a pile of data on top of it).
|
|
|
|
|
The risk would be if the filter could be manipulated to include additional records in the view - for example, by adding something like OR 1 = 1 to the end.
(I suspect "bury the lead" / "lede" would be the English equivalent of "drowning the fish".)
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
|
thanks ! that's an interesting idiom, Luc; in Thai there's an idiom "a fish drowned in the river," which kind-of refers to a person who is ruined by their own non-righteous actions; I am sure there may be many other subtle "resonances" of this with Theravadan Buddhist, and, other cultural memes/tropes ... that I am not aware of.
if i interpret your idiom as some form of "cover-up," then nothing could be further from the Thai modal behaviors that embody the paragon virtue of always disguising the "real issues" to avoid giving offense, or losing face ... always with a smile ...
«One day it will have to be officially admitted that what we have christened reality is an even greater illusion than the world of dreams.» Salvador Dali
|
|
|
|
|
Unfortunately "drowning the fish" is a widespread practice among a number of our politicians, either in legislation or in budget matters. It is small print without a change in font size...
|
|
|
|
|
thanks !
«One day it will have to be officially admitted that what we have christened reality is an even greater illusion than the world of dreams.» Salvador Dali
|
|
|
|
|
With SQL injection vulnerabilities, manipulated strings are injected. In your example, you use DateTime? variables on which .ToString( ) is called. For SQL injection to work, that ToString() call must result in some "bad" result like '; DROP TABLE STUDENTS; - that's not possible.
On the other hand, if your input are arbitrary plain strings, the user could inject such bad strings. But if, as others pointed out, the query is not sent to the database, only executed locally, also that does not matter anymore.
Oh sanctissimi Wilhelmus, Theodorus, et Fredericus!
|
|
|
|