|
What!!?
Social Media - A platform that makes it easier for the crazies to find each other.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
He's on second.
Who's on first, I don't know is on third.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
OriginalGriff wrote: He's on second.
Who's on first, I don't know is on third. That's less confusing than the OP's message.
Social Media - A platform that makes it easier for the crazies to find each other.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
Your question is simplistic in the extreme and isn't answerable. It's not even a question.
"How" you "search" is dependent on "what" you're searching through, the functionality and options you want the search to support, the data source you're searching, how you want results returned, any metadata considerations, ...
The quality of the answers you get are directly dictated by the quality of the questions you ask.
|
|
|
|
|
Assuming you have some MySQL database with the appropriate table the codes may look like this:
public List<string> GetAnswers(string question) {
List<string> answers=new List<string>();
string connectionString=@"SERVER=localhost;DATABASE=myDatabase;UID=me;PASSWORD=1234;";
try {
using (MySqlConnection dbCon=new MySqlConnection(connectionString)) {
dbCon.Open();
question=question.Split(';')[0];
string query="SELECT answer FROM AnswersToAllQuestions "+
" WHERE question LIKE '%"+question+"%'";
using (MySqlCommand dbCmd=new MySqlCommand(query, dbCon)) {
using (MySqlDataReader reader=dbCmd.ExecuteReader()) {
while (reader.Read()) {
string answer=(string)reader["answer"];
answers.Add(answer);
}
}
}
dbCon.Close();
}
} catch (Exception exc) {
Console.WriteLine(exc.ToString());
}
return answers;
}
For other databases, some minor modifications would be needed.
Reading an article or a book on database access might be a good starter...
modified 22-Oct-19 16:47pm.
|
|
|
|
|
Luc Pattyn wrote:
question=question.Split(';')[0];
string query="SELECT answer FROM AnswersToAllQuestions "+
" WHERE question LIKE '%"+question+"%'"; No no no no no no no!
There are plenty of ways to exploit that code without having to insert a semi-colon into the string.
Given how simple it is to do the right thing in .NET, it amazes me what lengths people will go to to do it wrong.
using (MySqlConnection dbCon=new MySqlConnection(connectionString)) {
dbCon.Open();
const string query = "SELECT answer FROM AnswersToAllQuestions WHERE question LIKE '%' + @question + '%'";
using (MySqlCommand dbCmd = new MySqlCommand(query, dbCon)) {
dbCmd.Parameters.AddWithValue("@question", question);
using (MySqlDataReader reader = dbCmd.ExecuteReader()) {
while (reader.Read()) {
string answer = (string)reader["answer"];
answers.Add(answer);
}
}
}
}
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Thanks, you're right in principle.
Unfortunately MySQL does not like that approach.
To make it work, one has to settle for something like:
const string query = "SELECT answer FROM AnswersToAllQuestions WHERE question LIKE @question";
using (MySqlCommand dbCmd = new MySqlCommand(query, dbCon)) {
dbCmd.Parameters.AddWithValue("@question", "%"+question+"%");
|
|
|
|
|
|
Super Lloyd wrote: But now if fails That is like the people who post in QA who write, "but it is not working". Unless you provide some details of exactly what is failing then it's anyone's guess what might be happening.
|
|
|
|
|
By "not working" I mean that when I look for an existing user it was previously returning it and now it returns null.
maybe the sysadmin change some AD setting? I am not sure one can search AD properties in the LDAP query without some AD server customisation. Maybe there is an AD settings for that? I wonder if any one knows ....
|
|
|
|
|
Super Lloyd wrote: maybe the sysadmin change some AD setting? Maybe ...
|
|
|
|
|
Odd thing: I have some ToolStripMenuItems in a ContextMenuStrip: when the Text of the item begins with a '#' character, the text appears bolded.
This is an English language app; I'm using the default Segoe 9pt. font in the ContextMenuStrip; items are set to display text only; and, items are checkable.
Seen that one ?
«One day it will have to be officially admitted that what we have christened reality is an even greater illusion than the world of dreams.» Salvador Dali
|
|
|
|
|
Nope. It's just you.
|
|
|
|
|
|
Hi, this a ContextMenuStrip control; the 'RenderMode is set to 'ManagerRenderMode.
thanks, Bill
«One day it will have to be officially admitted that what we have christened reality is an even greater illusion than the world of dreams.» Salvador Dali
|
|
|
|
|
|
Hi, I'd check this out on another computer, if I had another one in use right now. Will post a screen shot soonish. thanks, Bill
«One day it will have to be officially admitted that what we have christened reality is an even greater illusion than the world of dreams.» Salvador Dali
|
|
|
|
|
I get this error message 'Access to the path 'F:\System Volume Information' is denied.' when I run the code below this text.
How can I ignore 'System Volume Information'?
string[] originalFiles = Directory.GetFiles(sourceFolder, "*", SearchOption.AllDirectories);
Array.ForEach(originalFiles, (originalFileLocation) =>
{
FileInfo originalFile = new FileInfo(originalFileLocation);
FileInfo destFile = new FileInfo(originalFileLocation.Replace(sourceFolder, destiniationFolder);
if (destFile.Exists)
{
if (originalFile.Length > destFile.Length)
{
originalFile.CopyTo(destFile.FullName, true);
}
else
{
Directory.CreateDirectory(destFile.DirectoryName);
originalFile.CopyTo(destFile.FullName, false);
}
});
|
|
|
|
|
Add an exception handler to catch that specific exception, like e.g.;
catch (System.UnauthorizedAccessException uax)
{
if (uax.Message.Contains("$Recycle.Bin"))
{
}
}
Also, use a REAL for-each loop so you can continue if you want to skip an item. object.ForEach has its uses, but it is not a replacement for a normal readable loop.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
exception handler does not work. And I don't know how to use object.ForEach.
I have also tried to use LINQ like this but it does work.
string[] originalFiles = Directory.GetFiles(sourceFolder, "*", SearchOption.AllDirectories).Where(f => !f.Contains("System Volume Information").ToString())
Is it possible in this case to use LINQ?
|
|
|
|
|
Member 14055879 wrote: exception handler does not work. It does; since "does not work" can mean anything, I tested it. The framework throws an exception as soon as GetFiles() fails. Meaning that if you try to "GetFiles" on something you don't have access to, it will throw an exception and not return any results.
Member 14055879 wrote: And I don't know how to use object.ForEach. You are already using that; there's a simpeler foreach loop that is almost always more appropriate.
Member 14055879 wrote: Is it possible in this case to use LINQ? No, since the exception will throw in the same place (Directory.GetFiles), and it wouldn't return a result. So filtering that result will still yield nothing.
Simple solution; write your own GetFiles that skips those and that returns the rest as the result. Code below been tested on my machine. Do remember that getting all files and folders from a drive will take "some time" - this might best be done from a separate thread, updating the UI as items are returned.
public Form1()
{
InitializeComponent();
string[] originalFiles = GetNonSystemFiles(@"C:\");
foreach (string originalFileLocation in originalFiles)
{
}
}
string[] GetNonSystemFiles(string path)
{
DirectoryInfo di = new DirectoryInfo(path);
List<string> result = new List<string>();
IEnumerable<DirectoryInfo> folders = null;
try
{
folders = di.EnumerateDirectories("*", SearchOption.TopDirectoryOnly);
}
catch (System.UnauthorizedAccessException uax)
{
System.Diagnostics.Debug.WriteLine("Unauthorized folder for: {0}, ex: {1}", di.Name, uax.Message);
}
if (null != folders)
foreach (DirectoryInfo folder in folders)
{
result.Add(folder.FullName);
if ((folder.Attributes & FileAttributes.System) != FileAttributes.System
&& (folder.Attributes & FileAttributes.Hidden) != FileAttributes.Hidden)
result.AddRange(GetNonSystemFiles(folder.FullName).ToList());
}
IEnumerable<FileInfo> fileInfos = null;
try
{
fileInfos = di.EnumerateFiles("*", SearchOption.TopDirectoryOnly);
}
catch (UnauthorizedAccessException uax)
{
System.Diagnostics.Debug.WriteLine("Unauthorized file for: {0}, ex: {1}", di.Name, uax.Message);
}
if (fileInfos != null)
foreach (FileInfo fileInfo in fileInfos)
{
result.Add(fileInfo.FullName);
}
return result.ToArray();
}
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
You can NOT use SearchOption.AllDirectories. It WILL fail when that search tries to get into folders the user has no access to.
LINQ will not help you get past this problem.
You have to write the code to traverse the directory tree yourself, wrapping the code inside the loop in a try/catch blockto handle the case of a folder not letting the user into it, and get the files in each folder separately.
It would also seem you need to read [^] because you apparently don't know the normal foreach statement even exists.
|
|
|
|
|
As you see in this (working) code excerpt:
if (usedates && d1 != null && d2 != null)
{
qstring.Append($"{dt1}{d1.Value}{dt2}{d2.Value}#");
}
I'm using predefined string constants (dt1, dt2), and parameters (nullable DateTime) passed in (d1, d2).
The thought occurred to me this is a lot like what produces the vulnerability to sql injection. But, perhaps this is comparing apples, and oranges ? After all, there's no equivalent to Commands in the very limited 'RowFilter ops.
p.s. I had to spend a ridiculous amount of time to figure out 'RowFilter syntax: maybe it's me ?
«One day it will have to be officially admitted that what we have christened reality is an even greater illusion than the world of dreams.» Salvador Dali
|
|
|
|
|
The documentation of the syntax is not the best, and it's only on the DataColumn.Expression page:
DataColumn.Expression Property (System.Data) | Microsoft Docs[^]
As far as I'm aware, the filter never goes anywhere near the database; it's only executed locally. And as you say, the syntax doesn't allow for data modification, so the worst that could happen is you'd see the wrong data in the resulting DataView .
Obviously if you're relying on the view to filter out data that the current user shouldn't be allowed to see, that could still be a problem. But that would be a data-disclosure vulnerability, rather than a data-modification vulnerability.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
A filter would only reduce the amount of data, so I see no risk of disclosure at all. Unless the filter itself is buggy of course, or the data is "drowning the fish" (not sure that means in English what it means over here: hide embarrassing info with a pile of data on top of it).
|
|
|
|