|
The first problem is that you're using string concatenation instead of parameterized queries like you're supposed to with ADO.NET. But instead of of ranting on for the thousandth time about it, read http://www.codeproject.com/script/comments/forums.asp?msg=932507&forumid=1649#xx932507xx[^]. Not only is it a HUGE security hole (especially since you're kind enough to give crackers system administrator access), but it also leads to problems like you're probably running into; of course, without the actual exception and exception message - like Christian mentioned - it's not easy to help you.
More than likely username has a quote in it. That's the first step in cracking your source and dropping your tables / stealing credits cards / impersonating identities / etc., by the way.
Another problem I see with your code - though not the problem since you said it's failing on OdbcDataAdapter.Fill - is that you never check for null . What if row[0] is null? null.ToString throws the most common NullReferenceException . So does table.Rows if ds.Tables[0] doesn't exist (not to mention a possible IndexOutOfRangeException if not results were returned by your query). Always reasonably check for null references (like checking i.ToString in int i = 0; i.ToString().Trim(); isn't necessary since you know that it will always return "0").
The biggest piece of advice out of all this is...never trust user input. Always validate and never assume to check for problems.
Using parameterized queries eliminates almost all SQL injection problems, especially when using data store-specific ADO.NET drivers like System.Data.SqlClient for SQL Server or System.Data.Oracle for Oracle systems, that support parameters anyway.
This posting is provided "AS IS" with no warranties, and confers no rights.
Software Design Engineer
Developer Division Sustained Engineering
Microsoft
[My Articles]an>
[My Articles]
|
|
|
|
|
Hello,
I'm working on a small project and I have to search ArrayList that contains simple object list. This is my object:
public class NameValue
{
private string strName;
private string strValue;
public NameValue( string sNameValuePair )
{
StringTokenizer tok = new StringTokenizer( sNameValuePair, "=" );
this.strName = tok.nextElement().Trim();
this.strValue = tok.nextElement().Trim();
}
private void splitName( StringTokenizer tok )
{
this.strName = tok.nextElement();
string temp = this.strName;
}
public string Name
{
get { return strName; }
set { strName = value; }
}
public string Value
{
get { return strValue; }
set { strValue = value; }
}
}
This is code where I call BinarySearch method:
public ArrayList AddPairToList( string sNameValuePair )
{
int nPos;
NameValue nv = new NameValue( sNameValuePair );
SortByName();
nPos = a.BinarySearch( nv, new CompareCustomDataType() );
if( nPos < 0 )
{
a.Add( nv );
}
else
{
MessageBox.Show( "The item you tried to add to the list already exist!" );
}
return GetCurrentList();
}
And this is my CompareCustomDataType class:
public class CompareCustomDataType : IComparer
{
public int Compare( object x, object y )
{
if (x == null) return -1;
if (y == null) return 1;
NameValue xNameValue = (NameValue) x;
NameValue yNameValue = (NameValue) y;
if( xNameValue.Name.CompareTo( yNameValue.Name ) > 0 )
{
return 1;
}
else if( xNameValue.Name.CompareTo( yNameValue.Name ) < 0 )
{
return -1;
}
return String.Compare( xNameValue.Value, yNameValue.Value );
}
}
However, it doesn't work properly. Actually, my list seems like this:
Australia = Canberra
Austria = Wiena
Canada = Toronto
Canada = Ottawa
...
When I try to add some pair to the list and if only unique pair already exist in the list (when I say unique pair I mean only one pair with unique name and unique value such as: Australia, Canberra) everything works fine, but when I try to add some pair to the list that already exist and if it is not unique pair (when I say "it is not unique pair" I mean I have pairs with the same name and different values such as: Canada, Toronto; Canada, Ottawa), first couple of times I get proper message "The item you tried to add to the list already exist!". After that, the object that already exist is added to the list and I have duplicate...
Would you be so kind to help me to fix this problem...
Thank you in advance,
Goran Tesic
|
|
|
|
|
For starters, you don't need a complex StringTokenizer (from wherever you're getting it). All you need is String.Split for such a simple operation (to split on "="). Also, when defining your own classes, it's better to implement IComparable in most cases so that clients of your class don't have to worry about including an appropriate IComparer implementation. This also gives you access to the private variables which uses fewer instructions when compiled (a field need only be pushed on the stack instead of pushing 'this' on the stack and calling the get accessor, which must push the field onto the stack and return).
As for the actual problem you'd have to step through your code in a debugger (which VS.NET is, of course). I don't see anything wrong off-hand. Are you sure you posted the sample correctly (i.e., sometimes people post examples of their code that actually don't contain the problem while their original source does). Then again, it's been a long day.
Anyway, here's an example of some of the things I mentioned above. I just threw it together quick, but it should hopefully give you an idea about encapsulating functionality like comparisons, string representations, and more when defining your own type:
using System;
using System.Collections;
using System.IO;
public class NameValuePair : IComparable
{
string name;
string value;
public NameValuePair(string pair)
{
if (pair == null) throw new ArgumentNullException("pair");
string[] arr = pair.Split('=');
if (arr.Length != 2) throw new ArgumentException("Invalid format.", "pair");
name = arr[0].Trim();
value = arr[1].Trim();
}
public string Name
{
get { return name; }
set { name = value; }
}
public string Value
{
get { return value; }
set { this.value = value; }
}
public override string ToString()
{
return name + "=" + value;
}
int IComparable.CompareTo(object obj)
{
NameValuePair pair = obj as NameValuePair;
if (pair != null)
{
int retval = string.Compare(name, pair.name);
if (retval == 0)
retval = string.Compare(value, pair.value);
return retval;
}
return 1;
}
static void Main()
{
UniqueList list = new UniqueList();
string[] values = new string[]
{
"Australia=Canberra",
"Austria=Wiena",
"Canada=Toronto",
"Canada=Ottawa",
"Austria=Wiena"
};
foreach (string value in values)
{
try
{
NameValuePair pair = new NameValuePair(value);
list.Add(pair);
}
catch
{
Console.Error.WriteLine(@"""{0}"" is not unique", value);
}
}
Console.WriteLine("The list contains:");
list.Print(Console.Out);
}
}
class UniqueList : ArrayList
{
public override int Add(object value)
{
int pos = BinarySearch(value, Comparer.Default);
if (pos >= 0) throw new ArgumentException("Not unique", "value");
return base.Add(value);
}
internal void Print(TextWriter writer)
{
foreach (object value in this)
writer.WriteLine(value);
}
}
This posting is provided "AS IS" with no warranties, and confers no rights.
Software Design Engineer
Developer Division Sustained Engineering
Microsoft
[My Articles]
|
|
|
|
|
Thank you very much for your efforts to help me...
I considered your code and I found that's very useful...
Of course, I used debugger...
I'm gonna reveal some another "suspected" parts of my source code:
public ArrayList SortByName()
{
a.Sort( new GenericSort( "Name", "ASC" ) );
return GetCurrentList();
}
public class GenericSort : IComparer
{
string strSortMethodName;
string strSortOrder;
public GenericSort( string strSortMethodName, string strSortOrder )
{
this.strSortMethodName = strSortMethodName;
this.strSortOrder = strSortOrder;
}
public int Compare( object x, object y )
{
IComparable ic1 = (IComparable)x.GetType().GetProperty( strSortMethodName ).GetValue( x, null );
IComparable ic2 = (IComparable)y.GetType().GetProperty( strSortMethodName ).GetValue( y, null );
if( strSortOrder != null && strSortOrder.ToUpper().Equals( "ASC" ) )
return ic1.CompareTo( ic2 );
else
return ic2.CompareTo( ic1 );
}
}
What do you think of this?
Thank you for your time...
|
|
|
|
|
Tesic Goran wrote:
What do you think of this?
I still think you should implement IComparable on your type. Do you honestly want to have to remember - or force other client code to remember - to instantiate your IComparer implementation each time and pass it to methods that require it? Seriously - just implement IComparable . Since you're defining the type from scratch it's much easier and makes your type more robust.
This posting is provided "AS IS" with no warranties, and confers no rights.
Software Design Engineer
Developer Division Sustained Engineering
Microsoft
[My Articles]
|
|
|
|
|
Ok...
My problem is solved...
Actually, I used one IComparer derived class to sort the ArrayList (GenericSort) and another one for BinarySearch function (CompareCustomDataType)...
And, finally, I'm gonna implement IComparable interface on my type...
Definitely, your suggestions are very useful...
Thanks for your help,
Goran Tesic
|
|
|
|
|
Im using the WIA Scripting wrapper from CP and I got my wizard to successfully recognize when a camera is connected. Is there a proramatic way for me to disable to windows cam/scan wizard from automatically starting.
The non-programmatic solution is to go to the device properties when the device is connected and in the events tab specify to take no action.
I've ran regmon to determine what registry keys are affected when event handler is disabled. I found out that the data is stored at this location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
For each device there is a folder like: 0001 0002 0003
There's a way of specifying the DefaultHandler which tells the OS which one to use. I've tried to duplicate what the OS does to set this option but I've had no success. It works when the OS does it by itself, but not when I repeat what the OS does.
If anyone has a clue about doing something like this please help... thanks.
|
|
|
|
|
Hi,
I'm unable to get my column headers to look decent when the column's column needs to be right-aligned. The text is clipped to the right. If I DO have to paint the header myself to avoid this problem can someone point me to an example anywhere?
thanks,
Deanna
|
|
|
|
|
Reading the documentation for the DataGridColumnStyle Class[^] would be the best place to start. You might notice it has a Paint Method[^] you can override.
If you don't want to handle all the edits yourself, extend the DataGridTextBoxColumn then just override the Paint method to fix the RTL alignment issues, though to be honest I've never seen any problem with clipping. Do you mean that both the column header and the column data are right-aligned and you don't want the header text right-aligned? Overriding Paint and drawing only the bounds that covers the header text (calling base.Paint for everything else) is the best way to overcome the problem.
This posting is provided "AS IS" with no warranties, and confers no rights.
Software Design Engineer
Developer Division Sustained Engineering
Microsoft
[My Articles]
|
|
|
|
|
I'd already looked at that example, but the OnPaint for the column is called for each row. Do I have to paint the header everytime a row is painted? Seems like overkill.
thanks,
Deanna
|
|
|
|
|
OnPaint gets called for every row regardless of what you draw. Painting doesn't happen magically on computers. Whenever a portion of the screen is invalidated - or just because the window manager deems it necessary for other reasons - painting is induced. You only need to worry about painting anything when the clipping rectangle includes any portion of your header. Otherwise, just call base.OnPaint and pass it all the parameters that were passed to you so that the base class can paint everything else.
This posting is provided "AS IS" with no warranties, and confers no rights.
Software Design Engineer
Developer Division Sustained Engineering
Microsoft
[My Articles]
|
|
|
|
|
Hello
i want to install the short cut manager from this http://www.snapfiles.com/get/pocketpc/shortcutman.html site but when i tried to install it the following error occurs on the PocketPc:
Setup-Error
PpcMasters ShortcutsManager
could not be installed.
Please execute Setup once more. (i translated it in english)
Can anybody help me with this problem? - or knows any alternatives?
thanks in advance.
regards
patrick
|
|
|
|
|
If you have a question specific to a project or application, you need to ask the authors of the project or application. Following the link you posted, it was immediately clear that PPC Masters[^] was the author and a link to their web site. Upon clicking that I say Support[^] right away.
These forums are not for product-specific question (most often), and even if you have questions about articles on this site you need to ask at the bottom of the article where there's a message board similar to these forums for that very use.
This posting is provided "AS IS" with no warranties, and confers no rights.
Software Design Engineer
Developer Division Sustained Engineering
Microsoft
[My Articles]
|
|
|
|
|
This forum is for C#, a language designed for the .NET Framework. You're talking about native C++, so you'll want the Visual C++ forum.
This posting is provided "AS IS" with no warranties, and confers no rights.
Software Design Engineer
Developer Division Sustained Engineering
Microsoft
[My Articles]
|
|
|
|
|
I was interested in how Microsoft implemented DoubleBuffer (Control.SetStyle(ControlStyles.DoubleBuffer,true)). I found class such as System.Windows.Forms.GraphicsBuffer and GraphicsBufferManager which are used by Control.WmPaint to perform DoubleBuffer effect. I was blindsided that GraphicsBuffer is created each time WM_Paint is received and the memory is allocated by calling CreateDIBSection. I think this is really wasting of resources
Do you know something about performance cost ?
Wizard_01
|
|
|
|
|
And this is exactly what needs to be done. The secondary bitmap needs to be created each time (or at least cleared, but there's not really any performance benefit to that for simple compat bitmaps). Just because a class is being instantiated in .NET doesn't mean it's a heavy object. Many times it simply encapsulates an HDC or something and contains few to no fields (fields are what consume memory - not methods). The methods are just gravy, so to speak. They act on the fields (or other data passed to them), so if they are wrapping an HDC for a compat bitmap in order to run methods on it (encapsulation), then it's make it easier to use within code. Why duplicate all that code when you can have an encapsulating class handle it. That's what encapsulation's all about.
If you haven't implemented double buffering natively, I suggest you give it a try. This may shed some light on what's going on exactly.
Note that in some platforms and frameworks like DirectX, flipping buffers often yields better performance but both buffers (can be more than two, too) are typically "heavier" objects with transformations tied to them (it greatly depends on how you develop such code), so clearing them after flipping (or before) is better.
This posting is provided "AS IS" with no warranties, and confers no rights.
Software Design Engineer
Developer Division Sustained Engineering
Microsoft
[My Articles]
|
|
|
|
|
I didnt say its the heavy object but allocation of the memory could be the problem. So what is faster? Alloc 800x600x3bytes or fill the block of memory with zero ? I think the second one.
Wizard_01
|
|
|
|
|
IDGenerator.cs
--------------
public class IDGenerator {
int min, max;
public IDGenerator () {
this.min = 1000000;
this.max = 9999999;
}
public string GetID () {
Random r = new Random(unchecked((int)DateTime.Now.Ticks));
String myNumber = r.Next(min,max).ToString("00000");
r = null;
return myNumber;
}
}</
MyMath.cs
---------
class MyMath {
public static void Main() {
IDGenerator MyGenerator = new IDGenerator();
for (int x = 0; x < 5; x++) {
Console.WriteLine ("Random Number " + x + ": " + MyGenerator.GetID());
}
}
}
I am using above code to create 5 random numbers... however my results are like below:
Random Number 0: 3838931
Random Number 1: 1684909
Random Number 2: 1684909
Random Number 3: 1684909
Random Number 4: 1684909
any idea what is wrong with my code?
Thanks...
regards,
vic
|
|
|
|
|
Simple. Your creating a new Random number generator with each invocation of .GetID() and in creating that generator, your seeding the RNG with the current time, in Ticks. What your doing is telling the new random number generator to start with the seed value and generate a REPRODUCABLE string of numbers. What you should be doing in your IDGenerator class is declaring a class level Random , initializing it once, and using it's .Next method on each call to .GetID() .
public class IDGenerator
{
int min, max;
Random r = new Random(unchecked((int)DateTime.Now.Ticks));
public IDGenerator ()
{
this.min = 1000000;
this.max = 9999999;
}
public string GetID ()
{
String myNumber = r.Next(min,max).ToString("0000000");
return myNumber;
}
}
Also, random numbers are not guaranteed to be unique during the life of the generator, so review your policies on what this function will acceptibly return. It's entirely possible that it could return the same number twice (or more) in a row.
RageInTheMachine9532
"...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
|
|
|
|
|
The following works for me:
int min = 1000000, max = 9999999;
Random r = new Random();
for(int i = 0; i < 5; i++)
{
Console.WriteLine(r.Next(min, max));
}
- Nick Parker My Blog | My Articles
|
|
|
|
|
I need to know how to keep the navigation in the same window using the WebBrowser Control. It's NewWindow event does not have the URL in it. I read about SHDocVw.WebBrowser_V1, interface, which has a better NewWindow event, but I don't know how to make the cast from the WebBrowser control in C#. I've noticed that the msdn article on this is in VB. Thanks.
|
|
|
|
|
|
I’m having trouble finding a clear answer to my question regarding visual inheritance and MDI children. I have made several dialog style forms/apps which were derived from a master template form (dll) – that works great, but I want to take it a step further. My next step was to create a MDI style application using visual inheritance for each child window. Just for information - I’m writing this in VS ver7 (C# base).
So, some questions:
1. Can I make a MDI application into which each child is a based on a master “template” form (dll). My hope is that each child would be its own DLL – easing future modifications and upgrades. Can this be done with .net’s virtual inheritance?
2. If this is possible, is there a way I can dynamically add new children DLL’s (which are visually derived from a master template form) to the MDI application without recompiling the base MDI application (that would be my dream)? Each new child would add new functionality to the core application – but maintain the same base “look”. Obviously this would take some coding, but is this possible?
If you have some ideas, experience, or know of any examples to either of my questions – please feel free to share your ideas.
|
|
|
|
|
rolst5 wrote:
Can this be done with .net’s virtual inheritance?
Do you mean visual inheritence? Yes, it can.
MDI child forms are just that - Form derivatives. So, you can extend the Form class with your own then extend that "template" with other classes. Make sure that any members - including controls - are protected if you want to modify them in derivative classes. These can be in separate assemblies as well, but the assembly that contains the base class must first be compiled before Visual Studio will let you extend it through the visual inheritence wizard.
Also, you cannot have circular references in Visual Studio (it's possible on the command line, but a pain), so define your base class in a separate assembly (project) apart from your main application that defines the MDI parent form.
If you want to dynamically reference assemblies that contain different types of MDI child forms, there's a vast number of articles on this site regarding plug-ins. Just search for "plug-ins". There's a great many ways of locating plug-ins from enumerating files in a particular directory to loading well-defined types from the application's .config file.
This posting is provided "AS IS" with no warranties, and confers no rights.
Software Design Engineer
Developer Division Sustained Engineering
Microsoft
[My Articles]
|
|
|
|
|
I am trying to start Excel through code. My objective is to start excel and load a Addin called TM1. If i go in through explorer and click on this Addin(.xla) it connects to a datawarehouse and adds a menu item in excel called Tm1.
Well here is the code that I am using to accomplish the above tasks:
try
{
//create a new excel app.
_newApp = new Excel.Application();
_newApp.Visible = true;
_newApp.AddIns.Add("C:\\Applix\\Integra\\bin\\tm1p.xla","C:\\Applix\\Integra\\bin\\tm1.xla");
_userBook = (Excel._Workbook)_newApp.Workbooks.Add("C:\\Inetpub\\wwwroot\\ExcelAddinExample\\ExcelTemplates\\01_fsTemplate_orig.xls");
_tm1Book = _newApp.Workbooks.Open("C:\\Applix\\Integra\\bin\\tm1.xla",0,false,5,"","",true,
Excel.XlPlatform.xlWindows,"\t",false,false,0,false,null,null);
//try to call the copnnect routine;
_newApp.Run("N_Connect","toad","bisu","GBA03",null,null,null,null,null,null
,null,null,null,null,null,null,null,null,null,null,null,null,
null,null,null,null,null,null,null,null,null);
}
Well my code is failing at the Addins.Add() line. What am i doing wrong.
Thanks for any help.
|
|
|
|
|