|
Here's another SQL Injection reference, in case you weren't convinced by the other messages:
http://www.troyhunt.com/2013/07/everything-you-wanted-to-know-about-sql.html[^]
To fix your code:
command.CommandText = "update membercars set make = @make, model = @model, color = @color, tag = @tag, memberid = @memberid where serial = @serial";
command.Parameters.AddWithValue("@make", txtmake.Text)
command.Parameters.AddWithValue("@model", txtmodel.Text)
command.Parameters.AddWithValue("@color", txtcolor.Text)
command.Parameters.AddWithValue("@tag", txttag.Text)
command.Parameters.AddWithValue("@memberid", txtserial.Text)
command.Parameters.AddWithValue("@serial", txtcarserial.Text)
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
This is your query btw (changed layout for readabillity);
update membercars
set make= '1'
, model= 'super'
, color= 'green'
, tag= 'Youre it!'
, memberid= txtserial
where serial = txtcarserial
and serial = txtserial If txtcarserial and txtserial do not match, no records will be returned. The SQL query syntax is the same, regardless of the calling language.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Thank you so much guys. It worked and it's much easier than the method that i wrote before.
cmd.Connection = mcon
cmd.CommandText = "update membercars set make=@make, model=@model, color=@color, tag= @tag where memberid=@memberid;"
cmd.Parameters.AddWithValue("@make", txtmake.Text)
cmd.Parameters.AddWithValue("@model", txtmodel.Text)
cmd.Parameters.AddWithValue("@color", txtcolor.Text)
cmd.Parameters.AddWithValue("@tag", txttag.Text)
cmd.Parameters.AddWithValue("@memberid", txtserial.Text)
cmd.ExecuteNonQuery()
Just one more question. I am writing an insert query.
cmd.CommandText = "insert into membercars(make, model, plate, color, tag) values (@make, @model, @plate, @color, @tag) where memberid=@memberid;"
cmd.Parameters.AddWithValue("@make", txtmake.Text)
cmd.Parameters.AddWithValue("@model", txtmodel.Text)
cmd.Parameters.AddWithValue("@plate", txtplate.Text)
cmd.Parameters.AddWithValue("@color", txtcolor.Text)
cmd.Parameters.AddWithValue("@tag", txttag.Text)
cmd.Parameters.AddWithValue("@memberid", txtserial.Text)
cmd.ExecuteNonQuery()
it's giving me an eror: incorrect syntax near where. what's the error?
|
|
|
|
|
Member 10506215 wrote: what's the error? An INSERT does not contain a WHERE -clause. What would/should the "where" do? Syntax can be found here[^].
Get a good book on SQL; this looks like trial and error.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
i'll tell you the details.
i have 2 tables: members and membercars. i need to be able to add more than one car for one member. so i thought if i added the second car, and i put a condition--where memberid=txtserial.text--the memberid is for the membercars and the txtserial.text is the serial for a member(autincremented).
So any suggestions?
|
|
|
|
|
You can't use the "where" clause in an insert. The computer will simply not accept it, regardless of your intention. (Yes, it does accept it in a subselect, but that is not the case here)
CAR
carId
PERSON
personId
CAROWNERS
carId
personId
Or, with data;
CAR
12
14
167
PERSON
A
B
C
CAROWNERS
12, A
167, A
14, B
If you want to register a car to a person, insert a record into "CAROWNERS" containing both Id's.
Member 10506215 wrote: so i thought if i added the second car, and i put a condition That's not how it works; commands have a specific syntax, you don't make one up and assume it works.
Get a book on SQL. Get it today, before I see a question on joining those records back together.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Done
i need to add multiple cars for just one member. Here is my code for saving cars:
Dim cmd As New SqlCommand
cmd.Connection = mcon
cmd.CommandText = "insert into membercars(serial, memberid, make, model, plate, color, tag) values (@serial, @memberid, @make, @model, @plate, @color, @tag);"
cmd.Parameters.AddWithValue("@serial", txtserial.Text)
cmd.Parameters.AddWithValue("@memberid", txtserial.Text)
cmd.Parameters.AddWithValue("@make", txtmake.Text)
cmd.Parameters.AddWithValue("@model", txtmodel.Text)
cmd.Parameters.AddWithValue("@plate", txtplate.Text)
cmd.Parameters.AddWithValue("@color", txtcolor.Text)
cmd.Parameters.AddWithValue("@tag", txttag.Text)
cmd.ExecuteNonQuery()}
fillgrid()
And this for saving mambers:
cmd.Connection = mcon
strsql = "insert into members "
strsql = strsql & "(name, "
strsql = strsql & "familyname, "
strsql = strsql & "address, "
strsql = strsql & "mobile, "
strsql = strsql & "phone, "
strsql = strsql & "fax, "
strsql = strsql & "email, "
strsql = strsql & "space, "
strsql = strsql & "timezone, "
strsql = strsql & "website) "
strsql = strsql & "values ('" & txtname.Text & "', "
strsql = strsql & "'" & txtfamilyname.Text & "', "
strsql = strsql & "'" & txtaddress.Text & "', "
strsql = strsql & "'" & txtmobile.Text & "', "
strsql = strsql & "'" & txtphone.Text & "', "
strsql = strsql & "'" & txtfax.Text & "', "
strsql = strsql & "'" & txtemail.Text & "', "
strsql = strsql & "'" & txtspace.Text & "', "
strsql = strsql & Val(cmbtimezone.SelectedValue) & ", "
strsql = strsql & "'" & txtwebsite.Text & "') "
strsql += " SELECT IDENT_CURRENT('members')"
cmd.CommandText = strsql
txtsearch.Text = ""
txtserial.Text = cmd.ExecuteScalar().ToString()
Thank you for your replies
|
|
|
|
|
The first query is a lot safer than your second one; pasting strings together to create a query is a sin.
Any reason why you're not using parameters there like in the first query?
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
yes i know.
i tried to do it like this, but i have an error.
Dim cmd As New SqlCommand
cmd.Connection = mcon
cmd.CommandText = "insert into members(serial, name, familyname, address, phone, mobile, fax, email, website, space, timezone) values (@serial, @name, @familyname, @address, @phone, @mobile, @fax, @email, @website, @space, @timezone) ;"
cmd.Parameters.AddWithValue("@serial", txtserial.Text)
cmd.Parameters.AddWithValue("@name", txtname.Text)
cmd.Parameters.AddWithValue("@familyname", txtfamilyname.Text)
cmd.Parameters.AddWithValue("@address", txtaddress.Text)
cmd.Parameters.AddWithValue("@phone", txtphone.Text)
cmd.Parameters.AddWithValue("@mobile", txtmobile.Text)
cmd.Parameters.AddWithValue("@fax", txtfax.Text)
cmd.Parameters.AddWithValue("@email", txtemail.Text)
cmd.Parameters.AddWithValue("@website", txtwebsite.Text)
cmd.Parameters.AddWithValue("@space", txtspace.Text)
cmd.Parameters.AddWithValue("@timezone", cmbtimezone.Text)
cmd.ExecuteNonQuery()
fillgrid()
How am i going to set the identity to txtserial.text? in the parameters method?
|
|
|
|
|
Member 10506215 wrote: How am i going to set the identity to txtserial.text? You did not set it in the previous query where you concatenate strings. Why would you need to set it now?
The identity is generated by the database at the moment you perform the insert; you don't have to set it. You would like to fetch it - that's what the SELECT IDENT_CURRENT('members') would do.
Stop trying and start reading. If you continue using trial and error, you'll be building some things you're going to regret later.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Kindly help me by posting the code for uploading data from MySql Database into MSProject using C#.
Thanks and Regards
badarinarayan@live.com
|
|
|
|
|
|
Hello,
I want to read a packet from serial port,
I don't know the length of the packet,
so I have to wait a timeout for the first byte
and then I have to read all next bytes.
I supersed class
SerialPort
and I write the method
Receive
in ".NET Framework 4 Client Profile".
I try to use this code but
sometimes
Receive
works well, sometimes doesn't work
public class PortaCom : SerialPort
{
int timeout = 0;
public PortaCom(string portName, int baudRate, int timeout)
: base(portName, baudRate)
{
this.timeout = timeout;
base.Open();
}
public byte[] Receive()
{
List<Byte> ByteList = new List<Byte>();
DateTime Now = DateTime.Now;
base.ReadTimeout = 1;
int FirstByte = -1;
while (FirstByte == -1)
{
if (DateTime.Now - Now > TimeSpan.FromMilliseconds(timeout))
throw new TimeoutException();
try { FirstByte = base.ReadByte(); }
catch (TimeoutException) { }
}
int NextByte = FirstByte;
while (NextByte != -1)
{
try
{
Byte _NextByte = (Byte)NextByte;
ByteList.Add(_NextByte);
NextByte = base.ReadByte();
}
catch (TimeoutException)
{
return ByteList.ToArray();
}
}
return ByteList.ToArray();
}
}
Can someone help me ?
|
|
|
|
|
What does "doesn't work" mean? Did it throw an exception? Did it explode?
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
|
If "sometimes it works, and sometimes it doesn't", often the timeout value is set too low.
"1 ms" is very low; the lowest useable timeout I've used with my particular setup was 250ms; with other customers needing 2000ms+, depending on the environment.
Start with a higher timeout value; using one that works most, if not all the time; then lower it to just short of where issues set in.
|
|
|
|
|
I am Working on an ASP.Net website with c#.Net as Code Behind where I need to Call a phython script which does some business logic. Can anyone please tell me how to call a phython script from ASP.Net website.
|
|
|
|
|
Try the ASP.NET forum.
Veni, vidi, abiit domum
|
|
|
|
|
Process.Start() will help you.
|
|
|
|
|
I have to host this website on IIS server.. What else I have to do to run the website..
|
|
|
|
|
Well, having python installed would be a start.
|
|
|
|
|
|
Hi everybody
I´m trying to do my own Custom Control, and I followed this helpfull tutorial
Writing your Custom Control: step by step[^]
But I have a problem, I can´t see the properties that I have created.
This is my code
Imports System.Windows.Forms
Imports System.Drawing
Imports System.ComponentModel
Imports Microsoft.VisualBasic.PowerPacks
Public Class ClaseTarjeta
Inherits RectangleShape
Private Bit As Boolean
'<Browsable(True)>
<Description("Estado del Bit")>
<Category("BITS")>
Public Property EstadoBit() As Boolean
Get
Return Bit
End Get
Set(ByVal Value As Boolean)
Bit = Value
End Set
End Property
Sub New()
End Sub
And I have in the user control that
Imports ClassTarjeta
Public Class Tarjeta
Dim bit_0 As ClaseTarjeta
Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick
If bit_0.EstadoBit = False Then
rBit0.FillColor = Drawing.Color.Gray
Else
rBit0.FillColor = Drawing.Color.Green
End If
End Sub
Private Sub Tarjeta_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Timer1.Enabled = False
Timer1.Interval = 500
End Sub
End Class
any help will be gratefull, because I don´t know what I have made wrong
Sorry for my poor english
|
|
|
|
|
Why do you have two classes and what's with the timer? This stuff doesn't make a lot of sense as written.
|
|
|
|
|
You are right!!! Sorry. I´m writing again...
Edit:
Solved, I have made only one Class, and now works!!!
modified 8-Feb-14 10:34am.
|
|
|
|
|