|
It might be that you have made a typo.
Try changing tableName.text, Ins_ID.Text to tableName.Text, Ins_ID.Text .
But on the other hand it could be anything. If you ask a question about an error, tell people what the error is and which part of the posted code gives the error, otherwise most members will ignore you.
Also please don't use text speak in your posts. We older folks don't understand it and once again you are cutting down the number of people willing to help you.
Henry Minute
Do not read medical books! You could die of a misprint. - Mark Twain
Girl: (staring) "Why do you need an icy cucumber?"
“I want to report a fraud. The government is lying to us all.”
|
|
|
|
|
Remove the single quotes from the tablename: FROM '{0}' becomes FROM {0}.
|
|
|
|
|
Fantastic....Worked
Thanks dude
|
|
|
|
|
This continues to be vulnerable to SQL Injection attacks.
|
|
|
|
|
To paraphrase dialog from the film 'Riddick': The CPer in me says that he has only just started learning SQL and nobody has given the little bit of help that he needs to continue with his project. However, the pedant in me says that I should tar and feather him for not following established best practice at all times; Ignorance of the Law is not a defence.
|
|
|
|
|
You should be using parameterised queries rather than injecting values into a SQL Statement. This is easy for data elements like the ID value, but slightly more difficult, yet doable, for the table name. As it stands your code is vulnerable to attack.
|
|
|
|
|
How to retrive attribute Name
<names>
<zipcode zc="*">
<rule rll="%LEIN">
Here the thing is in some Names tag the attribute of Rule is RL or RLL.
<rule rll="%LEIN">
<rule rl="LE%">
I am getting error at bold line below. Bcz, i mentioned direcly RLL. If RL exists as attirbute then getting error. how to get attribute name?
XmlNodeList NameList = doc.GetElementsByTagName("Names");
foreach (XmlNode node in NameList)
{
XmlElement nameElement = (XmlElement)node;
foreach (XmlNode xnode in nameElement)
{
XmlElement childElement = (XmlElement)xnode;
if (childElement.Name.ToLower() == "rule")
{
if (childElement.HasAttributes)
strrule = childElement.Attributes["RLL"].InnerText.ToLower();
}
}
}
G. Satish
|
|
|
|
|
Don't want to give stored proc to client? What are your options if there is one?
Thanks
dev
|
|
|
|
|
devvvy wrote: Don't want to give stored proc to client
Then don't
Have you considerd encrypting it?
Bob
Ashfield Consultants Ltd
Proud to be a 2009 Code Project MVP
|
|
|
|
|
I didn't know you can encrypt them? (stored proc in db owned by client)
dev
|
|
|
|
|
You can in SQLServer, don't know about the others, but why worry if its in their database? Have you hidden some sort of malicious timebomb code in the proc?
Bob
Ashfield Consultants Ltd
Proud to be a 2009 Code Project MVP
|
|
|
|
|
timebomb? no, just good code i plan to charge for money (as off-the-shelf-app)
I am evil yes i actually want to make money out of software sorry.
dev
|
|
|
|
|
Best option is to not give the password to the user. If the database is his/hers, then you should behave like a good guest within that database.
They're not going to put you out of business by copying your sprocs. People don't bother with that kind of thing, they just come here to ask for the code
I are troll
|
|
|
|
|
haha that's so true though
dev
|
|
|
|
|
In which case why not just put your business logic in the application - which generally they will be able to de-compile anyway
Its a constant battle to keep your code secure, but in my (25+ years) experience if you are selling to proper businesses they will respect your licence agreement.
Bob
Ashfield Consultants Ltd
Proud to be a 2009 Code Project MVP
|
|
|
|
|
becuase it's more optimized in stored proc
dev
|
|
|
|
|
Seems you are stuck then.
Bob
Ashfield Consultants Ltd
Proud to be a 2009 Code Project MVP
|
|
|
|
|
thanks anyway, just checking to see if I've missed anything
dev
|
|
|
|
|
Add the stored proc in code on app start then drop it on app close. Of course if the app crashes, you're stuffed.
Out of interest, why wouldn't you want the client to have the proc?
Henry Minute
Do not read medical books! You could die of a misprint. - Mark Twain
Girl: (staring) "Why do you need an icy cucumber?"
“I want to report a fraud. The government is lying to us all.”
|
|
|
|
|
no - thing is, because I want this to be highly optimized and best place to put the logic is actually in database. Dilemma is now i have to give away the source code.
Perhaps what I can do is to encapsulate only half in stored proc, the other half in obfuscated dll =)
dev
|
|
|
|
|
devvvy wrote: Don't want to give stored proc to client? What are your options if there is one?
you can use encryption. Eg.
create proc MyProc with Encryption
(
@parameters....
)
as
select query.....
BTW why dont you use .
google [^]
hope it helps...
When you fail to plan, you are planning to fail.
|
|
|
|
|
AFAIK you could play around with the permissions, ie execute only to all but the developer. This will not secure your code but will reduce your exposure. The actual text of the code is stored in a sys table and is accessible to anyone with the right permissions (sa) and the knowledge to get at it.
I'd go with the license option - most clients are not SW people and only want to use the toll not reinvent it.
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
When using
SELECT ROW_NUMBER() OVER (ORDER BY id) AS [RowNumber]<br />
FROM table where RowNumber > 1
It returns error 'Invalid column name 'RowNumber'. What is the problem here? I'm using SQL Server Express 2005. Thanks.
|
|
|
|
|
You added 'RowNumber' as a column-name alias. Those can be used in the ORDER BY clause, but can't be referenced in the WHERE part. Since you're using SQL 2005, you can bypass this by using a temporary query, selecting into a new CTE first;
SELECT * FROM
(
SELECT ROW_NUMBER() OVER (ORDER BY ID) AS [RowNumber]
FROM [YourTableNameGoesHere]
) AS CTE_TMP
WHERE [RowNumber] < 10
Enjoy
I are troll
|
|
|
|
|
I have a procedure running with transaction used in it.
I have used multiple insert in the procedures and finally return the scope_identity() of one of the insert by first setting a variable with scope_identity() and then returning it with select @variable at the end of procedure after commit and in case of RollBack i m returning it as select -9
The issue what am i facing is that sometimes it is skipping the return value in case of Commit Transaction as it is not returning anything to the code.
I am using it like this:
Full Procedure Code with Insert Commands here
set @variable=scope_identity()
IF @@ERROR <> 0
BEGIN
-- Rollback the transaction
ROLLBACK
Select -9
END
COMMIT
select @variable
The procedure is not going in the @@ERROR section and also all the insert values are there in tables after commit but why sometimes it is not returning the value required. I am using ExecuteScaler in the code.
Regards,
Kaushal Arora
Regards,
Kaushal Arora
|
|
|
|