Click here to Skip to main content
16,016,076 members
Home / Discussions / Visual Basic
   

Visual Basic

 
QuestionRe: email sending using exchange server 2003 and VS 2005 Pin
steve_rm27-Feb-07 17:29
steve_rm27-Feb-07 17:29 
Questiondeleting a database Pin
balakpn27-Feb-07 3:19
balakpn27-Feb-07 3:19 
AnswerRe: deleting a database Pin
Marcus J. Smith27-Feb-07 3:22
professionalMarcus J. Smith27-Feb-07 3:22 
GeneralRe: deleting a database Pin
Colin Angus Mackay27-Feb-07 4:10
Colin Angus Mackay27-Feb-07 4:10 
GeneralRe: deleting a database Pin
Marcus J. Smith27-Feb-07 4:28
professionalMarcus J. Smith27-Feb-07 4:28 
GeneralRe: deleting a database Pin
Colin Angus Mackay27-Feb-07 4:49
Colin Angus Mackay27-Feb-07 4:49 
GeneralRe: deleting a database Pin
Marcus J. Smith27-Feb-07 5:07
professionalMarcus J. Smith27-Feb-07 5:07 
GeneralRe: deleting a database Pin
Colin Angus Mackay27-Feb-07 6:09
Colin Angus Mackay27-Feb-07 6:09 
CleAkO wrote:
I thought we established that all user input is evil and by giving the permission to do this it could be taken advantage of


You can sanitise the data to ensure that necessary tables are not dropped. The table may be dropped as part of a larger overall process and the drop functionality is not initiated by any specific user input.

Good (or best) practice shows ways to do things that that have a higher likelyhood of producing positive results. It does not deny the ability to do anything, it merely suggests better ways of doing things. If you need to drop a table then there are good ways of doing that.

The table name is 128 characters maximum (in SQL Server). If you ensure that all table names are made up of only specific characters (e.g. letters and numbers only) you can remove the possibility of people managing to inject malicious code into the drop statement because you can reject invalid characters. You can also surround your table name in square brackets. You can verify that the table exists prior to issuing the drop by querying the INFORMATION_SCHEMA.TABLES view using a parameterised query.

There are lots of things you can do to ensure that if you do need to drop a table from your application, you do it safely.

Big Grin | :-D


AnswerRe: deleting a database Pin
Colin Angus Mackay27-Feb-07 4:11
Colin Angus Mackay27-Feb-07 4:11 
Questionslashes in textbox Pin
amaneet27-Feb-07 2:27
amaneet27-Feb-07 2:27 
AnswerRe: slashes in textbox Pin
Marcus J. Smith27-Feb-07 2:38
professionalMarcus J. Smith27-Feb-07 2:38 
AnswerRe: slashes in textbox Pin
KeithF27-Feb-07 2:57
KeithF27-Feb-07 2:57 
GeneralRe: slashes in textbox Pin
Marcus J. Smith27-Feb-07 3:16
professionalMarcus J. Smith27-Feb-07 3:16 
AnswerRe: slashes in textbox Pin
JustmeNick27-Feb-07 6:05
JustmeNick27-Feb-07 6:05 
GeneralRe: slashes in textbox Pin
Marcus J. Smith27-Feb-07 7:56
professionalMarcus J. Smith27-Feb-07 7:56 
GeneralRe: slashes in textbox Pin
JustmeNick27-Feb-07 8:15
JustmeNick27-Feb-07 8:15 
QuestionReferential classes Pin
amaneet27-Feb-07 2:17
amaneet27-Feb-07 2:17 
QuestionMybase keyword Pin
Pankaj Garg27-Feb-07 1:57
Pankaj Garg27-Feb-07 1:57 
AnswerRe: Mybase keyword Pin
Guffa27-Feb-07 3:38
Guffa27-Feb-07 3:38 
AnswerRe: Mybase keyword Pin
Dave Kreskowiak27-Feb-07 4:37
mveDave Kreskowiak27-Feb-07 4:37 
QuestionIDispose Interface Pin
Pankaj Garg27-Feb-07 1:51
Pankaj Garg27-Feb-07 1:51 
AnswerRe: IDispose Interface Pin
Marcus J. Smith27-Feb-07 2:41
professionalMarcus J. Smith27-Feb-07 2:41 
Questiondouble link list implementation in vb.net Pin
Pankaj Garg27-Feb-07 1:45
Pankaj Garg27-Feb-07 1:45 
Questiondynamic crystal report [modified] Pin
harsh_c27-Feb-07 1:04
professionalharsh_c27-Feb-07 1:04 
Questioncreate plugins for mmc ? Pin
Agbaria Ahmad26-Feb-07 23:24
Agbaria Ahmad26-Feb-07 23:24 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.