|
Ok..thanks a lot.. I replaced the code with above statement and the project is working fine..I have also shared the folder which contains the database in the network.I have assumed my pc as the server.Now the project runs fine in my pc with the new path.Till now I was giving the app.path and was making the package using package and deployment wizard and running the project in individual pcs.Now can you please tell me how to proceed and how to make only exe run in another pcs and to make them access the database residing in the share folder in the network..(Pls note the folder is shared from my pc assuming my pc as the server?
|
|
|
|
|
suppose I want to make a work station pc which is not a server type as a server to store the database,then what will be the code to access the database residing on a network pc which is not a server type?
|
|
|
|
|
|
kereljansen wrote: The problem is the comma in the " 's Heerenberg"
That character is an apostrophe not a comma. See here[^] and see if that helps.
Why is common sense not common?
Never argue with an idiot. They will drag you down to their level where they are an expert.
Sometimes it takes a lot of work to be lazy
Individuality is fine, as long as we do it together - F. Burns
|
|
|
|
|
your code has two problems:
1.
when tblocation.Text contains either nothing or some special characters (including single quote, double quote, parenthesis, ...) then your VB statement will happily concatenate everything, however it will not result in a valid SQL statement.
2.
when a malicious user enters some special stuff through tblocation.Text, the net result may be a valid SQL statement with side effects you don't want; by providing some text, a quote, a closing parenthesis, a semi-colon, then whatever follows would be executed as a second SQL statement, and could e.g. delete an entire table. This problem is known as "SQL injection attacks".
There are basically two solutions:
1.
the best one is using SqlParameter, which means no string concatenation is used holding user input; all user input is handled separately, see SqlCommand.AddParameter().
This approach solves both problems.
2.
check and filter the textbox input; make sure there is nothing you don't want. If you want to allow quotes (as required in your example), then you may have to resort to special encoding, e.g. you could double the character on insertion, telling the database engine a single quote is required in the data.
|
|
|
|
|
The dirty fix is to replace ' with '' in your string.
That'll work but it's not a good idea for the reasons described by Luc.
Use parameters when inserting values into SQL like this.
|
|
|
|
|
thanks.
I think you clicked the wrong reply widget though.
|
|
|
|
|
sample (i have text like this):
username:marin;password:12345;lastlogin:12.12.2012;
i encrypt it with password(1111) using (http://www.di-mgt.com.au/properpassword.html[^]) and then i have something like:
FS238sdshdio92upishSDSDJfssf87s9dSFSSJDJ bla bla bla
and i save that "bla bla" into a file somewhere in application directory and when i start application again i decrypt and get info from file.
thats safe encryption but what for if annyone can see my application executable code and see with what password i encrypted it! or i am wrong?
thanks!
|
|
|
|
|
Nope, you're not wrong! A .NET assembly can be reversed with .NET Reflector and can figure out what you did to encrypt it. Tha's what obfuscators are for.
And if it was THAT critical, you should probably write the crypt/decrypt code in C++, not managed code.
|
|
|
|
|
Don't put the password in the executable; basic security!
It's time for a new signature.
|
|
|
|
|
How you encrypt this depends on who you are protecting it from and how important it is.
If this is a client-server application, a better option would be storing the encryption key on the server, and randomly generating it the first time the server runs. The client never sees the decrypted information, you just use a different "LoginFromEncryptedCredentials" method that passes the raw encrypted data, which the server decrypts and tries to process. When you want to store credentials, you call "GetEncryptedCredentialsFromServer" and pass it the information you want to encrypt. The key here is that the client machine NEVER sees the encryption key. If the client machine EVER has it in memory, then it can be retrieved.
If this is just a client application with no server, and you are saving the current user's credentials, you would be much better served encrypting the file with built-in windows file system encryption. This would hide it from everyone except the current user in a secure fashion.
|
|
|
|
|
|
You can change the name of the property right?
|
|
|
|
|
The obfuscator changes the name of the property.
But I cannot tell it to change DisplayMember accordingly.
Can I re-write this code so the DisplayMember is not a string with a function name?
Atara
Atara
|
|
|
|
|
Depends on the obfuscator. Most won't change the string, so you'd have to exclude it.
|
|
|
|
|
|
Hi,
In DeepSea Obfuscator, you can obfuscate this if you exclude the property from renaming by attaching the standard Obfuscation attribute to it.
Kind regards,
Ewout Prangsma
|
|
|
|
|
It seems that I must exclude it. and there is no way to re-write the code so I donot use function-name as a string.
Thanks
Atara
|
|
|
|
|
There actually is a way if you are using .NET 3.5 or higher, using expression trees. You would create a helper method called GetPropertyName(Expression propEx), and call it like:
this.myCtrlCmbFontName.DisplayMember = GetPropertyName(() => this.mcpGetName);
(sorry, C# syntax, I'm not too familiar with VB, but I think you get the idea).
The GetPropertyName method would traverse the expression tree and find the appropriate property name being accessed by the provided expression. You will have to do some Googling from here to figure out the rest, but if you have any specific questions once you get going, feel free to ask.
|
|
|
|
|
Thanks. meanwhile I use .Net 2, for "old" computers, but I will keep this in mind when upgrading.
Atara
|
|
|
|
|
No problem. Actually, a correction, I think it will work on .NET 3.0+, but that still doesn't help you
|
|
|
|
|
Yes, you will need to exlcude it from obfuscation. BTW which obfuscator are you using? Crypto Obfuscator has a cool feature which lists all such code points which need attention.
|
|
|
|
|
My program has a class to do some analysis that is run on a separate thread. When the work is done, it raises an event called AnalysisDone which the main form then handles. Below is my code to handle the event.
Private Sub AnalysisDone() Handles DustWipeAnalysis.AnalysisDone
If Me.InvokeRequired Then
Me.Invoke(New AnalysisDoneDelegate(AddressOf Me.AnalysisDone))
Else
GenerateSummarySheet()
End If
End Sub
Now this function was working, but all of a sudden it is throwing a NullReferenceException at the Me.Invoke line. I don't understand why it was working and then just stopped when nothing was changed with the function, or the function that raises the event in DustWipeAnalysis class. Almost forgot, the AnalysisDoneDelegate is defined at the top of the main form as Delegate Sub AnalysisDoneDelegate()
|
|
|
|
|
Never mind I figured out the problem. I was trying to call the wrong object that was created on a separate thread and this caused the NullReferenceException.
|
|
|
|
|
At my company, we receive test results from a lab in Excel files. However, sometimes the files are saved in BIFF7 format which I cannot read with the tools I have (and I've tried several different ones), and I doubt the lab will change how they do things just for me. Is anyone aware of any third-party tools (preferably free or very cheap) that I can use to convert BIFF7 files to BIFF8 format or later? Right now I'm doing it with Excel automation but I would prefer not to do it this way if I don't have to. Thanks in advance.
|
|
|
|