Click here to Skip to main content
15,867,568 members
Home / Discussions / Web Development
   

Web Development

 
GeneralRe: Improper Neutralization of special elements used in an sql command Pin
Sascha Lefèvre12-May-15 15:44
professionalSascha Lefèvre12-May-15 15:44 
GeneralRe: Improper Neutralization of special elements used in an sql command Pin
Stephen Holdorf13-May-15 8:00
Stephen Holdorf13-May-15 8:00 
GeneralRe: Improper Neutralization of special elements used in an sql command Pin
Sascha Lefèvre13-May-15 9:53
professionalSascha Lefèvre13-May-15 9:53 
GeneralRe: Improper Neutralization of special elements used in an sql command Pin
PIEBALDconsult12-May-15 11:15
mvePIEBALDconsult12-May-15 11:15 
QuestionSQL Injection error. Pin
Stephen Holdorf12-May-15 9:43
Stephen Holdorf12-May-15 9:43 
AnswerRe: SQL Injection error. Pin
Sascha Lefèvre12-May-15 10:22
professionalSascha Lefèvre12-May-15 10:22 
AnswerRe: SQL Injection error. Pin
Richard Deeming13-May-15 1:38
mveRichard Deeming13-May-15 1:38 
GeneralRe: SQL Injection error. Pin
Stephen Holdorf20-May-15 3:24
Stephen Holdorf20-May-15 3:24 
I know there are a lot of posts but I finally understand and did what I was told to do. I broke the query up with parameters and I am still getting the security error. My code is below the with the parameters removed from the hard coded string, the calling code, and the implementing code:

The 3 classes with the SQL w/ with the parameters broken out, the calling code, and the implementing code:


Class with the parameters broken out:



public class MyParam
    {
        public string name { get; set; }
        public string value { get; set; }
    }
    /// 
    /// Summary description for QueryContainer SGH
    /// 
    public class QueryContainer
    {
 
        string _query;
 
        public List parameterList = new List(); 
 
        public QueryContainer(string query) { _query = query; }
 
        public string Query
        {
            get
            {
                return _query;
            }
 
            set { _query = value;  }
        }
    }<pre>
 
The calling code:
 

<pre>
        public int GetAccountSortByAccountCode(int account)
        {
            QueryContainer Instance = new QueryContainer("SELECT ac_sort_order FROM lkup_account_codes where ac_code = <a href="http://www.codeproject.com/Members/account">@account</a>");
 
            MyParam myParam = new MyParam();
 
            myParam.name = "@account";
            myParam.value = account.ToString();
 
            Instance.parameterList.Add(myParam);
 
            return Convert.ToInt32(ExecuteScaler(Instance, 1));
        } 
<pre>
 
The implementing code:
 
<pre>
                if (_connection == null || _connection.State == ConnectionState.Closed)
                {
                    OpenConnection();
                }
 
                DbCommand command = _provider.CreateCommand();
                command.Connection = _connection;
                {
                    command.CommandText = Instance.Query;
                    command.CommandType = CommandType.Text;
 
                    foreach (var p in Instance.parameterList)
                    {
                        SqlParameter param = new SqlParameter(p.name, p.value);
                        command.Parameters.Add(param);
                    }
 
                    if (_useTransaction) { command.Transaction = _transaction; }
 
                    try
                    {
                        returnValue = command.ExecuteScalar();
                    }
                    catch (Exception ex)
                    {
                        if (ex is EntryPointNotFoundException)
                            throw ex;
                        //if (_useTransaction == true)
                        //_transaction.Rollback();
                        RollBack();
 
                        LogBLL bll = new LogBLL();
                        bll.WriteErrorLog(ex);
 
                        _iserror = true;
                    }
<pre>

QuestionAuthorize.net PayPal Option Pin
jkirkerx11-May-15 12:24
professionaljkirkerx11-May-15 12:24 
QuestionDashboard samples reference Pin
sma123#11-May-15 5:46
sma123#11-May-15 5:46 
AnswerRe: Dashboard samples reference Pin
User 418025429-Jul-15 10:37
User 418025429-Jul-15 10:37 
Questionunderstand about Web Accessibility Pin
Nguyen Jay8-May-15 15:48
Nguyen Jay8-May-15 15:48 
AnswerRe: understand about Web Accessibility Pin
Richard MacCutchan8-May-15 21:38
mveRichard MacCutchan8-May-15 21:38 
AnswerRe: understand about Web Accessibility Pin
Afzaal Ahmad Zeeshan11-May-15 5:16
professionalAfzaal Ahmad Zeeshan11-May-15 5:16 
QuestionPHP-SOAP: How to authenticate? Pin
Muhammed Özdemir7-May-15 19:23
Muhammed Özdemir7-May-15 19:23 
QuestionRe: PHP-SOAP: How to authenticate? Pin
ZurdoDev11-May-15 4:14
professionalZurdoDev11-May-15 4:14 
QuestionUploading and downloading file from ONEDRIVE through WCF service Pin
Kandepu Rajesh7-May-15 6:32
Kandepu Rajesh7-May-15 6:32 
SuggestionRe: Uploading and downloading file from ONEDRIVE through WCF service Pin
ZurdoDev11-May-15 4:15
professionalZurdoDev11-May-15 4:15 
QuestionHi friends, How to apply bootstrap classes to the particular selected content from textarea. Pin
Member 113964094-May-15 19:45
Member 113964094-May-15 19:45 
AnswerRe: Hi friends, How to apply bootstrap classes to the particular selected content from textarea. Pin
Richard MacCutchan4-May-15 21:14
mveRichard MacCutchan4-May-15 21:14 
GeneralRe: Hi friends, How to apply bootstrap classes to the particular selected content from textarea. Pin
Member 113964094-May-15 22:45
Member 113964094-May-15 22:45 
QuestionAccess a web page through IP and port no (VS2013, HTML5, AngularJS) Pin
Praveen Raghuvanshi4-May-15 7:25
professionalPraveen Raghuvanshi4-May-15 7:25 
Questionabout classic asp Pin
tiwal3-May-15 7:07
tiwal3-May-15 7:07 
AnswerRe: about classic asp Pin
F-ES Sitecore3-May-15 8:09
professionalF-ES Sitecore3-May-15 8:09 
GeneralRe: about classic asp Pin
tiwal4-May-15 6:47
tiwal4-May-15 6:47 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.