Click here to Skip to main content
15,346,248 members
Home / Discussions / Database
   

Database

 
GeneralRe: postgresql VACUUM Pin
Tim Carmichael7-May-15 0:01
MemberTim Carmichael7-May-15 0:01 
AnswerRe: postgresql VACUUM Pin
Tim Carmichael7-May-15 2:15
MemberTim Carmichael7-May-15 2:15 
GeneralRe: postgresql VACUUM Pin
V.7-May-15 3:41
professionalV.7-May-15 3:41 
QuestionSequence number in DB2 Pin
sudevsu5-May-15 9:57
Membersudevsu5-May-15 9:57 
QuestionTest sol Pin
Stephen Holdorf30-Apr-15 11:24
MemberStephen Holdorf30-Apr-15 11:24 
GeneralRe: Help with a SQL query Pin
PIEBALDconsult30-Apr-15 19:33
professionalPIEBALDconsult30-Apr-15 19:33 
GeneralRe: Help with a SQL query Pin
Stephen Holdorf1-May-15 2:54
MemberStephen Holdorf1-May-15 2:54 
GeneralRe: Help with a SQL query Pin
Stephen Holdorf20-May-15 3:27
MemberStephen Holdorf20-May-15 3:27 
I know there are a lot of posts but I finally understand and did what I was told to do. I broke the query up with parameters and I am still getting the security error. My code is below the with the parameters removed from the hard coded string, the calling code, and the implementing code:

The 3 classes with the SQL w/ with the parameters broken out, the calling code, and the implementing code:


Class with the parameters broken out:



public class MyParam
    {
        public string name { get; set; }
        public string value { get; set; }
    }
    /// 
    /// Summary description for QueryContainer SGH
    /// 
    public class QueryContainer
    {
 
        string _query;
 
        public List parameterList = new List(); 
 
        public QueryContainer(string query) { _query = query; }
 
        public string Query
        {
            get
            {
                return _query;
            }
 
            set { _query = value;  }
        }
    }<pre>
 
The calling code:
 

<pre>
        public int GetAccountSortByAccountCode(int account)
        {
            QueryContainer Instance = new QueryContainer("SELECT ac_sort_order FROM lkup_account_codes where ac_code = <a href="http://www.codeproject.com/Members/account">@account</a>");
 
            MyParam myParam = new MyParam();
 
            myParam.name = "@account";
            myParam.value = account.ToString();
 
            Instance.parameterList.Add(myParam);
 
            return Convert.ToInt32(ExecuteScaler(Instance, 1));
        } 
<pre>
 
The implementing code:
 
<pre>
                if (_connection == null || _connection.State == ConnectionState.Closed)
                {
                    OpenConnection();
                }
 
                DbCommand command = _provider.CreateCommand();
                command.Connection = _connection;
                {
                    command.CommandText = Instance.Query;
                    command.CommandType = CommandType.Text;
 
                    foreach (var p in Instance.parameterList)
                    {
                        SqlParameter param = new SqlParameter(p.name, p.value);
                        command.Parameters.Add(param);
                    }
 
                    if (_useTransaction) { command.Transaction = _transaction; }
 
                    try
                    {
                        returnValue = command.ExecuteScalar();
                    }
                    catch (Exception ex)
                    {
                        if (ex is EntryPointNotFoundException)
                            throw ex;
                        //if (_useTransaction == true)
                        //_transaction.Rollback();
                        RollBack();
 
                        LogBLL bll = new LogBLL();
                        bll.WriteErrorLog(ex);
 
                        _iserror = true;
                    }
<pre>

GeneralRe: Help with a SQL query Pin
Stephen Holdorf20-May-15 3:39
MemberStephen Holdorf20-May-15 3:39 
AnswerRe: Help with a SQL query with all inappropriate information removed Pin
Richard Deeming1-May-15 3:39
mveRichard Deeming1-May-15 3:39 
QuestionRe: Test sol Pin
Eddy Vluggen4-May-15 8:20
professionalEddy Vluggen4-May-15 8:20 
QuestionDynamically Add Column Name Pin
MadDashCoder29-Apr-15 3:44
MemberMadDashCoder29-Apr-15 3:44 
AnswerRe: Dynamically Add Column Name Pin
Sascha Lefèvre29-Apr-15 5:11
professionalSascha Lefèvre29-Apr-15 5:11 
GeneralRe: Dynamically Add Column Name Pin
MadDashCoder29-Apr-15 13:43
MemberMadDashCoder29-Apr-15 13:43 
GeneralRe: Dynamically Add Column Name Pin
Corporal Agarn30-Apr-15 1:48
professionalCorporal Agarn30-Apr-15 1:48 
GeneralRe: Dynamically Add Column Name Pin
Richard Deeming30-Apr-15 1:52
mveRichard Deeming30-Apr-15 1:52 
GeneralRe: Dynamically Add Column Name Pin
Corporal Agarn30-Apr-15 6:38
professionalCorporal Agarn30-Apr-15 6:38 
AnswerRe: Dynamically Add Column Name Pin
Corporal Agarn29-Apr-15 5:37
professionalCorporal Agarn29-Apr-15 5:37 
GeneralRe: Dynamically Add Column Name Pin
MadDashCoder30-Apr-15 6:11
MemberMadDashCoder30-Apr-15 6:11 
QuestionStarting a SSIS 2012 DTSX package without validating it? Pin
Dr Miroslav Stimac29-Apr-15 1:39
professionalDr Miroslav Stimac29-Apr-15 1:39 
AnswerRe: Starting a SSIS 2012 DTSX package without validating it? Pin
Snorri Kristjansson22-May-15 1:39
professionalSnorri Kristjansson22-May-15 1:39 
Questiondatabase Pin
surender singh28-Apr-15 22:01
Membersurender singh28-Apr-15 22:01 
AnswerRe: database Pin
Richard MacCutchan28-Apr-15 23:05
mveRichard MacCutchan28-Apr-15 23:05 
AnswerRe: database Pin
Richard Deeming29-Apr-15 1:55
mveRichard Deeming29-Apr-15 1:55 
QuestionMySQL Server does not show up in Installer Pin
QuickBooksDev28-Apr-15 0:26
MemberQuickBooksDev28-Apr-15 0:26 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.