Click here to Skip to main content
15,908,254 members
Home / Discussions / Database
   

Database

 
AnswerRe: postgresql VACUUM Pin
Tim Carmichael7-May-15 2:15
Tim Carmichael7-May-15 2:15 
GeneralRe: postgresql VACUUM Pin
V.7-May-15 3:41
professionalV.7-May-15 3:41 
QuestionSequence number in DB2 Pin
sudevsu5-May-15 9:57
sudevsu5-May-15 9:57 
QuestionTest sol Pin
Stephen Holdorf30-Apr-15 11:24
Stephen Holdorf30-Apr-15 11:24 
GeneralRe: Help with a SQL query Pin
PIEBALDconsult30-Apr-15 19:33
mvePIEBALDconsult30-Apr-15 19:33 
GeneralRe: Help with a SQL query Pin
Stephen Holdorf1-May-15 2:54
Stephen Holdorf1-May-15 2:54 
GeneralRe: Help with a SQL query Pin
Stephen Holdorf20-May-15 3:27
Stephen Holdorf20-May-15 3:27 
GeneralRe: Help with a SQL query Pin
Stephen Holdorf20-May-15 3:39
Stephen Holdorf20-May-15 3:39 
I know there are a lot of posts but I finally understand and did what I was told to do. I broke the query up with parameters and I am still getting the security error. My code is below the with the parameters removed from the hard coded string, the calling code, and the implementing code:

The 3 classes with the SQL w/ with the parameters broken out, the calling code, and the implementing code:


Class with the parameters broken out:

public class MyParam
    {
        public string name { get; set; }
        public string value { get; set; }
    }
    /// <summary>
    /// Summary description for QueryContainer SGH
    /// </summary>
    public class QueryContainer
    {

        string _query;

        public List<myparam> parameterList = new List<myparam>(); 

        public QueryContainer(string query) { _query = query; }

        public string Query
        {
            get
            {
                return _query;
            }

            set { _query = value;  }
        }
    }

The calling code:

<pre>
        public int GetAccountSortByAccountCode(int account)
        {
            QueryContainer Instance = new QueryContainer("SELECT ac_sort_order FROM lkup_account_codes where ac_code = <a href="http://www.codeproject.com/Members/account">@account</a>");

            MyParam myParam = new MyParam();

            myParam.name = "@account";
            myParam.value = account.ToString();

            Instance.parameterList.Add(myParam);

            return Convert.ToInt32(ExecuteScaler(Instance, 1));
        } 
<pre>

The implementing code:

<pre>
                if (_connection == null || _connection.State == ConnectionState.Closed)
                {
                    OpenConnection();
                }

                DbCommand command = _provider.CreateCommand();
                command.Connection = _connection;
                {
                    command.CommandText = Instance.Query;
                    command.CommandType = CommandType.Text;

                    foreach (var p in Instance.parameterList)
                    {
                        SqlParameter param = new SqlParameter(p.name, p.value);
                        command.Parameters.Add(param);
                    }

                    if (_useTransaction) { command.Transaction = _transaction; }

                    try
                    {
                        returnValue = command.ExecuteScalar();
                    }
                    catch (Exception ex)
                    {
                        if (ex is EntryPointNotFoundException)
                            throw ex;
                        //if (_useTransaction == true)
                        //_transaction.Rollback();
                        RollBack();

                        LogBLL bll = new LogBLL();
                        bll.WriteErrorLog(ex);

                        _iserror = true;
                    }

<pre>

AnswerRe: Help with a SQL query with all inappropriate information removed Pin
Richard Deeming1-May-15 3:39
mveRichard Deeming1-May-15 3:39 
QuestionRe: Test sol Pin
Eddy Vluggen4-May-15 8:20
professionalEddy Vluggen4-May-15 8:20 
QuestionDynamically Add Column Name Pin
MadDashCoder29-Apr-15 3:44
MadDashCoder29-Apr-15 3:44 
AnswerRe: Dynamically Add Column Name Pin
Sascha Lefèvre29-Apr-15 5:11
professionalSascha Lefèvre29-Apr-15 5:11 
GeneralRe: Dynamically Add Column Name Pin
MadDashCoder29-Apr-15 13:43
MadDashCoder29-Apr-15 13:43 
GeneralRe: Dynamically Add Column Name Pin
Corporal Agarn30-Apr-15 1:48
professionalCorporal Agarn30-Apr-15 1:48 
GeneralRe: Dynamically Add Column Name Pin
Richard Deeming30-Apr-15 1:52
mveRichard Deeming30-Apr-15 1:52 
GeneralRe: Dynamically Add Column Name Pin
Corporal Agarn30-Apr-15 6:38
professionalCorporal Agarn30-Apr-15 6:38 
AnswerRe: Dynamically Add Column Name Pin
Corporal Agarn29-Apr-15 5:37
professionalCorporal Agarn29-Apr-15 5:37 
GeneralRe: Dynamically Add Column Name Pin
MadDashCoder30-Apr-15 6:11
MadDashCoder30-Apr-15 6:11 
QuestionStarting a SSIS 2012 DTSX package without validating it? Pin
Dr Miroslav Stimac29-Apr-15 1:39
professionalDr Miroslav Stimac29-Apr-15 1:39 
AnswerRe: Starting a SSIS 2012 DTSX package without validating it? Pin
Snorri Kristjansson22-May-15 1:39
professionalSnorri Kristjansson22-May-15 1:39 
Questiondatabase Pin
surender singh28-Apr-15 22:01
surender singh28-Apr-15 22:01 
AnswerRe: database Pin
Richard MacCutchan28-Apr-15 23:05
mveRichard MacCutchan28-Apr-15 23:05 
AnswerRe: database Pin
Richard Deeming29-Apr-15 1:55
mveRichard Deeming29-Apr-15 1:55 
QuestionMySQL Server does not show up in Installer Pin
QuickBooksDev28-Apr-15 0:26
QuickBooksDev28-Apr-15 0:26 
AnswerRe: MySQL Server does not show up in Installer Pin
Herman<T>.Instance29-Apr-15 9:57
Herman<T>.Instance29-Apr-15 9:57 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.