|
You do realise that your C# code runs at the server side don't you? Whatever solution you put in place would require you to use JavaScript.
This space for rent
|
|
|
|
|
this functionality is not achievable in web apps 
|
|
|
|
|
And what did you think ASP.NET apps were? Typically, server side apps run on servers with no UI running so you can't exactly take a screenshot of the server.
This space for rent
|
|
|
|
|
feature to take user screen shots by user himself.
like sending an error page to support team.
|
|
|
|
|
You have two choices - find a plugin that screenshot the whole desktop, or limit yourself to capturing the web page[^]. Either way, this is not going to be C#.
This space for rent
|
|
|
|
|
I need to design class library for sql injection prevention by using ASP.NET with C# When the application server received input from the user, it dynamically generated the query based on the input. This query, along with the developer-intended query made use of keyword randomization, where the randomly generated key was appended to the SQL keywords in both queries. These queries were then forwarded to an XML parsing component, which converted both queries into XML trees. and comparing the corresponding nodes in these sub-stacks by using multiple threads, and based on the result of comparison, the algorithm was able to determine whether the dynamically built query was an attack or not. If this query was non-malicious, it was allowed to pass further to the database server for execution. However, if the algorithm determined a query as an attack, it was blocked at the application server and was not sent to the database server for execution. The attack queries were added to an error log to help the system administrators to My Email : [DELETED]@gmail.com
[edit]Email removed - OriginalGriff[/edit]
modified 2-Nov-16 15:46pm.
|
|
|
|
|
Never post your email address in any forum, unless you really like spam! If anyone replies to you, you will receive an email to let you know.
And what have you done so far? Where are you stuck? What help do you need?
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
No, you don't. ADO.NET already has plenty of protection from SQL Injection, in the form of parameterized queries.
Whenever you want to pass parameters to your query, pass them as parameters, rather than trying to stuff them into a dynamic query.
command.CommandText = "SELECT <columns> FROM SomeTable WHERE SomeColumn = '" + parameterValue + "'";
command.CommandText = "SELECT <columns> FROM SomeTable WHERE SomeColumn = @Parameter";
command.Parameters.AddWithValue("@Parameter", parameterValue);
If you're writing dynamic SQL in your stored procedures, use sp_executesql[^] and pass the parameters as parameters.
EXEC N'SELECT <columns> FROM SomeTable WHERE SomeColumn = ''' + @ParameterValue + '''';
EXEC sp_executesql N'SELECT <columns> FROM SomeTable WHERE SomeColumn = @Parameter',
N'@Parameter varchar(20)',
@Parameter = @ParameterValue
;
If you find yourself passing dynamic things that can't be passed as parameters (column names, table names, etc.), try to find a way to avoid doing that. If you can't, then use the system views in SQL to validate the values to death:
SET @Query = N'SELECT <columns> FROM ' + @TableName;
DECLARE @TableID int = OBJECT_ID(@TableName);
If @TableID Is Null RAISERROR('Table does not exist.', 16, 1);
DECLARE @SchemaName sysname, @RealTableName sysname;
SELECT
@SchemaName = S.name,
@RealTableName = T.name
FROM
sys.tables As T
INNER JOIN sys.schemas As S
ON S.schema_id = T.schema_id
WHERE
T.id = @TableID
And
T.type = 'U'
;
If @@ROWCOUNT = 0 RAISERROR('Table does not exist.', 16, 1);
SET @Query = N'SELECT <columns> FROM ' + QUOTENAME(@SchemaName) + N'.' + QUOTENAME(@RealTableName);
If you're passing multiple column names, then you'll need to use one of the many available SQL "split" functions to extract the individual column names.
In other words, rather than wasting your time trying to come up with a complicated scheme to try to detect some types of SQL Injection, use the built-in methods which prevent parameters from ever being treated as code.
Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
We're not here to do the work for you.
My advice, starts out with what you do know, divide the problem into smaller problems that you can handle and come back with a problem that got you stuck, provide information on that (I tried this and and that and search there and there, but I'm still stuck because ...)
Then it is LESS likely you get downvoted and MORE likely to get an answer to your question.
(And even MORE likely that you'll learn something)
|
|
|
|
|
So I decided to update an older application with calls using await...async instead of embeding Thread.Start(() => { myFunction(); }); lambda expressions for long running operations. I have had a few successes but I am a little confused about making asynchronous method call with the dispatcher.
Lets start with the original multithreaded database call. It updates a ListView when it is done.
public bool PushToDatabase(DataCollection data)
{
try
{
PerformDatabaseInsert(data);
App.Current.Dispatcher.Invoke(new Action(() => lst_MyData.ItemsSource = data.ToArray()));
return true;
}
catch (Exception ex)
{
return false;
}
}
This is all wrapped up in a click event in a pop-out control
private void btn_Submit_Click(object sender, RoutedEventArgs e)
{
if (InputsAreGood())
{
DataCollection data = GetFormFields();
Thread thread = new Thread(() =>
{
MainWindow.SetCursor_Wait();
if (PushToDatabase(data))
{
ClosePopOutControl();
}
MainWindow.SetCursor_Arrow();
});
thread.Start();
}
else
{
}
}
Nothing really fancy. The UI remains responsive while the database operation is performed on another thread.
Now, I converted these to asynchronous methods. The code works but I am still not understanding why it is supposed to be better when it seems to make the code look a lot more complicated. I can only surmise that I am going about this all wrong.
First, I moved the ListView update to a separate function.
public async Task UpdateListViewAsync(DataCollection data)
{
await Dispatcher.Invoke(() =>
{
return Task.Run(() => { lst_MyData.ItemsSource = data.ToArray(); });
}
}
And added an async function to perform the database call.
public async Task<bool> PushToDatabaseAsync(DataCollection data)
{
Task<bool> dataPushTask = Task.Run(() => PushToDatabase(data));
bool result = await dataPushTask;
await UpdateListViewAsync();
return result;
}
There are fewer lines of code in the function but am I really gaining anything here?
What I had to rewrite the submit code to really bakes my noodle.
private btn_Submit_Click(object sender, RoutedEventArgs e)
{
bool taskResult;
try
{
MainWindow.SetCursor_Wait();
if (InputsAreGood())
{
DataCollection data = GetFormFields():
Func<Task<bool>> dataPushLambda = async () => await PushToDatabaseAsync(data);
taskResult = await App.Current.Dispatcher.InvokeAsync(dataPushLambda).Result;
if (taskResult)
{
ClosePopOutForm();
}
else
{
}
}
else
{
}
}
catch (Exception ex)
{
}
finally
{
MainWindow.SetCusor_Arrow();
}
}
What am looking for is a deeper explanation of what is going on with these two lines
Func<Task<bool>> dataPushLambda = async () => await PushToDatabaseAsync(data);
taskResult = await App.Current.Dispatcher.InvokeAsync(dataPushLambda).Result;
Also, what is the difference between these two lines?
taskResult = await App.Current.Dispatcher.InvokeAsync(dataPushLambda).Result;
taskResult = await await App.Current.Dispatcher.InvokeAsync(dataPushLambda);
Lastly, I ran into a lot of trouble with the InvokeAsync call not accepting Task<bool> but I couldn't find anything else that would work.
Is there a better way to call async methods with the Dispatcher then what I have here?
Is (or why is) async...await better then spinning up a separate thread for long running operations?
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|
|
Foothill wrote: it seems to make the code look a lot more complicated
That's because you've significantly over-complicated it! 
private btn_Submit_Click(object sender, RoutedEventArgs e)
{
try
{
MainWindow.SetCursor_Wait();
if (InputsAreGood())
{
DataCollection data = GetFormFields():
await PushDataToDatabaseAsync(data);
ClosePopOutForm();
}
else
{
}
}
catch (Exception ex)
{
}
finally
{
MainWindow.SetCusor_Arrow();
}
}
private async Task PushToDatabaseAsync(DataCollection data)
{
await Task.Run(() => PerformDatabaseInsert(data));
if (Dispatcher.CheckAccess())
{
UpdateList(data)
}
else
{
await Dispatcher.BeginInvoke((Action<DataCollection>)UpdateList, data);
}
}
private void UpdateList(DataCollection data)
{
lst_MyData.ItemsSource = data.ToArray();
}
NB: If at all possible, you should make your PerformDatabaseInsert method async, using the built-in async methods on the DbConnection / DbCommand types. If you're using a DataAdapter, there's no async support, so you're stuck with pushing the update onto a background thread.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
 I can see that. I guess I will chalk that up to this being my first serious attempt and multithreading with the async...await model.
Currently reading Best Practices in Asynchronous Programming to get a better idea of what I am doing wrong here and what is the right way.
Any other tips to get me started would be appreciated.
Does over-complicating something simple make me an engineer?
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|
|
|
Hello,
I want to write a C# label print application. My printer is Zebra P4T. My label size is 3x3 cm one column one row. I tried some libraries, RawPrinterHelper class etc. but they didn't fit. What is your advice to start with?
Thanks.
|
|
|
|
|
|
To print to a Zebra printer, you'll need to combine the RawPrinterHelper class with ZPL commands: ZPL2 Programmers Manual[^]
Here's the class I use[^] - just call RawPrinterHelper.SendStringToPrinter(zplPrinterName, zplDocument, null) to send the specified ZPL commands to the printer.
This tool[^] lets you preview your ZPL document online, although you might find some subtle differences between the tool and your printer.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
There are some options to do it. One is that with Zebra printers you are receiving also software to create labels fe. Zebra Designer. You can create tamplate in this software, save it as text file (it will be ZPL language) and in your application you will read this template then you will do string replace with your data and send it all as text to the printer. Other option is to generate pdf file in your app and send pdf file with your label to printer. But printer will need to support it.
|
|
|
|
|
i have seen some people post the bench mark graph for their c# application. suppose a routine is parsing large csv file. so people post bench mark graph to show how routine is efficient to read large csv file with very minimum time. is it possible to generate bench mark graph from VS2013 or VS2015 IDE ?
please share the idea. thanks
tbhattacharjee
|
|
|
|
|
Effectively you need two parts to perform the benchmarking. The first is a timer that you use to log the difference between the start of the operation and the time it ends (it's worth looking at the Stopwatch class here - don't use DateTime to do this). Then you need to run the code you want to benchmark many, many times. I would typically start by thinking that the benchmark should exercise the code about 10K times.
When you run the code, run it on a machine that isn't doing anything else. Better still - run it on several machines of different configurations so that you can get an idea of how things such as processor power, memory, etc, have an effect.
This space for rent
|
|
|
|
|
I reliazed a visual program using huffman algorithm for txt files.I can easily compress txt files but ı cannot compress image.Huffman is text-based algorithm.How I can do it using huffman algorithm using c#?
|
|
|
|
|
A quick search brought up Huffman coding in C#[^]. This might be a good place for you to start.
This space for rent
|
|
|
|
|
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Collections;
namespace HuffmanTest
{
class Program
{
static void Main(string[] args)
{
string input = "foo bar";
HuffmanTree huffmanTree = new HuffmanTree();
// Build the Huffman tree
huffmanTree.Build(input);
// Encode
BitArray encoded = huffmanTree.Encode(input);
Console.Write("Encoded: ");
foreach (bool bit in encoded)
{
Console.Write((bit ? 1 : 0) + "");
}
Console.WriteLine();
// Decode
string decoded = huffmanTree.Decode(encoded);
Console.WriteLine("Decoded: " + decoded);
Console.ReadLine();
}
}
}
Here input is "foo bar"; which is string.Input will be image.
|
|
|
|
|
So just read the image into your application, as you have been told many times already. Text, image, audio, video - they are all the same, just streams of bytes.
|
|
|
|
|
I used base64 but image file 10 mb and then base64 string 16 mb and compress by huffman this base64 string result is 12 mb . 
|
|
|
|
|
That is not unusual, since image files tend to be difficult to compress. And .jpg files are already compressed.
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
