|
Thanks you for your replay
I think what you said is the only way to deal with this case
Hassan Amaar
Hassan Amaar
|
|
|
|
|
Hi Guys,
I had my database for my website in the remote webhost server.But the whole database got deleted suddenly.I could not track from where it happened.Now I am having a new webhost. I would like to give maximum protection, so that the database doesn't get deleted.
Can anybody help me with the necessary steps that has to be taken so that my database is secure.
Thanks
Jith
|
|
|
|
|
Check you application for possibility of injecting sql:
e.g. do you concatenate your sql strings together like
"select * from a where something = " + textbox1.text;
|
|
|
|
|
Hi all!
i have writing an stored procedure in sql server 2005 which are given below ...
Create procedure [dbo].[DGV_UpdateUser]
(
@uId nvarchar(100),
@uName nvarchar(300),
@uEmail nvarchar(300),
@uState nvarchar(300),
@Picture Image
)
AS
BEGIN TRAN
DECLARE @SQL_Query varchar(8000)
IF(EXISTS(SELECT * FROM Users WHERE Uid = @uId))
BEGIN
SET @SQL_Query = 'UPDATE Users SET Name = ''' + @uName + ''', Email = ''' + @uEmail + ''''
IF(@uState IS NOT NULL)
SET @SQL_Query = @SQL_Query + ', State = ' + @uState
IF(@Picture IS NOT NULL)
SET @SQL_Query = @SQL_Query + ', Picture = ' + @Picture
SET @SQL_Query = @SQL_Query + ' WHERE Uid = ''' + @uId + ''''
EXEC(@SQL_Query)
--print @SQL_Query
END
IF(@@error<>0)
ROLLBACK
ELSE
COMMIT
When i press F5 to create this procedure, i have faced following error:-
Msg 402, Level 16, State 1, Procedure DGV_UpdateUser, Line 21
The data types varchar and image are incompatible in the add operator.
----------------------------------------------------------------------
i have try to cast @Picture into Varchar but i have not successed to remove error. Can any one help me?
Thanks & Regards,
SAMir Nigam,
Software Developer,
STPL, Lucknow, India.
|
|
|
|
|
You have DECLARE d @SQL_Query as varchar . All your other variables are defined as nvarchar . Choose one and stick with it.
|
|
|
|
|
Sorry friend! error is still there.
Thanks & Regards,
SAMir Nigam,
Software Developer,
STPL, Lucknow, India.
|
|
|
|
|
So you've changed every varchar to an nvarchar or vice versa? If yes, then it musr be a different error.
|
|
|
|
|
Yes friend! same error is still there. it is because Image data type cann't be implicitly or explicitly converted to string data type. and in in exec() method , parameter should be string. actually i want solution of this problem. if u have any idea[different], then please tell me.
Thanks & Regards,
SAMir Nigam,
Software Developer,
STPL, Lucknow, India.
|
|
|
|
|
Sorry - I misread your query.
You cannot inject an image into a string.
You might want to look at sp_execsql stored procedue - it will help you get the image in. Alternatively, use a number of UPDATE statements inside the transaction so you are not injecting values into the SQL (it also makes your code safer as it is less susceptable to a SQL Injection Attack)
|
|
|
|
|
Thanks You sir!
Thanks & Regards,
SAMir Nigam,
Software Developer,
STPL, Lucknow, India.
|
|
|
|
|
hi all,
I want to query Microsoft Active Directory (Windows Server 2003) from SQL Server. Active Directory data have been stored on remote computer and i want to retrieve those data in SQL Server on local computer.
So how could i achieve this?
|
|
|
|
|
|
That first link doesn't seem to help because i tried those things so many times but that second link which is in french seem to be very useful so please help me transalting it.
Thanks,
Rachit Damani.
|
|
|
|
|
hi everybody
I have 3 tables employe,earning,deductions
table employe
id name
1 shekar
2 vijay
3 mohan
4 kiran
table earning
id desc amt
1 basic 1000
1 hra 850
1 ta 150
2 basic 3000
2 hra 350
2 ta 200
3 basic 4000
3 hra 700
3 ta 100
4 basic 5000
4 hra 600
4 ta 170
table dedu
id desc amt
1 pf 50
1 it 100
1 pt 60
2 pf 50
2 it 100
2 pt 60
3 pf 50
3 it 100
3 pt 60
4 pf 50
4 it 100
4 pt 60
is it possible to get the o/p like this
id name basic hra ta pf it pt
1 shekar 1000 850 150 50 100 60
2 vijay 3000 350 200 50 100 60
...
regards
chandru
|
|
|
|
|
dear chandru,
I strongly recommend you to change the structure of your table....Why not to keep three different fields basic/hra/ta in earning Table And pf/it/pt in the deduction table....
Tirtha
Miles to go before I sleep
|
|
|
|
|
Dear Tirtha,
Why i created in different tables beacuse user can create new fields by his own if any new benfits, deducutions as and when he come across without contacting the developers.
I have diffent table where i hold these field name,formulas e.t.c., where they will enter details of fields & formulas for that fields. and add the field name to the employee id.
I am using sql server 2000
regards
chandru
|
|
|
|
|
You can certainly do this but I agree with another reply for this post to normalize the tables ... In any case you SP should do some thing like this
1. Create Temp table with the required columns
2. Select the required information from all the table using join
3. fill the temp table
4. Select from the temp table
If you are using MS SQL 2005 then there is something like Pivot tables through which you can still achieve the same ...
Regards,
Jaiprakash M Bankolli
jaiprakash.bankolli@gmail.com
|
|
|
|
|
I am a beginner of SQL SERVER 2005 and I need to create a database server to be able to share data in other computers inside and outside of my network. Please show me web pages about this topic. This is one way to learn, beginning to create databases configuring firstly the network. thank you.
SQL SERVER
|
|
|
|
|
Hi
When I view a table withen DataGridView . for eg .. then rows count on the table is 5 rows .. you found at the end of rows on the dataagrid control a balck area with the back color ,,,
Can I make the DatagridView Countinue view it's rows even it is empty ..
I hope that my idea is clear
jooooo
|
|
|
|
|
If you are saying some like making pagination static, then I would say it is possible only thing you would require to put the empty pagertemplate then in the data bind event associate the pagination information to a user defined control for pagination.
Hope thats clear.
Regards,
Jaiprakash M Bankolli
jaiprakash.bankolli@gmail.com
|
|
|
|
|
hi,
The back ground of the grid view changing based on records, if it yes
go for this solution, i hope it will clear ur problem
give ur <grid view=""> of grid veiw.it will solve ur problem.
with regards,
sudhakar.vaddepalli.
|
|
|
|
|
Thanks my friend ..
I can't understand what you mean ..
I mean the backcolor of the blank area of the Grid , not the backcolor of the rows . ..
jooooo
|
|
|
|
|
hi,
it is for blank space of Grid view n't for grid rows.
what i said & what u want is same.give the height to td tag of html designer or web page where u kept the Grid view tag like below
height="Some height">
Grid View control ...................................
|
i think now u will get it.
|
|
|
|
|
Can anyone tell me the best way to get a list of all the queries ran against a particular database on my server? I don't need queries ran against System Tables only the tables I've defined. As mention in the subject, it's SQL Server 2005. I've ssearched the Web as well as help files but apparently I'm not using the correct keywords in my search as I haven't found anything.
|
|
|
|
|
I would get a good sql log file parser. There are some good tools out there. The information you want is only in the log files.
Hope that helps.
Ben
|
|
|
|