|
|
Hello everyone.
I'm beginner with open source SNMP class library(#SNMP Library).
I want to calculate Bandwidth Utilization based on ifInObtets and ifOutOctets. How can I do? How can I get values fInObtets and ifOutOctets.
I need help. Hope someone can help me.
|
|
|
|
|
|
|
this is the code for login button that should check the database and then show another form.but instead its always giving me the else part here, what am i doing wrong here.
{
SqlConnection con = new SqlConnection(@"Data Source=SAJJAD-PC;Initial Catalog=hotel;Integrated Security=True;");
SqlDataAdapter sda = new SqlDataAdapter("select count(*) from login where username = '" + usernametxtbox+"'and password = '" +passwordtxtbox+"'",con);
DataTable dt = new DataTable();
sda.Fill(dt);
if (dt.Rows[0][0].ToString() == "1")
{
con.Open();
this.Hide();
Form5 form5 = new Form5();
form5.Show();
}
else
{
MessageBox.Show("Please Check your username and password again !");
}
|
|
|
|
|
Hi
Can you please try like this
if (dt.Rows.count > 0)
{
con.Open();
this.Hide();
Form5 form5 = new Form5();
form5.Show(); }
|
|
|
|
|
Dark Commet wrote: what am i doing wrong here.
Would you like a list?
Being honest, the answer is "pretty much everything".
You break the two first rules of databases:
1) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
2) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
Then, you don't check to see if there are any values in your data:
sda.Fill(dt);
if (dt.Rows[0][0].ToString() == "1")
Then you unnecessarily convert to string, and do string comparisons,you use default names for forms, you don't dispose of objects that hold scarce resources, you don't do any error checking, you...
You get the idea. You have a long way to go.
So follow the link, have a read of the code there, and then change your db to support hashed passwords.
Return the hashed password for the user name, and compare that instead of trying to get the count. And please - for your own sake - use parameterised queries at all times!
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
First: Don't use string concatenation to build your SQL queries!
A few more issues:
- "usernametxtbox" and "passwordtxtbox probably results in something like "System.Windows.Forms.TextBox" instead of the actual value. Make sure you access the "Text" property of those objects to get the value stored inside them
- There is no need for a DataTable or an SqlDataAdapter.
- Make sure you dispose of the Sql-objects if you're done (else you might run into memory leaks)
Go with something like this (using "using" will make sure the objects are disposed)
using(var con = new SqlConnection(@"Data Source=SAJJAD-PC;Initial Catalog=hotel;Integrated Security=True;") {
con.Open();
using(var cmd = con.CreateCommand()) {
cmd.CommandText="SELECT COUNT(*) FROM login WHERE username=@username AND password=@password";
cmd.Parameters.Add("@username", SqlDbType.Varchar, 50).Value = usernametxtbox.Text;
cmd.Parameters.Add("@password", SqlDbType.Varchar, 50).Value = passwordtxtbox.Text;
var result = (int)cmd.ExecuteScalar();
if(result==1) {
} else {
}
}
}
|
|
|
|
|
I think usernametxtbox and passwordtxtbox are your text box controls. use usernametxtbox.Text.ToString().Trim() and passwordtxtbox.Text.ToString().Trim().
and if you have more then one record with same username and password then row count will be grater than 1 and in this condition
login will be failed. so you need to check what table return form database.
|
|
|
|
|
HUKUMAT RAY KUMAWAT wrote: usernametxtbox.Text.ToString() Why do you want to call ToString() on a property that is already a string?
|
|
|
|
|
I should refresh my page more often
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
I posted that message, and got the response "It appears that this message has already been posted". So I refreshed and refreshed, but it never appeared. I think it got lost somewhere deep in the cloud for a while.
|
|
|
|
|
Two possibilities:
1) It went to moderation.
2) It had a hash value that matched an existing message in the CP database. I've had this before and the suggestion from Chris was "Go and buy a lottery ticket!"
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
OriginalGriff wrote: It went to moderation. Why not state that then, instead of acting like it has already been posted? Technically it may be correct, since it is posted - but it is not very informative.
OriginalGriff wrote: It had a hash value that matched an existing message in the CP database. ..assuming a hash-collision; that does not mean that the message has been posted. It means that two hashes collide. In that case, one does a more detailed compare.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Eddy Vluggen wrote: Why not state that then
Because you don't want to give spammers any ideas as to what triggers the automated spam detector - any more than you should say "incorrect password" instead of "the username and password combination was not found".
Eddy Vluggen wrote: In that case, one does a more detailed compare.
Take that up with the Hamsters!
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
OriginalGriff wrote: any more than you should say "incorrect password" instead of "the username and
password combination was not found". Always found that a rediculous notion.
Especially after Windows shows you pictures with names of each account you can use to log in. Aw, it might be a good idea to hide that information if you have an API that can handle over thousand requests per minute; that would in itself be a bigger problem.
Ergo, if you have to rely on "not telling whether the username exists", then you are already on your way to trouble.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Eddy Vluggen wrote: Especially after Windows shows you pictures with names of each account you can use Only if you set it up like that.
|
|
|
|
|
The username is not part of the secret; it is merely an identification, one that is also used outside of the login-process.
Again, would only be helpfull if you are protecting against a flood of trail-and-error logins, in which case your designed is flawed anyway.
--edit
I find this an amusing discussion, given that most smartphones do not even ask which user they are dealing with
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Smartphones generally only have one user account, and it's protected by a PIN - if you set it up that way. It's only when you get to real multi-user systems (Unix, Linux, MVS etc.) that this really becomes an issue.
|
|
|
|
|
Why is the name of the one user not asked? Because it is not part of the secret.
One can often GUESS the usernames from the email-adresses a company uses. Is that really our way of "thinking" about security?
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
|
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Richard MacCutchan wrote: It's only when you get to real multi-user systems (Unix, Linux, MVS etc.) that this really becomes an issue.
And anything online...
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
OriginalGriff wrote: And anything online. Nah, we know online systems are secure, so you can give them all your details in the knowledge that none of it will ever leak out. Might get sold to some scammers though.
|
|
|
|
|
Probably number 1, and I should have gone to Home and checked.
Actually (probably) not. If it goes to moderation then I get an email notification.
|
|
|
|