|
I'll bet money your using string concantenation to build your SQL statement, aren't you?
RageInTheMachine9532
"...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
|
|
|
|
|
Hello
Thanks for your reply ...
i am not understand what you mean please make it simply and plz give me example
thanks
|
|
|
|
|
It means you're adding strings together to build an SQL statement. Something like this:
string mySqlStatement = "SELECT * FROM someTable WHERE parm1=" + parm1.ToString() + " AND parm2='" + parm2TextBox.Text + "'"
Don't EVER do this. Use parameterized queries instead.
RageInTheMachine9532
"...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
|
|
|
|
|
I do always use like this and always works!
Why you don't suggest him to do it?
Bye!
"Catalonia is not Spain"
|
|
|
|
|
Sure it works, but it's SO vulnerable it's almost funny! Consider the following code:
string mySQLStatement = "select count(*) from users where userName='" + userName.Text + "' and userPass='" + userPassword.Text + "'"
Now, if the attack enters:
Username: ' OR 1=1 --
Password: anything
The SQL Statement becomes:
SELECT COUNT(*) FROM Users WHERE username='' OR 1=1 --' AND userpass='anything'
Well, in SQL syntax, two consecutive dashes in a row (--) is a comment, just like // is C++ or C# is a comment or ' in VB. So you real SQL statement now looks like:
SELECT COUNT(*) FROM Users WHERE username='' OR 1=1
The result form the SQL statement will always be the number of records in the table, never 0.
Search the web for "SQL Injection Attacks" to find out more and see lots of example of how to break cheap code like this.
RageInTheMachine9532
"...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
|
|
|
|
|
Very interesting... I didn't know anything about it. And wich is the correct solution?
I'm developing a Windows Forms applications (not ASP.NET application). The SQL Injection Attacks can be done to my application or is only a problem of webs?
Bye!
"Catalonia is not Spain"
|
|
|
|
|
I've looked 'round and haven't found much of anything helpful on the subject. how do I create a key in the registry with a certain value?
in my case,
key: GroupPolicyRefreshTime
value: 00000001
it will be located in: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Policies\Microsoft\Windows\System
I'm sure it isn't hard, I just don't know how to code it exactly. Thank you so much for the help. Plus, I really don't have time to be reading an entire article.
|
|
|
|
|
|
Go here[^] And scroll down to Trick 6: Windows Registry and you
That's it. It will take 5 minutes to copy-paste and start working.
Salil Khedkar [^]
|
|
|
|
|
|
Hello,
I have a problem using the PrinterSettings property. I am trying to get what the user enters in the PrintDialog...
<br />
private void mnuPrint_Click(object sender, System.EventArgs e)<br />
{<br />
System.Drawing.Printing.PrinterSettings settings = new PrinterSettings(); <br />
printDoc.DefaultPageSettings = pgSettings;<br />
dlgPrint.Document = printDoc;<br />
if (dlgPrint.ShowDialog() == DialogResult.OK)<br />
{<br />
settings = dlgPrint.PrinterSettings; <br />
printDoc.Print();<br />
}<br />
}<br />
Then, when i try to read the values in settings it don't get what the user entered. For example, if i put:
short a = settings.Copies;
a will equal 1, even if i entered 5 copies in the PrintDialog. If anyone can tell me how to get the PrinterSettings the user entered. It would be greatly appreciated.
Thanks
|
|
|
|
|
System.Drawing.Printing.PrinterSettings pr=new System.Drawing.Printing.PrinterSettings();<br />
PrintDialog dia=new PrintDialog();<br />
dia.PrinterSettings=pr;<br />
short a=0;<br />
if(dia.ShowDialog()==DialogResult.OK)<br />
{<br />
a=pr.Copies;<br />
}<br />
MessageBox.Show(a.ToString());
Sreejith Nair
[ My Articles ]
|
|
|
|
|
Hi there,
Thank you for your reply. Unfortunatly, it still doesn't work.
I found what the problem was, after spending a lot of time searching about this silly problem, i found this :
http://support.microsoft.com/kb/331134[^]
So, i guess that this is my problem (I am on Framework 1.0)
Anyways, thanks for your help!
Hugo
|
|
|
|
|
I created a form without title bar named frmNoTitle. I set up the form properties like:
this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.None;
this.ControlBox = false;
this.MaximizeBox = false;
this.MinimizeBox = false;
In the main MDI form, I have a menu to open thisfrmNoTitle form. I add following code in the menu's click event:
frmNoTitle frm=new frmNoTitle ();
frm.MdiParent=this;
frm.Show();
This works fine except that I noticed the frmNoTitle form's title bar(min,max,clos buttons) flashes for a very very short time, then diappear
I looks like that the program displayed the form title bar first, then make it invisible.
How I can get rid of it?
TIA
|
|
|
|
|
I seem to remember an article on creating a GUI with Flash and C#.
Anyone have the URL or author for that article as I can no longer find it.
|
|
|
|
|
Hello everybody,
I have developed a Windows Desktop application in Visual C# .Net using Window forms and I am using a context menue and a notify icon to launch the application in the task bar.
The application consists of different Window Forms, so that I am switching between different forms the whole time. Unfortunatly, each time when I close one of the windows (Window Forms), a new notify icon appears in the task bar, and they only disappear after I have closed the whole application. I am using the Close() method to close any forms.
Does anybody have an idea why that happens and how I can avoid it?
Thank you very much!
|
|
|
|
|
When closing the Form you have to manually hide the icon. I've ran into this small bug before.
Anyways... I think it would be better to associate the icon with one form instead of destroying and recreating it every time. Just hide the form. Of course considerations for resource usage.
This posting is provided "AS IS" with no warranties, and confers no rights.
Alex Korchemniy
|
|
|
|
|
Hi CPs!
I'm currently writing my first application that uses a NotifyIcon and everything works fine except the following two things.
1. I want to hide the NotifyIcon as long as the main form of my application isn't minimized. But I'm not sure how to detect the "Minimize event" as their is no such event or I'm to stupid to find it. So I thought about catching the Resize event of my form and querying the WindowState property there. Would this work or is there a better way?
2. I want to hide the main form of my application and only display the NotifyIcon if my application was started by Windows Autostart, whereas the main form should by shown if the user "normally" starts the application. Is their any way to detect this?
THX in advance
www.troschuetz.de
|
|
|
|
|
Stefan Troschütz wrote:
But I'm not sure how to detect the "Minimize event" as their is no such event or I'm to stupid to find it.
Here is a simple way to check to see if your application is being Minimized. What you are going to do is simply override the WndProc and check for a few message values:
int WM_SYSCOMMAND = 0x0112;
int SC_MINIMIZE = 0xF020;
protected override void WndProc(ref Message m)
{
if(m.Msg == WM_SYSCOMMAND)
{
if(((int)m.WParam & 0xFFF0) == SC_MINIMIZE)
{
MessageBox.Show("I'm being minimized");
}
}
base.WndProc(ref m);
}
- Nick Parker My Blog | My Articles
|
|
|
|
|
|
You could add a parameter to the autostart shortcut and check for it when the program starts.
Or check the TickCount. If it's really low, the system was just started
|
|
|
|
|
The possibility with the command line parameter came to my mind too shortly after posting. Guess I will use it, cause the TickCount may be a bit imprecise .
THX
www.troschuetz.de
|
|
|
|
|
Hi all,
i have table inside dataset there is a one row and one columne i need to retrive this value into string
thanks
haytham
|
|
|
|
|
webhay wrote:
i have table inside dataset there is a one row and one columne i need to retrive this value into string
Say, the dataset is called dset, for some reason!
then dset.Tables[0].Rows[0].ItemArray[0].ToString() should retrieve the first column in the first row in the first table, which you seem to be absolutely certain of.
Cheers!
<bold>Looney Tunezez
"If you build it....
.....BUGS will come!" -JB
Application.Run(new Form1(this.Dispose())); <--WHAT :wtf::confused::eek:
"Stability. What an interesting concept" - Chris Maunder
<bold>
|
|
|
|
|