|
|
Im glad it worked. Now please heed the warnings below about Sql Injection attacks. IT IS IMPORTANT!
|
|
|
|
|
<br />
string qQuery = "SELECT b_name,b_desc" + <br />
" FROM collapsed_building" +<br />
" WHERE b_name = '" + crimewithdate.text2 + "' ";<br />
maybe u should ty = it always work
(just like an if)
p.s : yuo do not need to write "collapsed_building." as a prefix....
Have Fun
Never forget it
|
|
|
|
|
half-life wrote: " WHERE b_name = '" + crimewithdate.text2 + "' ";
Please don't encourage SQL Injection Attackable code.
|
|
|
|
|
Colin Angus Mackay wrote: Please don't encourage SQL Injection Attackable code.
Can u elaborate please?
i decided not to take "Athics and Hacking" course and instead i took
"advanced algorithms" in university
Have Fun
Never forget it
|
|
|
|
|
|
THANKS
vary infomative
Have Fun
Never forget it
|
|
|
|
|
Please don't do this. You leave your code wide open to Sql Injection Attacks. Instead, consider using the techniques described here[^]. You'll end up a better developer for doing it.
|
|
|
|
|
A few things:
1) Please spell-check the post before you submit. A continuous broken language embarrasses the readers.
2) A continuos all-caps also indicates yelling at the users.
3) Technically, your query is vulnerable for SQL Injection attacks. You may need to review your SQL Querying patterns.
I would also advise you to have a read of Forum Posting Guidelines at http://www.codeproject.com/kb/scrapbook/forumguidelines.aspx [^]
Vasudevan Deepak Kumar
Personal Homepage Tech Gossips
A pessimist sees only the dark side of the clouds, and mopes; a philosopher sees both sides, and shrugs; an optimist doesn't see the clouds at all - he's walking on them. --Leonard Louis Levinson
|
|
|
|
|
You should be using parameters to pass filterable stuff to the query. Also, there is absolutely no validation on the Text value in crimewithdate
Where cmd is your SqlCommand object:
string value = string.Concat('%', crimewithdate.Text, '%');
cmd.CommandText = "SELECT b_name, b_desc "+
"FROM collapsed_building "+
"WHERE b_name LIKE @name";
cmd.Parameters.AddWithValue("@name", value);
Now, how big is your b_name column? Before you do anything with your query you should ensure that crimewithdate.Text does not exceed that size. Are there any other constraints? (e.g. only permitted to have alpha-numeric characters? Check for those also)
|
|
|
|
|
My 2 cents: you should never prepend with % or + in LIKE statement, it turns off indexes. It could hurt performance if you have lots of entries.
-----
You seem eager to impose your preference of preventing others from imposing their preferences on others. -- Red Stateler, Master of Circular Reasoning and other fallacies
If atheism is a religion, then not collecting stamps is a hobby. -- Unknown
God is the only being who, to rule, does not need to exist. -- Charles Baudelaire
|
|
|
|
|
When user is editing a DataGridView cell I can not find a way to capture event when user presses 'Enter' key. In OnCellEndEdit there is no way to see which button was pressed, OnKeyDown and OnKeyPress simply do not detect 'Enter' key, they act as if it wasn't even pressed. If I try to add event handler to editing control by getting the control in EditingControlShowing and then adding event handler KeyPress or KeyDown on editing control, it also acts as if 'Enter' wasn't pressed. I've tried googling on this, but can't find it anywhere. I'd appreciate any help or hint on this.
Dragan Matic
|
|
|
|
|
Hello Dragan,
You can try the following code under the KeyPress() event.
If Asc(e.KeyChar) = 13 Then<br />
<br />
MsgBox("Enter Pressed")<br />
<br />
End If
I hope this helps.
Regards,
Allen
Allen Smith
Software Engineer
ComponentOne LLC
www.componentone.com
|
|
|
|
|
No, that's the catch. Once you start editing text in the DataGridView cell and press Enter (when you want to finish editing), it isn't caught in either KeyPress, KeyDown or any other Key event. Well I suppose it is caught somewhere but I can't find where.
Thanks for the answer, anyway
Dragan
|
|
|
|
|
Hi,
in order to avoid Illegal Cross Thread Calls
i wrote a delegate for a function that needs to update the GUI
(the functions got parameters)
i do'nt know what is the diffrence bettwen the two way to invoke this function:
purpose 1 :
<br />
<br />
object[] param = { ID, O_Code, sO_Code, state };<br />
HandleMessage handleUpdate = new HandleMessage(HandleMessage);<br />
this.Invoke(handleUpdate, param);<br />
<br />
OR
purpose 2 :
<br />
HandleMessage handleUpdate = new HandleMessage(HandleMessage);<br />
handleUpdate.Invoke( ID, O_Code, sO_Code, state);<br />
<br />
Whats is the difference???
What is Better??
THNKS
Have Fun
Never forget it
|
|
|
|
|
There is no difference. If you look at the compiled IL, you'll see that the compiler transforms (2) to (1) i.e., it creates a object[] with the parameters as the array contents.
|
|
|
|
|
With .NET Framework 3.0 MS shipped some extensions to System.Collections.Generic namespace. One of it is the generic class SynchronizedKeyedCollection<k,t>.
First seen I thought, wow I have ever wanted a thread-safe dictionary.
So I tried to use that class in current project. But: What the hell. Those framework designer were not able to have same interface to that class like dictionary has.
The method Add() only takes a <t>. To assign a key you have to call ChangeItemKey method.
There is no method such TryGetValue to check if an object with requested key exists.
And so on.
Did I miss something on understanding that class or is there a deeper reason changing the "interface-pattern" of the Dictionary class?
Have you ever dealed with that class?
I didn't find anything in google about this....
|
|
|
|
|
Hi Guys,
I have a structure in C / C++ as follows:
typedef struct MyDataFields{
char Id[12];
char Name[32];
char Address[4][32];
char DateLastSale[12];
long TransCount;
int PointsToDate;
char Spare[20];
}MyData;
This structure is written to a flat file in one fwrite call and is read in using fread. However this is legacy stuff now and we are about to undertake a re-write but we need to be able to read these files in C# .Net 2.0.
I have searched the web for days but have got nowhere. I have saw 1 or 2 examples where it has been said to create a class to represent the struct, there must be however a simpler way of doing this.
Anyone done this before that can point me in the right direction or some sample code based on the struct above.
Thanks in Advance
Keith
|
|
|
|
|
So lets get this straight - you've found the right way to do it, but you want an easy way?
|
|
|
|
|
Hi J4amieC
<blockquote class="FQ"><div class="FQA">J4amieC wrote:</div>So lets get this straight - you've found the right way to do it, but you want an easy way? </blockquote>
No i'm not saying that, i'm simply saying that its a lot easier in C where you read the struct into memory modify it and write it back out again. I was thinking that it should be as straight foward in C#.
Regards
Keith
|
|
|
|
|
Yes its just as easy in C#, we write a struct (which must be serializable) and we serialize it to a file and deserialize it back to an instance in memory.
Granted its not as easy as 1 line call to whatever your C++ functions were - but in essence its the same.
Check out a Binary Serialization[^]
|
|
|
|
|
Thanks J4amieC, that looks to be what i'm looking for.
|
|
|
|
|
Hi
I have the following code which is sent to the user via e-mail
How can I put a linebreak inbetween the string values so that it breaks it up
completeMessage.Body = tbareasize.Text + tbnotes.Text + tbroomdesc.Text + ddl_areasLevel2.Text + ddl_areasLevel1.Text;
i need like a br inbetween each textbox
thanks
|
|
|
|
|
It depends whether you're sending the mail in HTML format or plain text.
for HTML - just append "<br />" between each value
for Plain text - Append "/r/n" (or Environment.NewLine if you want to be super-safe) between each value.
|
|
|
|
|
One change to what J4aimeC said:
Use Environment.NewLine but if for some reason you want to use the escape characters, it's "\r\n" .
Cheers,
Vikram.
"If a trend is truly global, then that trend ought to be visible across ANY subset of that data" - fat_boy
|
|
|
|