|
Thanks to both of you.
I eventually found an article right here at the code project on timers that has just what I am looking for.
Thanks again,
Sean
|
|
|
|
|
Hi,
I am getting an error in SQL UPDATE statement when user enters single quote character in textbox.
I used following regex to remove the single quote before submitting to SQL UPDATE Statement.
But still SQL is catching that single quote everytime even after filtering from regex. Very wondering. Can you tell me why is this happening !!
string question = rtxtInterViewQuestionSTAR.Text.Replace("\'", "").Trim();
string question = Regex.Replace(question, "\'", "", RegexOptions.Singleline | RegexOptions.Multiline).Trim();
UpdateCommand.CommandText = @"UPDATE star_interview_qa SET question ='" + question + "', strategy = '" + strategy + "', situation_task = '" + situation + "', action = '" + action + "', result = '" + result + "', sequence_no = " + sequence_noTextBoxSTAR.Text + " WHERE (id=" + lblIDqASTAR.Text + ")";
thanks and regards
EMRAN
|
|
|
|
|
emran834 wrote: I am getting an error in SQL UPDATE statement when user enters single quote character in textbox
This is a symptom of code that is highly susceptable to a SQL Injection Attack. A way that a malicious user could attack your database through the application. You may want to read SQL Injection Attacks and Tips on How to Prevent Them[^]
The above article will explain why this happens, and how to fix it and improve the security of your application's database access.
ColinMackay.net
"Man who stand on hill with mouth open will wait long time for roast duck to drop in." -- Confucius
"If a man empties his purse into his head, no man can take it away from him, for an investment in knowledge pays the best interest." -- Joseph E. O'Donnell
|
|
|
|
|
Hi, thanks , I found the error and solved it.
|
|
|
|
|
Fixing that error might solve your immediate problem, but leaves your code susceptible to SQL injection attacks. Do have a look at Colin's article (link in the post above).
Regards
Senthil
_____________________________
My Blog | My Articles | WinMacro
|
|
|
|
|
Hi Senthil ,
Thanks for your reply.
I am developing C# for desktop small scale user application, so I thought, user could hack his own database, as long as it is not in a Server.
By the way, I read your reply about Background Worker. you said it is great to work asynchronusly ... But cant i work Synchronusly with Background worker ?
thanks
Emran
|
|
|
|
|
emran834 wrote: user could hack his own database, as long as it is not in a Server.
Well, I would say that regardless of how the database is being used it is good to get in to the habit of coding in the way the article describes because it is then one less thing to worry about.
Also, the database may not necessarily be running in the same user account as the application. This could lead to an elevation of privilage attack via the application's use of the database. Many databases allow some sort of access to the underlying operating system and although this can be restricted by the database administrator it often isn't, or the application logs on with all the privileges of the database administrator which mean that it is still possible to mount an elevation of privilege attack through a SQL Injection attack.
In short, it is always best to defend your systems as much as possible because neither you nor I can forsee the uses that someone will put the application. What you feel is not a security issue maybe the tinyiest little gap in security that an attacker needs to widen the hole to let them have access to more and more of the system.
ColinMackay.net
"Man who stand on hill with mouth open will wait long time for roast duck to drop in." -- Confucius
"If a man empties his purse into his head, no man can take it away from him, for an investment in knowledge pays the best interest." -- Joseph E. O'Donnell
|
|
|
|
|
emran834 wrote: By the way, I read your reply about Background Worker. you said it is great to work asynchronusly ... But cant i work Synchronusly with Background worker ?
Huh? Why would you need a component to run code synchronously?
Regards
Senthil
_____________________________
My Blog | My Articles | WinMacro
|
|
|
|
|
Hi, I think i am little bit confused with the word meaning of Synchronus and Asynchronus. To my thinking, Synchronus means At the same time the thread will be running without wiating for any other thread to complete theri task. And Asynchronus means The thread will wait for other threads to complete their task.
Am i right ?
|
|
|
|
|
Sorry. You got it backward.
Synchronous means the first one talks, and the second one waits for it's turn. Then the second one talks, and the first one waits. They are synchronized.
Asynchronous means they are not synchonized. Either side could be talking at any time.
Roy.
|
|
|
|
|
Excellent !! thats what I wanted
|
|
|
|
|
I think that You'd better use parameters.
|
|
|
|
|
Hi, Even after using parameter i could not remove the error, but I found some place of my code where i needed to use REPLACE ' but i did not. Now its ok. Thanks
|
|
|
|
|
Hi,
The following line populates a datagrid using a strongly typed dataset.
dsEmps is the .xsd file
in the foreach line I would like to loop through each record
I get an error on the foreach line and it says:
specified cast is not valid
I think this line has to be somehow casted
employeeDetailsData.Employees.Rows
EmpBusRule.EmpService.dsEmps employeeDetailsData;
EmpBusRule.Employees br = new EmpBusRule.Employees();
employeeDetailsData = br.GetDataEmployee();
if (employeeDetailsData.Employees.Rows.Count < 1)
{
throw new Exception("No record found.");
}
grdEmps.DataSource = employeeDetailsData.Employees;
foreach(EmpData.dsEmps.EmployeesRow row in employeeDetailsData.Employees.Rows)
{
string x = row.FirstName;
}
Thanks
|
|
|
|
|
I have one form Form1 with some controls. How can I access from Class1 controls in Form1?
I've found that I should to write in Class1 something like this:
class Class1
{
Form1 _frm1;
public Class1()
{
}
public Class1(Form1 frm1) : this()
{
_frm1 = frm1;
}
public Form1 frm1
{
get
{
return _frm1;
}
set
{
_frm1 = value;
}
}
public void test()
{
frm1 = new Form1();
frm1.comboBox1.Items.Add("test");
}
}
class Form1
{
private void callFunctionFromForm()
{
Class1 cls1 = new Class1(this);
cls1.test();
}
}
This code return no errors, but does not adds "test" to comboBox1...
-- modified at 15:10 Saturday 4th February, 2006
|
|
|
|
|
Try changing the test() function to this:
public void test()
{
_frm1.comboBox1.Items.Add("test");
}
Cheers,
Will H
|
|
|
|
|
Thank for anwer, but...dont work
as I undestand right:
class Class1
{
public Class1()
{
}
public Class1(Form1 frm1):this()
{
_frm1 = frm1;
}
public Form1 frm1
{
get
{
return _frm1;
}
set
{
_frm1 = value;
}
}
public void test()
{
_frm1 = new Form1();
_frm1.comboBox1.Items.Add("test"); //dont work
}
}
class Form1
{
public comboBox comboBox1;
public void aaa()
{
Class1 cls1 = new Class1(this);
cls1.test();
}
}
-- modified at 4:51 Sunday 5th February, 2006
|
|
|
|
|
The Form will expose a property called Controls , you can use that to access the controls on the form. You cannot access the control fields directly as they are private or protected.
ColinMackay.net
"Man who stand on hill with mouth open will wait long time for roast duck to drop in." -- Confucius
"If a man empties his purse into his head, no man can take it away from him, for an investment in knowledge pays the best interest." -- Joseph E. O'Donnell
|
|
|
|
|
First of all Thanks for answer. Your way looks like good and simple but how does it works?
I have public comboBox1 in Form1
from Class1 I try to access it so:
Form1 frm1 = new Form1();
Console.WriteLine( frm1.Controls.ContainsKey("comboBox1") ); // return false
also by accessing so:
Console.WriteLine(frm1.Controls["comboBox1"].Height) ..returns error: Object reference not set to an instance of an object.
|
|
|
|
|
Controls.ContainsKey("comboBox1") ?
How did you get this to compile? The Controls property of a Control doesn't have a ContainsKey method and a string indexer.
Indeed, you could iterate over the Controls collection, but in your case this isn't a good idea because it'll completely depend on the contents of the collection at run time.
I think you should add a public property to your Form1 class to access the comboBox1 control.
Regards,
mav
--
Black holes are the places where god divided by 0...
|
|
|
|
|
It has I cannot find something now in MSDN, but if u will type frm1.Controls.ContainsKey(... it will write:
bool ControlsCollection.ContainsKey(string key)
(frm1 is instance of Form)
but maybe I am wrong and dont understand something general, because I am really new in objective-oriented programming.
In Form1 I have such a code:
public comboBox _comboBox1;
public comboBox comboBox1;
{
get
{
return _comboBox1;
}
set
{
_comboBox1 = value;
}
}
public void aaa()
{
Class1 cls1 = new Class1();
cls1.test();
}
in Class1 I call comboBox1 so:
public void test()
{
Form1 frm1= new Form1();
frm1.comboBox1.DataSource = new string[] {"aaa", "bbb"};
}
but that dont works .. if you will have a little time, please write some very-very short example...
|
|
|
|
|
In your first post you had a function in your Form1 class like this:
private void callFunctionFromForm()
{
Class1 cls1 = new Class1(this);
cls1.test();
} Now in Class1 , you have a variable called _frm1 . In Class1 's constructor, you do this:
public Class1(Form1 frm1) : this()
{
_frm1 = frm1;
} This sets your local variable _frm1 to point at the form that you want altering. Now in your test() method in Class1 , you do this:
Form1 frm1= new Form1();
frm1.comboBox1.DataSource = new string[] {"aaa", "bbb"}; The first line of this creates an entirely new form. You then edit this forms combobox. Then the method exits and you loose this form. You need to edit the form that you passed in the constructor, not a new one. If you remove the first line, and then change the second to
_frm1.comboBox1.DataSource = new string[] {"aaa", "bbb"}; it should work. If it doesn't then I must have completely missunderstood your meaning
Cheers,
Will H
-- modified at 7:53 Sunday 5th February, 2006
|
|
|
|
|
Thank You Very Much!! It helped. Works perfectly! Thanks again...
|
|
|
|
|
Oh I see, you're using .NET 2.0 where Control.ControlCollection has been modified compared to 1.1/1.0.
But nevertheless, although it's easily possible to access another Form's controls directly (for example by making them public or exposing a public property for them), it's better style (and easier to maintain/modify) if you don't rely on a certain control to display your data but let the other Form handle it.
So instead of writing something like
frm1.comboBox1.DataSource = new string[] {"aaa", "bbb"}; (given that comboBox1 is visible, of course) I'd suggest NOT exposing comboBox1 but instead adding a property to transfer the strings to display, for example similar to this:
...somewhere in Form1...
protected string[] _choices;
public string[] Choices
{
get { return _choices; }
set
{
_choices = value;
comboBox1.DataSource = value;
}
} and then in your test write:
frm1.Choices = new string[] { "aaa", "bbb" }; That way you've separated your data from the presentation of this data and can easily change the comboBox to a different control for showing your strings without breaking compatibility with your callers.
Regards,
mav
--
Black holes are the places where god divided by 0...
|
|
|
|
|
Thanks for answer, I think its better way too.
I dont know why, but by me that dont works...
I do so:
class Form1
{
private comboBox comboBox1;
protected string _choices;
public string[] Choices
{
get { return _choices; }
set
{
_choices = value;
comboBox1.DataSource = value;
}
}
public void someFunctionInForm1
{
Class1 cls1 = new Class1();
cls1.test();
}
}
class Class1
{
public void test()
{
Form1 frm1 = new Form1();
frm1.Choices = new string {"aaa", "bbb"};
}
}
If I make the same from Form1 class:
...somewhere in Form1
Choices = new string[] {"ccc", "ddd"};
all works, but when I do this in Class1 (like above) - dont work.
|
|
|
|