|
I'm trying to add both text and a picture filename to an Access database. The actual .jpg file is stored separately in another folder. I want to use a File control in classic ASP to do this. If I create a page for the text fields and a separate page for the File control, everything works fine but the users are confused by having to go to two pages.
Ideally, they would use the Browse button of the File control to select their picture then the picture's filename would be passed down to the "ImageLink" field in the database Insert SQL command. Any ideas?
Here's my two sections of code:
<form action="marketplaceentryadd.asp" method="post" >
<!--
<table border=1 cellpadding=3 cellspacing=1>
<tr><td size="110"><font color="#FFFFFF">Country:<br />
</font></td><td><input name="txtCountry" type="text" size="50" maxlength="50" /></td></tr>
<tr><td><font color="#FFFFFF">Description:<br />(255 char. max)
</font></td><td><input type="text" name="txtDescription" textmode="multiline" maxlength="255" size="50"/></td></tr>
<tr><td><font color="#FFFFFF">Price:<br/>
Numbers only with optional decimal point
</font></td><td><input name="txtPrice" type="text" size="50" maxlength="50" /></td></tr>
<tr><td><font color="#FFFFFF">Your Name:<br />
</font></td><td><input name="txtSeller" type="text" size="50" maxlength="50" /></td></tr>
<tr><td><font color="#FFFFFF">Contact Info:<br />
(255 char. max)
</font></td><td><input name="txtContactInfo" type="text" size="50" maxlength="50" /></td></tr>
<tr><td><font color="#FFFFFF">More Info:<br />
(255 char. max)
</font></td><td><input name="txtMoreInfo" type="text" size="50" maxlength="255" /></td></tr>
<tr><td><font color="#FFFFFF">Picture Filename:<br/>Do not include spaces in the filename<br/>Be sure to include extension (.jpg)</font></td><td><input name="txtImagelink" type="text" size="50" maxlength="50" /></td></tr>
<tr>
<td><input type="submit" value="Add Item" />
</tr>
</table>
</form>
Second page code:
Please select picture to be saved for this item:<br/><br/>
<FORM method="post" encType="multipart/form-data" action="ToFileSystem.asp">
<INPUT type="File" name="File1"><br/><br/>
<INPUT type="Submit" value="Upload Picture">
</FORM>
|
|
|
|
|
Why are you asking the user for a filename when all you need is the upload selector? Once the image is uploaded to the server you have the filename which you can then add to your database.
|
|
|
|
|
Consider the relation R(A,B,C,D) with FDs AB -> C, C -> D, D ->A. What is the 3NF status of R.
1.
R is in BCNF already.
2.
R is not in BCNF. It must be divided into R1(A,C,E) with FDs A -> C, C -> E, and R2(B,D,F) with FDs B -> D, D -> F.
3.
R is not in BCNF. It must be divided into R1(C,E) with FDs C -> E, R2(D,F) with FDs D -> F and R3(A,B).
4.
R is not in BCNF. It must be divided into R1(A,C,E) with FDs A -> C, C -> E, R2(B,D,F) with FDs B -> D, D -> F, and R
|
|
|
|
|
We are more than willing to help those that are stuck: but that doesn't mean that we are here to do it all for you! We can't do all the work, you are either getting paid for this, or it's part of your grades and it wouldn't be at all fair for us to do it all for you.
So we need you to do the work, and we will help you when you get stuck. That doesn't mean we will give you a step by step solution you can hand in!
Start by explaining where you are at the moment, and what the next step in the process is. Then tell us what you have tried to get that next step working, and what happened when you did.
Consider this: just posting your homework question and hoping somebody will give you the answer so you can just tick a multiple choice box is futile. You have no idea if the answer you're given is right or wildly wrong ... and unless you actually learn this stuff you will have no idea at all!
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
42
Social Media - A platform that makes it easier for the crazies to find each other.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
Now I feel sorry for missing this question. Normalization is one of the things you have to learn, and not just for databases. It will give you more insight into data. Let me stress that again, you want to master this, it is what makes a master.
Can you give me a real life analogy for your abstract question? Otherwise, I'd just have to reply with the rules which you already know.
And BCNF comes after 3NF; if it in 3NF, it not guaranteed to be BCNF, so answer one falls. Leaves you with three. Also, 3NF and BCNF rather close - if you can answer it, you master it.
Bastard Programmer from Hell
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
select I."ItemOCode" as "Id", I."ItemNameA" as "Item",
S."ACCNAME" as "SalesMan", sum(Decode(T."TransKind", 504, T."QtyIO")|| Decode(T."TransKind", 506, T."QtyIO")) * -1 as "Sales",
sum(Decode(T."TransKind", 504, T."BonusIO")|| Decode(T."TransKind", 506, T."BonusIO")) * -1 as "Sales Bonus",
sum(Decode(T."TransKind", 504, T."NetTL")||Decode(T."TransKind", 506, T."NetTL" ) * -1) as "Total Sales",
round((sum(Decode(T."TransKind", 504, T."BonusIO")||Decode(T."TransKind", 506, T."BonusIO")) * -1) / (sum(Decode(T."TransKind", 504, T."QtyIO")||Decode(T."TransKind", 506, T."QtyIO")) * -1) * 100,0) as "Bonus Rate",
H."VHFNo" as "Invoice", H."AccCode", H."AccName" from "TransActn_S" T, "Item_Card" I, "Header_S" H , "SALESMEN" S
where I."ItemOCode" = T."ItemOCode" and
H."TransNo" = T."TransNo" and
H."VHFNo" = T."VHFNo" and
H."TransKind" = T."TransKind" AND
(H."TransKind" = 504 OR H."TransKind" = 506) AND
H."SalesManNo" in (00016,00034,00036,00119,00108,01000,00007) AND
S."SALESNO" = TO_CHAR(H."SalesManNo") AND H."VHFDate" between '01/08/2020' and
'24/08/2020' AND H."Stock_Code" = 1 group by I."ItemOCode", I."ItemNameA",S."ACCNAME",H."VHFNo" ,H."AccCode" ,H."AccName"
order by I."ItemOCode"
|
|
|
|
|
ora 01722 - Google Search[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Hi,
I've install SQL Server Express 2014 named instance with mixed mode authentication.
one more SQL Server 2005 version installed with default instance and TCP port has been assigned 1433.
following error occurred
Server Name: .\sqlexpress
Error Number: 18456
Severity: 14
State: 1
Line Number: 65536 -I want to connect locally (with dot) but not able to connect, I also want to connect from outside network
-with static IP still getting the same problem.
following changes I've done
-remove dynamic TCP port from configuration manager ipall
-instead of dynamic port I've place static tcp port 1438 and 1440 both are listening
-try 1434 TCP port but SQL service not able start so I've change into 1438 and 1440.
-and same has been configured from firewall inbound and outbound rule.
--also tried through dbeaver to make connection but following error occurred
SQLEXPRESS,1438 failed. Error: "java.net.UnknownHostException: 103.87.24.38:3390: invalid IPv6 address". Verify the server and instance names and check that no firewall is blocking UDP traffic to port 1434. For SQL Server 2005 or later, verify that the SQL Server Browser Service is running on the host.
modified 14-Aug-20 7:40am.
|
|
|
|
|
|
Is there any known tool for creating a schema (database diagram) (ER) back from the SQLite DB by itself? (Want to avoid creating DB schema from scratch and I already have the database with me)
Think SchemaSky is one of it but that needs a lot of work to setup.
modified 14-Aug-20 9:40am.
|
|
|
|
|
If you mean just to print the CREATE statements, then you can use the sqlite3 command line program.
|
|
|
|
|
Not the statements. That was easy.
I am talking of Database diagram . Sorry for confusion.
|
|
|
|
|
I have ever only used Oracle Sql developer Data Modeler, which is free a even pretty good, but I think it only supports Oracle, Sql Server and DB2 properly.
But take a look here for data modeling tools[^].
And here for database diagram tools[^] for SQLite.
I would expect quite some overlap between them.
Also, please report back if you find any of them useful. SQLite is quite interesting after all.
Wrong is evil and must be defeated. - Jeff Ello
Never stop dreaming - Freddie Kruger
|
|
|
|
|
Sure, will have a look and report back in case I find anything interesting.
Thanks man!
|
|
|
|
|
Hi there,
Please am currently having serious issue since my site database is at risk.
Someone somehow or one way get access to my database and I don't know how he/she managed to do it.
Of recent I discovered various comments on post and the clients now reported to me.
When I really checked, I see that is true. The hacker have access to all registered users password and username.
So what can I do please to avoid this?
modified 14-Aug-20 3:57am.
|
|
|
|
|
Change the administrator password immediately. Then make sure all other passwords are changed as soon as possible.
|
|
|
|
|
Thanks Sir! You have always been helpful.
I have already changed the database password
|
|
|
|
|
|
Wow, thanks! I know I can count on you guys from codeproject.
I will take action right away
|
|
|
|
|
Thanks for your help so far and sorry for disturbing you.
Will it be possible for attacker to select all table names from my database without having idea of the database name or anything related using the browser address bar or any input field of my site? If yes, how can I prevent this?
And, since some of the attacks might be triggered from the broswer address bar by manipulating my site url.
My question is, can a routed url i.e www.mysite.com/user/0683 be manipulated?
If yes, how do I prevent this?
|
|
|
|
|
Otekpo Emmanuel wrote: Will it be possible for attacker to select all table names from my database without having idea of the database name or anything related using the browser address bar or any input field of my site? If yes, how can I prevent this?
Yes, if your code is vulnerable to SQL Injection[^], an attacker can still dump your entire database.
Blind SQL Injection | OWASP[^]
Hacking is child's play - SQL injection with Havij by 3 year old[^]
The fix is to always use properly parameterized queries, and never concatenate values into the query itself - especially if those values could potentially be controlled or manipulated by the user.
Otekpo Emmanuel wrote: My question is, can a routed url i.e www.mysite.com/user/0683 be manipulated?
Assuming the number is a sequential ID for your users, an attacker could try changing it to see if that can access information for other users. This is known as an Insecure Direct Object Reference (IDOR). If your code doesn't validate the user's permissions, this can lead to a security vulnerability.
Insecure Direct Object Reference Prevention - OWASP Cheat Sheet Series[^]
The fix is to always validate that the currently authenticated user has permission to access the data they are requesting.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
|
How do you call REST API inside AWS lambda function using python?
|
|
|
|
|
|