|
sobelhaj wrote: I would appreciate any help you can give me.
Based on your description - a redesign would probably be the best thing.
Why doesn't your record just have the following for where the last value is the count?
<one id=""> Apple Fruit Granny Smith 2900
|
|
|
|
|
I have a table named(information)tha has 3 columns(id,fnam,lnam)
I know that I can select an special row by
select form information (id,fname,lname)WHERE id="1"
string lname="last name witch it's id is "1"";
plz help me!!!
|
|
|
|
|
You're probabyl going to be just fine with this
SELECT id,fname,lname
FROM information
WHERE id = 1
|
|
|
|
|
ok,but how can I access the fname as string ;
my code is like this:
<script>
protected void page_Load(object sender, EventArgs e)
{
Id.Value = (string)Session["field3"];
}
protected void salam(object sender,EventArgs e)
{
name.value="the row's name witch it's id is session["field3"]"
}
</script>
<html>
<input id="name"/>
<input id="Id"/>
</html>
do you undrestand me?
|
|
|
|
|
Not really Can you give me some more details on what specifically are you trying to do?
|
|
|
|
|
ok,I put all of codes here!
<pre><%@ Page Language="C#" AutoEventWireup="true" CodeBehind="authenticate1.aspx.cs" Inherits="hokm.Admin.authenticate1" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
protected void salam(object sender, EventArgs e)
{
Session["field1"] = sh1.Text;
Response.Redirect("editinformation.aspx");
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server" enctype="multipart/form-data" >
<div dir="rtl">
<table>
<tr class="style1">
<td width="3%" bgcolor="#FF6666">
Please enter your id number
<br />
<br />
<asp:TextBox name="shomare" ID="sh1" runat="server"/>
<br />
<br />
<asp:Button ID="Button1" Width="60" runat="server" Text="confirm" OnClick="salam" />
</td>
</tr>
</table>
</div>
</form>
</body>
</html>
so I put the Id in session["field1"];
and in the editinformation.aspx
protected void page_Load(object sender, EventArgs e)
{
sh.Value = (string)Session["field3"];
}
<html>
<body>
<table>
<td colspan="5">
ID number:
<input name="shomare karmandy" disabled="disabled" id ="sh" runat="server" />
</td>
<tr>
<td>
name:
<input name="name" id="sh2" disabled="disabled" runat="server"/>
</table>
</body>
</html>
you see that I have filled the id textbox with a value,and I want to do this with name input,but I dont know how should I use the database to access the name with this Id?????
|
|
|
|
|
Hi all
I have a database named information and every row in this database has a unique id!
I want to update the row with the special id(that I have stored that id,for example it is in "ID" variable), but I dont know how should I use the select and update command to do this!
plz help me!
|
|
|
|
|
Start by providing the statements you are trying to use; others can only guess at what the table looks like.
|
|
|
|
|
Provide more details like table structure & sample data
|
|
|
|
|
The basic update statement is
update <yourtable>
set <yourfield>=<yourvalue>
where <conditional>
You probably want something like "where ID = 5"
Without more details, this is the best I can do to help.
|
|
|
|
|
ok,for example I have an information table with columns(id,fname,lnam) and I want to access the (fname,lnam) by Id,because I want to use them as string;
I know that I should the select command Like this:
select(id,fname,lname)WHERE id="" but I dont know how to access the fnam,lname with this Id as string!
|
|
|
|
|
BEGIN TRANSACTION
CREATE TABLE Person
(
ID INT IDENTITY(1,1) PRIMARY KEY,
FIRSTNAME VARCHAR(50),
LASTNAME VARCHAR(50)
)
INSERT INTO Person VALUES ('John', 'Doe'), ('Code', 'Project')
SELECT *
FROM Person
UPDATE Person
SET FIRSTNAME = 'Peter'
WHERE ID = 1
SELECT *
FROM Person
ROLLBACK Execute in SQL-Management Studio. You'll see two tables; one before, and one after the update. You will need a good book that introduces you to some basic SQL-constructions.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Hi all
I have a problem with database.I work on " add new user.aspx "file witch add a new user to the table(Authenticate)but it doesnt work! this is my code in add new user.aspx file:
<script runat="server">
protected void CreateUserWizard1_CreatedUser(object sender, EventArgs e)
{
System.Data.SqlClient.SqlConnection con = new System.Data.SqlClient.SqlConnection();
string connectionstr=@"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\EHSAN\Documents\Visual Studio 2010\Projects\The Club\The Club\App_Data\Database1.mdf;Integrated Security=True;User Instance=True";
con.ConnectionString=connectionstr;
string sqlstring;
sqlstring ="insert into Authenticate (username,password)VALUES ("+ CreateUserWizard1.UserName+","+CreateUserWizard1.Password+")";
System.Data.SqlClient.SqlCommand objcommand = new System.Data.SqlClient.SqlCommand(sqlstring, con);
Response.Redirect("~/Login.aspx");
}
</script>
<asp:Content ID="Content1" ContentPlaceHolderID="cphMain" Runat="server">
<asp:CreateUserWizard ID="CreateUserWizard1" Runat="server"
oncreateduser="CreateUserWizard1_CreatedUser">
</asp:CreateUserWizard>
</asp:Content>
I execute that but it doesnt add any new row to my table!!!!
plz help me!
|
|
|
|
|
I suspect you need to put apostrophes around the values, but the better (much much better) solution is to use a parameterized command.
|
|
|
|
|
thank you so much
but I dont know how should I use parameter!for example I have the CreateUserWizard1.UserName variable but I dont know how should use it as parameter! can you say me how should I do it?
|
|
|
|
|
ur missing objcommand.ExecuteNonQuery(); and parenthesis in code
try this one
<script runat="server">
protected void CreateUserWizard1_CreatedUser(object sender, EventArgs e)
{
System.Data.SqlClient.SqlConnection con = new System.Data.SqlClient.SqlConnection();
string connectionstr=@"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\EHSAN\Documents\Visual Studio 2010\Projects\The Club\The Club\App_Data\Database1.mdf;Integrated Security=True;User Instance=True";
con.ConnectionString=connectionstr;
string sqlstring;
sqlstring ="insert into Authenticate (username,password)VALUES ('"+ CreateUserWizard1.UserName+"','"+CreateUserWizard1.Password+"')";
System.Data.SqlClient.SqlCommand objcommand = new System.Data.SqlClient.SqlCommand(sqlstring, con);
Con.Open();
objcommand.ExecuteNonQuery();
Con.Close();
Response.Redirect("~/Login.aspx");
}
</script>
<asp:Content ID="Content1" ContentPlaceHolderID="cphMain" Runat="server">
<asp:CreateUserWizard ID="CreateUserWizard1" Runat="server"
oncreateduser="CreateUserWizard1_CreatedUser">
</asp:CreateUserWizard>
</asp:Content>
|
|
|
|
|
thank you so much,it works
I had 2 mistake:
1:in insert command
2:in execute command
thank you so much again
|
|
|
|
|
This version is still susceptible to SQL Injection[^]. For example, try a password of:
Robert');DROP TABLE Authenticate;--
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Avoiding SQL Injection[^] isn't hard:
protected void CreateUserWizard1_CreatedUser(object sender, EventArgs e)
{
const string connectionstr = @"...";
const string sqlstring = "insert into Authenticate (username, password) VALUES (@username, @password)";
using (var con = new System.Data.SqlClient.SqlConnection(connectionstr))
using (var objcommand = new System.Data.SqlClient.SqlCommand(sqlstring, con))
{
objcommand.Parameters.AddWithValue("@username", CreateUserWizard1.UserName);
objcommand.Parameters.AddWithValue("@password", CreateUserWizard1.Password);
con.Open();
objcommand.ExecuteNonQuery();
}
Response.Redirect("~/Login.aspx");
}
Once you've fixed that problem, you then need to reconsider how you're storing the passwords. Currently, you're storing them as plain text, which is a terrible idea. If anyone managed to gain access to your database, they would be able to see every password used on your site.
Instead, you should be storing a salted hash of the passwords:
http://crackstation.net/hashing-security.htm[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I am receiving an Overflow error from an INSERT statement. I understand this is because a value that is assigned to a variable is larger than the data type, correct? The database was built in Access.
I pinned the values on screen while debugging and took a screen shot, which is linked herewhich is linked here.
I have double checked the data types and they all seem to match.What am I missing?
Thank you in advance.
Here is the code:
<pre lang="c#"> oleDbComQC.CommandText = "INSERT INTO RANKS ([ACCOUNTS], [EOB], [FPD], [F90P], [PDCHECK], [INCOME], [PD], [PD90P]) " +
"VALUES(@ACCTS, @EOB, @FPD, @F90P, @PDC, @INC, @PD, @PD90)";
oleDbComQC.Parameters.AddWithValue("@ACCTS", OleDbType.Integer);
oleDbComQC.Parameters.AddWithValue("@EOB", OleDbType.Decimal);
oleDbComQC.Parameters.AddWithValue("@FPD", OleDbType.Integer);
oleDbComQC.Parameters.AddWithValue("@F90P", OleDbType.Integer);
oleDbComQC.Parameters.AddWithValue("@PDC", OleDbType.Integer);
oleDbComQC.Parameters.AddWithValue("@INC", OleDbType.Decimal);
oleDbComQC.Parameters.AddWithValue("@PD", OleDbType.Integer);
oleDbComQC.Parameters.AddWithValue("@PD90", OleDbType.Integer);
oleDbComQC.Parameters["@ACCTS"].Value = iAccts;
oleDbComQC.Parameters["@EOB"].Value = decEOB;
oleDbComQC.Parameters["@FPD"].Value = iFPD;
oleDbComQC.Parameters["@F90P"].Value = i90PD;
oleDbComQC.Parameters["@PDC"].Value = iNumChks;
oleDbComQC.Parameters["@INC"].Value = decIncome;
oleDbComQC.Parameters["@PD"].Value = iPPD;
oleDbComQC.Parameters["@PD90"].Value = iP90PD;
Jude
|
|
|
|
|
Solved: The data types in the data table were off.
Jude
|
|
|
|
|
hii my project is school management system but i dont have any about that how to start my project i wanna use oracle 10g and what are the step to create a database ???
|
|
|
|
|
Have a HOWTO[^].
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
|
Firstly, you have to download the Oracle Database Software. go to oracle.com and download the software.
I suggest to download 11g R2 windows version. It's more easier to install on windows than on Linux.
nothimg
|
|
|
|