|
ServerReport.ReportPath is given in RenderReport.aspx page. Error is comming with ReportPath in the second line of the following code which is the next step:
Is there any settings with using namespaces, missing .dlls or missing web reference. Please help me.
Fetching and collecting on treeview with the following code
*****************************************************************
rService.Credentials = new NetworkCredential("administrator", "password@sajan");
catalogItems = rService.ListChildren(Global.ReportPath,true);
TreeView_Reports.Nodes.Clear();
RadTreeNode node16 = new RadTreeNode();
node16.Text = "Report";
TreeView_Reports.Nodes.Add(node16);
TreeView_Reports1(TreeView_Reports, node16, catalogItems);
After changing report path in Global.asax from get { return "/Sajan Reports"; } to get { return "/"; }
I am getting following error. Can you please help me.
Error:
System.Web.Services.Protocols.SoapException: The permissions granted to user 'MANOJ-SAJAN\IUSR_MANOJ-SAJAN' are insufficient for performing this operation. ---> Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user 'MANOJ-SAJAN\IUSR_MANOJ-SAJAN' are insufficient for performing this operation.
at Microsoft.ReportingServices.Library.ListChildrenAction.PerformActionNow()
at Microsoft.ReportingServices.Library.RSSoapAction.Execute()
at Microsoft.ReportingServices.WebServer.ReportingService2005.ListChildren(String Item, Boolean Recursive, CatalogItem[]& CatalogItems)
--- End of inner exception stack trace ---
at Microsoft.ReportingServices.WebServer.ReportingService2005.ListChildren(String Item, Boolean Recursive, CatalogItem[]& CatalogItems)
-- modified at 5:47 Friday 16th November, 2007
|
|
|
|
|
The following code is not working. This will make the tree. The following code line is not working. This should retrieve no. of reports from report server and put in array, catalogItems. Based on the number of reports the another loop will retrieve names of the reports and will populate the tree view.
catalogItems = rService.ListChildren(Global.ReportPath,true);
Help me please.
-- modified at 7:33 Monday 19th November, 2007
|
|
|
|
|
Hi,
I have a price, and I am a bit confused as to what the data type must be, what's best? I'm running SQL Server 2005.
Thanks
Brendan
|
|
|
|
|
|
hai all,
i had write one storedProcedure,i that i got two fields(columns).
i just want to know about how to find the %(percentage) of the two columnn(fields).
Thanks in advance
Subbu
Thanks
Subbu.
|
|
|
|
|
If you want to get the percentage of column1 against column2, and you have them stored as integers, then you need to force a cast on them so that they can be divided.
select cast(col1 as decimal(10,2)) / cast(col2 as decimal(10,2)) * 100
from table_1
|
|
|
|
|
Hi,
i'm a beginner in asp.net programming and web for that matter,
and in need of some help.
i use an unknown amout of tables that i need to view, lets assume the connection string and select query are entered by the user.
i need in the page_load or somewhere to create a dataset and set the gridview to it. the grid view is a static control on the web form.
now i am using:
protected void Page_Load(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection("con str");
SqlDataAdapter ad = new SqlDataAdapter("select str", con);
DataSet ds = new DataSet();
ad.Fill(ds, "test");
con.Close();
this.Controls.Add(data);
theGrid.DataSourceID = data.ID;
theGrid.DataSource = ds;
theGrid.DataBind();
}
this works, but each click/change that causes a postback will call page_loaf again. i tried to define the ds variable as private var of the class, and then put the 3 first lines in an if (!postback) {...} statment.
didn't work, the vars are recreated on each post back.
what is the solution for this?
how can i create a grid that will be saved without re binding it?
(and if i don't add the ds to the form as a control, it just doesn't bind)
help!!!
thanks, koren.
kosh2059
|
|
|
|
|
|
I am working with Excel sheets via ODBC, reading and writing to.
I do have a source Excel which I can read perfectly, with a column with long text, some of them, longer than 255. As said, I can read them.
But when writing to destination, I can only write the first 255 positions.
I tried all of this:
- using both ODBC versions for Excel (4 and 12)
- with all possible char types (char, varchar, longvarchar, nvarchar, ....)
When I specify column lenght as longer than 255, this happens:
[DataStage][SQL Client][ODBC][Microsoft][Controlador ODBC Excel]Preccision value not valid
and when setting precision to 255, obviously:
[DataStage][SQL Client]Data has been truncated
What it is really strange to me, is that I can read the column with no problem (I must say, only with Excel ODBC Driver version 4, with version 12 data was truncated on source). I even specify the column as varchar - 500, and no warning was raised!!!
Anybody can help? Thanks very much
|
|
|
|
|
This article[^] may provide an explanation for your problem.
Paul Marfleet
"No, his mind is not for rent
To any God or government"
Tom Sawyer - Rush
|
|
|
|
|
hi,
i have written a code through which i am storing a image in the access databas e its getting stored in the long binary int format My aim is to copy that one to another row .....
code for storing is
byte[] b = (byte[])datareader[0];
MemoryStream st = new MemoryStream();
st.Write(b, 0, b.Length);
picturebox.backgroundimage = Image.FromStream(st);
if any one knows how to do this plz let me know
sindhu tiwari
its me sid
|
|
|
|
|
Did you try searching the site before you posted? It took me 5 seconds to find this[^].
Paul Marfleet
"No, his mind is not for rent
To any God or government"
Tom Sawyer - Rush
|
|
|
|
|
Hello,
I've used the BindingSource Control and have two tables in my database.
On a single Windows form, i've 'dragged n dopped' coloumns from both the tables.These two tables are related by master-child relationship.
My Problem is as follows:
When i click on the '+' button to add a record and then click on 'save'.
Data is successfully inserted into the parent table but not in the child table.
I've checked the designer code and it DOES have a function to insert into the child table. Yet the insertion fails.(There are no exceptions raised either!!)
Any help is appreciated...
Thanking all in advance.
Siddy!
|
|
|
|
|
Hi,
We have an ASP.NET 1.1 application with SQL Server 2005. Database access layer of the application is written separately and provided to us as a dll to be used in application and we dont want to change it. DAL does not support parameterized queries. What we have done is that on every where clause we have replaced ' by ''. I know it is not very good approach but what i want to know is our application safe now, or SQL injection is still possible and if it is unsafe can anyone provide the example of how?
Regards
Shajeel
|
|
|
|
|
There are many ways you can have SQL Injection problems. Code Project has several articles on this subject and all are great. This is a subject that will require some reading. If you are handling sensitive data, then read up and make sure you understand what you are reading.
To answer your question, no that does not solve SQL Injection attacks.
The best way to accelerate a Macintosh is at 9.8m/sec² - Marcus Dolengo
|
|
|
|
|
Expert Coming wrote: To answer your question, no that does not solve SQL Injection attacks.
can you give me the example or article as i am pretty sure i looked at lots of articles and did not find any example that it does not solve my problem.
Regards
Shajeel
|
|
|
|
|
Shajeel wrote: but what i want to know is our application safe now,
Not at all. It's will not be safe by replacing ' with ''. There are many other ways a person can inject harmful SQL statements. Look at this[^] which explains these.
|
|
|
|
|
Thanks for reply.
all examples in the article starts with ' which we have dealt with, there are some places where int is used that are not covered here but we are always validating int wherever user enters them in form, so they are covered also. So after going through article i assume my app is safe or is there other ways of SQL Injection which are not included in article.
Regards
Shajeel
|
|
|
|
|
Are you also validating against cross site scripting? This can also lead to a Sql Injection. How?
Well, imagine that you perform clientside validation to ensure that values fall into a certain range. Now imagine that somebody else creates a form that targets your system and doesn't have this validation, then your system can be targeted because the validation has been bypassed. You have to think of security as a whole and minimize the attack surface. One way to do this is to use parameterized queries, rather than relying on your code converting ' into ''. Remember, it just takes this being missed out in 1 place for the whole thing to come crashing down to its knees.
Deja View - the feeling that you've seen this post before.
|
|
|
|
|
Shajeel wrote: So after going through article i assume my app is safe or is there other ways of SQL Injection which are not included in article.
Always take a multifaceted approach. Just because you can't find a way, doesn't mean that some clever hacker can't find a way. Do NOT be complacent about this. It is arrogant to think that just you put up protection in one area you are safe.
The house my parents live in was very well secured. A burgler attempted to get in the back door, the back windows and eventually got in through the tiny skylight in the roof. Think of your SQL Server the same way. If you secure the main ways in and attacker will find the way you didn't think of.
|
|
|
|
|
Colin Angus Mackay wrote: The house my parents live in was very well secured. A burgler attempted to get in the back door, the back windows and eventually got in through the tiny skylight in the roof. Think of your SQL Server the same way. If you secure the main ways in and attacker will find the way you didn't think of.
Absolutely true. I voted it with '5' vote.
Vasudevan Deepak Kumar
Personal Homepage Tech Gossips
Yesterday is a canceled check. Tomorrow is a promissory note. Today is the ready cash. USE IT.
|
|
|
|
|
Shajeel wrote: all examples in the article starts with '
No, one of the examples began with a number, not a quote:
string sql = "SELECT * FROM Orders WHERE DATEPART(YEAR, OrderDate) = "+
this.orderYearTb.Text);
and the attacker began his string with a zero.
Does seem to me that all the examples I've seen had statement delimiters embedded within them. Therefore, I have two functions I run against the input. The first effectively converts ' to '', but also checks for a maximum length of the argument. If I know the maximum length of the field my user wants to compare against, a string longer than this is rejected outright as a possible attack. The next function removes any unquoted semicolons. This will cause attacking SQL to be ill-formed and rejected for syntax. But DON'T respond to the user with the ill-formed string. They may be able to see thru the protection scheme.
While this two-prong approach defeates every injection example I have ever seen, it does not guarantee, as Colin suggested, that someone clever won't come up with a way to defeat it. Plus, as Pete inferred, the SQL validation (in my case, converting ' to '' and removing unquoted semicolons) must be done immediately before submitting the SQL string to the db for processing. You must not rely on external validation.
David
---------
Empirical studies indicate that 20% of the people drink 80% of the beer. With C++ developers, the rule is that 80% of the developers understand at most 20% of the language. It is not the same 20% for different people, so don't count on them to understand each other's code.
http://yosefk.com/c++fqa/picture.html#fqa-6.6
---------
|
|
|
|
|
Is it possible to compress an MS SQL Server 2005 database, like you can an Access database?
I have a database that is over 100Mb in size but considering what data it currently holds this seems excessively large.
If it is possible, can it also be done with an SQL command?
Thanks
Steve Jowett
-------------------------
Sometimes a man who deserves to be looked down upon because he is a fool, is only despised only because he is an 'I.T. Consultant'
|
|
|
|
|
|
The equivalent in SQL Server is to shrink the database. Have a look at this article[^].
Paul Marfleet
"No, his mind is not for rent
To any God or government"
Tom Sawyer - Rush
|
|
|
|