|
i have a calendar that i click on one day, then when i have that day marked i write something in a textbox, after that i klick on my button and it should be saved, now my issue is:
i DO NOT want to create a new xmlfile dynamicly, i already have one xmlfile that i've added to the project, and i want it to store the day on the calendar that i clicked on, and the text that i wrote in my textbox, it should resoult like this:
<Plan 1><br />
< tuesday 5th may 2009 > today im going to write in codeproject forum < tuesday 5th may 2009><br />
<plan 1><br />
<br />
<plan 2 ><br />
< some day that i chose > blabla < some day that i chose><br />
<plan 2><br />
i hope you get the point?
so for each day i add a text on, i want it to generate a number ( i have already solve that problem )
int ID = 0;
while (readcalendar.Read())
{
if (readcalendar.Name.StartsWith("Plan"))
{
ID++;
}
}
and i also want to be able to Load the xmlfile each time i start my project, so that my "planings" is saved on the days i planed them. (ex. if i click on a day that i already have a plan on i want to be able to edit the text that already exist )
i have checked google for answers but i did not find anything and im a bit new to xml, so even if i've maybe stumbled on a correct answer i may have not looked into it.
if you dont understand my question, feel free to ask
|
|
|
|
|
Your XML does not look valid..
Also, what exactly is the question?
|
|
|
|
|
my question is: i have a calendar wich i want to store "text" on each day in,
example: i click on 5th may and write "i have to book a flight today " in a textbox, then i press a save-button (to store that information in a xmlfile), and if i open that xmlfile i want it to look like this:
-Plan1
--5th may 2009
i have to book a flight today
--/5th may 2009
-/plan1
(i already have a function that makes the plan1 increase in number so the next one look like this <plan2> then <plan3> and so on, so you dont have to write down that function)
and i also want the xml file that i just saved, to load each time i start my program, so that when i click on 5th may, i want the textbox to say "i have to book a flight today".
summary:
remember this is a almanac so i want the c# code to store information on the day i clicked on with the text i wrote in my textbox
|
|
|
|
|
You still don't really have a question though..
It's clear that there's something you want, well, ok, you're making it of course, and you're posting here so you're experiencing difficulties, but it's not yet clear what they are
Presumably you want to output:
<Plan1 date="5th may 2009">i have to book a flight today</Plan1>
(tags should start with a letter and can not contain spaces)
Ok, easy. You could even use an XmlWriter to make it easier (well, easier?)
Automatically loading the file: no problems here, if you want to be able to change the filename you could make it an application-setting.
Clicking the 5th of may: I guess you'd use a date picker control for that?
Making the textbox show something: just change the textbox.Text?
So I just tried to help with everything, since you didn't really specify your problem.
|
|
|
|
|
Miroslav88 wrote: i already have one xmlfile that i've added to the project, and i want it to store the day
Miroslav88 wrote: i also want to be able to Load the xmlfile each time i start my project
Miroslav88 wrote: im a bit new to xml
Go to www.w3schools.com and go through all the XML tutorials. Pay attention when you get to the ones about using an XML DOM.
|
|
|
|
|
Hi,
I'm just starting to convert my vb6.0 program to c#.net and I have a function in vb6.0 below:
Anyone can help me to translate this in c#.net.
Public Function GetData(SQL As String) As Variant
Dim RST As ADODB.Recordset
Set RST = Conn.Execute(SQL)
With RST
If .State = adStateOpen Then
If Not .EOF Then
If Not IsNull(RST(0)) Then
Select Case RST(0).Type
Case adVarChar
GetData = Trim(RST(0))
Case Else
GetData = RST(0)
End Select
Else
Select Case RST(0).Type
Case adBoolean
GetData = False
Case adVarChar
GetData = ""
Case adDouble, adInteger
GetData = 0
Case adDate, adDBTimeStamp
GetData = InvalidDate
End Select
End If
Else
Select Case RST(0).Type
Case adBoolean
GetData = False
Case adVarChar
GetData = ""
Case adDouble, adInteger
GetData = 0
Case adDate, adDBTimeStamp
GetData = InvalidDate
End Select
End If
Else
Select Case RST(0).Type
Case adBoolean
GetData = False
Case adVarChar
GetData = ""
Case adDouble, adInteger
GetData = 0
Case adDate, adDBTimeStamp
GetData = InvalidDate
End Select
End If
End With
Set RST = Nothing
End Function
THANKS AND REGARDS
klaydze
if(you type your code here) {
Messagebox.Show("You help me a lot!");
}
else {
You help me = null;
}
|
|
|
|
|
|
Le Centriste wrote: Do you even know C#?
Yeah but not that good as in VB6.
if(you type your code here) {
Messagebox.Show("You help me a lot!");
}
else {
You help me = null;
}
|
|
|
|
|
Hi,
I'm just starting to convert my vb6.0 program to c#.net and I have a function in vb6.0 below:
Anyone can help me to translate this in c#.net.
Public Function GetData(SQL As String) As Variant
Dim RST As ADODB.Recordset
Set RST = Conn.Execute(SQL)
With RST
If .State = adStateOpen Then
If Not .EOF Then
If Not IsNull(RST(0)) Then
Select Case RST(0).Type
Case adVarChar
GetData = Trim(RST(0))
Case Else
GetData = RST(0)
End Select
Else
Select Case RST(0).Type
Case adBoolean
GetData = False
Case adVarChar
GetData = ""
Case adDouble, adInteger
GetData = 0
Case adDate, adDBTimeStamp
GetData = InvalidDate
End Select
End If
Else
Select Case RST(0).Type
Case adBoolean
GetData = False
Case adVarChar
GetData = ""
Case adDouble, adInteger
GetData = 0
Case adDate, adDBTimeStamp
GetData = InvalidDate
End Select
End If
Else
Select Case RST(0).Type
Case adBoolean
GetData = False
Case adVarChar
GetData = ""
Case adDouble, adInteger
GetData = 0
Case adDate, adDBTimeStamp
GetData = InvalidDate
End Select
End If
End With
Set RST = Nothing
End Function
THANKS AND REGARDS
klaydze
if(you type your code here) {
Messagebox.Show("You help me a lot!");
}
else {
You help me = null;
}
|
|
|
|
|
A variant in VB is something that can be any type. The closest equivalent in C# is an 'Object'. In C# all data types derive from Object, so you can return the value as an Object and then cast it to what ever type it actually is.
(By the way, this is rather bad programming style, you should really be using parametrized queries, or stored procedures. This code is very vulnerable to SQL injection attacks. Also, by just chucking objects around everywhere you lose a lot of the benefits of strongly typed languages like C# such as compile time type checking. Also you seem to be repeating your select/case block about 3 times with the same code in it each time, it seems like you might have some redundant code here)
Simon
|
|
|
|
|
Simon Stevens wrote: A variant in VB is something that can be any type. The closest equivalent in C# is an 'Object'. In C# all data types derive from Object, so you can return the value as an Object and then cast it to what ever type it actually is.
(By the way, this is rather bad programming style, you should really be using parametrized queries, or stored procedures. This code is very vulnerable to SQL injection attacks. Also, by just chucking objects around everywhere you lose a lot of the benefits of strongly typed languages like C# such as compile time type checking. Also you seem to be repeating your select/case block about 3 times with the same code in it each time, it seems like you might have some redundant code here)
Hi Simon,
First, thanks for your reply.
I already converted my code to C#.Net. Yeah I used object as equivalent of variant.
My code something like this.
public object GetData(string SQL)
{
DataTable DT = new DataTable();
DT = dbConn.ExecuteQuery(SQL); dbConn is my connection class
if (!String.IsNullOrEmpty(DT.Rows[0][0].ToString()))
{
switch (DT.Column[0].DataType.ToString())
{
case "System.ToInt32":
return;
case "System.String":
return;
}
}
}
Any piece of advise?
The code just get the 1 field value in the query. Just thinking this is the best way, the shortest way of getting the 1 value in a query.
Example:
string sName;
sName = GetData("Select txtFirstname From tblUsers Where intID = 1").ToString();
Regards,
klaydze
if(you type your code here) {
Messagebox.Show("You help me a lot!");
}
else {
You help me = null;
}
|
|
|
|
|
klaydze wrote: Any piece of advise?
It's unmaintainable and insecure code.
What if some nasty user comes along and calls
GetData("DROP DATABASE [yourdatabase]") And this is just a minor problem. If you expose the ability to execute arbitrary SQL against your database you can wave goodbye to any serious form of security or data integrity.
If your just writing a prototype or for fun, don't worry about it too much. Just be aware the code is dangerous and should never grow into production code.
If this is production code I would advise a serious rethink about your architecture. You should create a separate data access layer. The DA layer should have strongly typed accessor methods, and they should being using pre written parametrized queries or stored procedures (Google those terms, it's pretty easy to use either with ADO.net)
E.g. you would have a UserDA class with a public User GetUser(String userName) method. The method would run the parametrized query and create a User object to be returned to the caller. This prevents a lot of issues. 1) You are only passing in the user name, not the whole SQL string so the caller can't execute whatever SQL they want. 2) You are returning a strongly typed User object so the caller gets exactly what they are expecting. 3) The use of stored procs or parametrized queries prevents SQL injection attacks. 4) You can build in security if you want and only allow certain users to retrieve and modify certain data.
Simon
|
|
|
|
|
Simon Stevens wrote: It's unmaintainable and insecure code.
What if some nasty user comes along and calls
GetData("DROP DATABASE [yourdatabase]")
And this is just a minor problem. If you expose the ability to execute arbitrary SQL against your database you can wave goodbye to any serious form of security or data integrity.
If your just writing a prototype or for fun, don't worry about it too much. Just be aware the code is dangerous and should never grow into production code.
If this is production code I would advise a serious rethink about your architecture. You should create a separate data access layer. The DA layer should have strongly typed accessor methods, and they should being using pre written parametrized queries or stored procedures (Google those terms, it's pretty easy to use either with ADO.net)
E.g. you would have a UserDA class with a public User GetUser(String userName) method. The method would run the parametrized query and create a User object to be returned to the caller. This prevents a lot of issues. 1) You are only passing in the user name, not the whole SQL string so the caller can't execute whatever SQL they want. 2) You are returning a strongly typed User object so the caller gets exactly what they are expecting. 3) The use of stored procs or parametrized queries prevents SQL injection attacks. 4) You can build in security if you want and only allow certain users to retrieve and modify certain data.
Hi Simon,
Thanks for the advise.
In short don't passed a sql statement in a parameter method? How about if I want to create a method that is accessible in all my form the same with my previous code.
public object GetData(string SQL) . How do I secured it?
In your example public User GetUser(string sUser), your just passing a single field where "sUser" is my filter in my sql statement inside the User Method.
SELECT * FROM tblUsers WHERE txtUser = sUser
Thanks and Regards
klaydze
if(you type your code here) {
Messagebox.Show("You help me a lot!");
}
else {
You help me = null;
}
|
|
|
|
|
But you should be using parametrized queries not just build up the sql statement on your own out of strings.
Simon
|
|
|
|
|
Simon Stevens wrote: But you should be using parametrized queries not just build up the sql statement on your own out of strings.
Hi Simon,
Sorry but I don't get it. "-(
Regards
klaydze
if(you type your code here) {
Messagebox.Show("You help me a lot!");
}
else {
You help me = null;
}
|
|
|
|
|
Use a SqlCommand and insert parameters into the command.
like this:
public static String GetUser(String userId)
{
SqlConnection connection = new SqlConnection();
String sqlQuery = "SELECT userName FROM Users WHERE UserId = @UserIdParameter";
SqlCommand command = new SqlCommand(sqlQuery, connection);
command.Parameters.Add(new SqlParameter("@UserIdParameter", userId));
using (SqlDataReader reader = command.ExecuteReader())
{
if (reader.HasRows)
{
return reader.GetString(0);
}
else
{
return String.Empty;
}
}
} This means that your caller can't inject sql in because they only have control over the parameter and because it's a parameter, when it the query is executed, the parameter will be validated and surrounded with quotes and any command characters will be removed to prevent injection attacks.
Read more here:
SQL Injection Attacks and Some Tips on How to Prevent Them[^]
Simon
|
|
|
|
|
Hi Simon,
Thanks for giving sample program. I'll try this one.
By the way, Can you look at the code below. That is my clsConnection where i execute my queries. Is it safe? And can you point out in my code if there is something bad code.
This is the way i used it.
E.g.
clsConnection myConn = new clsConnection();
DataTable DT = new DataTable();
string SQL = "SELECT * FROM tblUsers";
DT = myConn.ExecuteQuery(SQL);
using System;
using System.Data;
using System.Collections.Generic;
using System.Text;
using System.Data.SqlClient;
using System.Collections;
using System.Windows.Forms;
namespace Micromix.Class
{
class clsConnection
{
public SqlConnection objConnection;
SqlTransaction objTransaction;
public bool SqlConnect()
{
try
{
objConnection = new SqlConnection();
objConnection.ConnectionString = Connect.ConnString.ToString();
if (objConnection.State == ConnectionState.Closed)
objConnection.Open();
return true;
}
catch (Exception ex)
{
MessageBox.Show("Failed to connect to data source.", "Connect Failed", MessageBoxButtons.OK, MessageBoxIcon.Warning);
MessageBox.Show(ex.Message);
return false;
}
finally
{
objConnection.Close();
}
}
public DataTable ExecuteQuery(string strSQL)
{
DataTable objDataTable;
SqlDataAdapter objDataAdapter;
try
{
SqlConnect();
objDataAdapter = new SqlDataAdapter();
{
objDataTable = new DataTable();
objDataAdapter.SelectCommand = new SqlCommand(strSQL, objConnection, objTransaction);
objDataAdapter.Fill(objDataTable);
return objDataTable;
}
}
catch (Exception sqlex)
{
throw sqlex;
}
finally
{
objDataAdapter = null;
}
}
public void ExecuteNonQuery(string strSQL)
{
SqlCommand objSqlCommand;
try
{
SqlConnect();
objSqlCommand = new SqlCommand(strSQL, objConnection);
objSqlCommand.Connection.Open();
objSqlCommand.ExecuteNonQuery();
}
catch (SqlException ex)
{
throw ex;
}
finally
{
objSqlCommand = null;
}
}
public bool ExecuteNonQuery(string strSQL, SqlParameter[] sqlparams)
{
try
{
int intindex;
SqlCommand objsqlcommand = new SqlCommand(strSQL, objConnection, objTransaction);
for (intindex = 0; intindex <= sqlparams.GetUpperBound(0); intindex++)
{
objsqlcommand.Parameters.Add(sqlparams[intindex]);
}
objsqlcommand.ExecuteNonQuery();
return true;
}
catch (Exception ex)
{
throw ex;
}
}
}
}
Thanks and Regards
klaydze
if(you type your code here) {
Messagebox.Show("You help me a lot!");
}
else {
You help me = null;
}
|
|
|
|
|
Hi All
I am creating an application which takes some SQL code into a rich text box, with Syntax highlighting. I have inherited the Rich Text Box and put my word recognition code in here. The problem I have is that when ever the syntax highlighting code runs, the whole rich text box flickers annoyingly.
Does anybody know how to stop this flickering?
Thanks in advance.
oooo, the Jedi's will feel this one....
|
|
|
|
|
Here is the solution [^]
Cheers!
Nuri
|
|
|
|
|
That was just what I was needing. Cheers...
oooo, the Jedi's will feel this one....
|
|
|
|
|
Hi...
I have to call a csharp function in Java.
Can somebody give me a small example of how to do this.
Please do help me out.
Thnx.
|
|
|
|
|
Ask a question ONCE. Posting in multiple forums is guaranteed to annoy.
Panic, Chaos, Destruction.
My work here is done.
|
|
|
|
|
I'm sorry i wasn't sure if the question was to be posted in C# section or Java section.
|
|
|
|
|
since the code you will be writing is Java the Java forum is the right one
|
|
|
|
|
On top of Tom's answer, it doesn't mater in this instance too much which you had chosen to start with. But you should have posted only once.
Panic, Chaos, Destruction.
My work here is done.
|
|
|
|
|