|
Hi,
I'm just starting to convert my vb6.0 program to c#.net and I have a function in vb6.0 below:
Anyone can help me to translate this in c#.net.
Public Function GetData(SQL As String) As Variant
Dim RST As ADODB.Recordset
Set RST = Conn.Execute(SQL)
With RST
If .State = adStateOpen Then
If Not .EOF Then
If Not IsNull(RST(0)) Then
Select Case RST(0).Type
Case adVarChar
GetData = Trim(RST(0))
Case Else
GetData = RST(0)
End Select
Else
Select Case RST(0).Type
Case adBoolean
GetData = False
Case adVarChar
GetData = ""
Case adDouble, adInteger
GetData = 0
Case adDate, adDBTimeStamp
GetData = InvalidDate
End Select
End If
Else
Select Case RST(0).Type
Case adBoolean
GetData = False
Case adVarChar
GetData = ""
Case adDouble, adInteger
GetData = 0
Case adDate, adDBTimeStamp
GetData = InvalidDate
End Select
End If
Else
Select Case RST(0).Type
Case adBoolean
GetData = False
Case adVarChar
GetData = ""
Case adDouble, adInteger
GetData = 0
Case adDate, adDBTimeStamp
GetData = InvalidDate
End Select
End If
End With
Set RST = Nothing
End Function
THANKS AND REGARDS
klaydze
if(you type your code here) {
Messagebox.Show("You help me a lot!");
}
else {
You help me = null;
}
|
|
|
|
|
A variant in VB is something that can be any type. The closest equivalent in C# is an 'Object'. In C# all data types derive from Object, so you can return the value as an Object and then cast it to what ever type it actually is.
(By the way, this is rather bad programming style, you should really be using parametrized queries, or stored procedures. This code is very vulnerable to SQL injection attacks. Also, by just chucking objects around everywhere you lose a lot of the benefits of strongly typed languages like C# such as compile time type checking. Also you seem to be repeating your select/case block about 3 times with the same code in it each time, it seems like you might have some redundant code here)
Simon
|
|
|
|
|
Simon Stevens wrote: A variant in VB is something that can be any type. The closest equivalent in C# is an 'Object'. In C# all data types derive from Object, so you can return the value as an Object and then cast it to what ever type it actually is.
(By the way, this is rather bad programming style, you should really be using parametrized queries, or stored procedures. This code is very vulnerable to SQL injection attacks. Also, by just chucking objects around everywhere you lose a lot of the benefits of strongly typed languages like C# such as compile time type checking. Also you seem to be repeating your select/case block about 3 times with the same code in it each time, it seems like you might have some redundant code here)
Hi Simon,
First, thanks for your reply.
I already converted my code to C#.Net. Yeah I used object as equivalent of variant.
My code something like this.
public object GetData(string SQL)
{
DataTable DT = new DataTable();
DT = dbConn.ExecuteQuery(SQL); dbConn is my connection class
if (!String.IsNullOrEmpty(DT.Rows[0][0].ToString()))
{
switch (DT.Column[0].DataType.ToString())
{
case "System.ToInt32":
return;
case "System.String":
return;
}
}
}
Any piece of advise?
The code just get the 1 field value in the query. Just thinking this is the best way, the shortest way of getting the 1 value in a query.
Example:
string sName;
sName = GetData("Select txtFirstname From tblUsers Where intID = 1").ToString();
Regards,
klaydze
if(you type your code here) {
Messagebox.Show("You help me a lot!");
}
else {
You help me = null;
}
|
|
|
|
|
klaydze wrote: Any piece of advise?
It's unmaintainable and insecure code.
What if some nasty user comes along and calls
GetData("DROP DATABASE [yourdatabase]")And this is just a minor problem. If you expose the ability to execute arbitrary SQL against your database you can wave goodbye to any serious form of security or data integrity.
If your just writing a prototype or for fun, don't worry about it too much. Just be aware the code is dangerous and should never grow into production code.
If this is production code I would advise a serious rethink about your architecture. You should create a separate data access layer. The DA layer should have strongly typed accessor methods, and they should being using pre written parametrized queries or stored procedures (Google those terms, it's pretty easy to use either with ADO.net)
E.g. you would have a UserDA class with a public User GetUser(String userName) method. The method would run the parametrized query and create a User object to be returned to the caller. This prevents a lot of issues. 1) You are only passing in the user name, not the whole SQL string so the caller can't execute whatever SQL they want. 2) You are returning a strongly typed User object so the caller gets exactly what they are expecting. 3) The use of stored procs or parametrized queries prevents SQL injection attacks. 4) You can build in security if you want and only allow certain users to retrieve and modify certain data.
Simon
|
|
|
|
|
 Simon Stevens wrote: It's unmaintainable and insecure code.
What if some nasty user comes along and calls
GetData("DROP DATABASE [yourdatabase]")
And this is just a minor problem. If you expose the ability to execute arbitrary SQL against your database you can wave goodbye to any serious form of security or data integrity.
If your just writing a prototype or for fun, don't worry about it too much. Just be aware the code is dangerous and should never grow into production code.
If this is production code I would advise a serious rethink about your architecture. You should create a separate data access layer. The DA layer should have strongly typed accessor methods, and they should being using pre written parametrized queries or stored procedures (Google those terms, it's pretty easy to use either with ADO.net)
E.g. you would have a UserDA class with a public User GetUser(String userName) method. The method would run the parametrized query and create a User object to be returned to the caller. This prevents a lot of issues. 1) You are only passing in the user name, not the whole SQL string so the caller can't execute whatever SQL they want. 2) You are returning a strongly typed User object so the caller gets exactly what they are expecting. 3) The use of stored procs or parametrized queries prevents SQL injection attacks. 4) You can build in security if you want and only allow certain users to retrieve and modify certain data.
Hi Simon,
Thanks for the advise.
In short don't passed a sql statement in a parameter method? How about if I want to create a method that is accessible in all my form the same with my previous code.
public object GetData(string SQL) . How do I secured it?
In your example public User GetUser(string sUser), your just passing a single field where "sUser" is my filter in my sql statement inside the User Method.
SELECT * FROM tblUsers WHERE txtUser = sUser
Thanks and Regards
klaydze
if(you type your code here) {
Messagebox.Show("You help me a lot!");
}
else {
You help me = null;
}
|
|
|
|
|
But you should be using parametrized queries not just build up the sql statement on your own out of strings.
Simon
|
|
|
|
|
Simon Stevens wrote: But you should be using parametrized queries not just build up the sql statement on your own out of strings.
Hi Simon,
Sorry but I don't get it. "-(
Regards
klaydze
if(you type your code here) {
Messagebox.Show("You help me a lot!");
}
else {
You help me = null;
}
|
|
|
|
|
Use a SqlCommand and insert parameters into the command.
like this:
public static String GetUser(String userId)
{
SqlConnection connection = new SqlConnection();
String sqlQuery = "SELECT userName FROM Users WHERE UserId = @UserIdParameter";
SqlCommand command = new SqlCommand(sqlQuery, connection);
command.Parameters.Add(new SqlParameter("@UserIdParameter", userId));
using (SqlDataReader reader = command.ExecuteReader())
{
if (reader.HasRows)
{
return reader.GetString(0);
}
else
{
return String.Empty;
}
}
}This means that your caller can't inject sql in because they only have control over the parameter and because it's a parameter, when it the query is executed, the parameter will be validated and surrounded with quotes and any command characters will be removed to prevent injection attacks.
Read more here:
SQL Injection Attacks and Some Tips on How to Prevent Them[^]
Simon
|
|
|
|
|
Hi Simon,
Thanks for giving sample program. I'll try this one.
By the way, Can you look at the code below. That is my clsConnection where i execute my queries. Is it safe? And can you point out in my code if there is something bad code.
This is the way i used it.
E.g.
clsConnection myConn = new clsConnection();
DataTable DT = new DataTable();
string SQL = "SELECT * FROM tblUsers";
DT = myConn.ExecuteQuery(SQL);
using System;
using System.Data;
using System.Collections.Generic;
using System.Text;
using System.Data.SqlClient;
using System.Collections;
using System.Windows.Forms;
namespace Micromix.Class
{
class clsConnection
{
public SqlConnection objConnection;
SqlTransaction objTransaction;
public bool SqlConnect()
{
try
{
objConnection = new SqlConnection();
objConnection.ConnectionString = Connect.ConnString.ToString();
if (objConnection.State == ConnectionState.Closed)
objConnection.Open();
return true;
}
catch (Exception ex)
{
MessageBox.Show("Failed to connect to data source.", "Connect Failed", MessageBoxButtons.OK, MessageBoxIcon.Warning);
MessageBox.Show(ex.Message);
return false;
}
finally
{
objConnection.Close();
}
}
public DataTable ExecuteQuery(string strSQL)
{
DataTable objDataTable;
SqlDataAdapter objDataAdapter;
try
{
SqlConnect();
objDataAdapter = new SqlDataAdapter();
{
objDataTable = new DataTable();
objDataAdapter.SelectCommand = new SqlCommand(strSQL, objConnection, objTransaction);
objDataAdapter.Fill(objDataTable);
return objDataTable;
}
}
catch (Exception sqlex)
{
throw sqlex;
}
finally
{
objDataAdapter = null;
}
}
public void ExecuteNonQuery(string strSQL)
{
SqlCommand objSqlCommand;
try
{
SqlConnect();
objSqlCommand = new SqlCommand(strSQL, objConnection);
objSqlCommand.Connection.Open();
objSqlCommand.ExecuteNonQuery();
}
catch (SqlException ex)
{
throw ex;
}
finally
{
objSqlCommand = null;
}
}
public bool ExecuteNonQuery(string strSQL, SqlParameter[] sqlparams)
{
try
{
int intindex;
SqlCommand objsqlcommand = new SqlCommand(strSQL, objConnection, objTransaction);
for (intindex = 0; intindex <= sqlparams.GetUpperBound(0); intindex++)
{
objsqlcommand.Parameters.Add(sqlparams[intindex]);
}
objsqlcommand.ExecuteNonQuery();
return true;
}
catch (Exception ex)
{
throw ex;
}
}
}
}
Thanks and Regards
klaydze
if(you type your code here) {
Messagebox.Show("You help me a lot!");
}
else {
You help me = null;
}
|
|
|
|
|
Hi All
I am creating an application which takes some SQL code into a rich text box, with Syntax highlighting. I have inherited the Rich Text Box and put my word recognition code in here. The problem I have is that when ever the syntax highlighting code runs, the whole rich text box flickers annoyingly.
Does anybody know how to stop this flickering?
Thanks in advance. 
oooo, the Jedi's will feel this one....
|
|
|
|
|
Here is the solution [^] 
Cheers!
Nuri
|
|
|
|
|
That was just what I was needing. Cheers... 
oooo, the Jedi's will feel this one....
|
|
|
|
|
Hi...
I have to call a csharp function in Java.
Can somebody give me a small example of how to do this.
Please do help me out.
Thnx.
|
|
|
|
|
Ask a question ONCE. Posting in multiple forums is guaranteed to annoy.
Panic, Chaos, Destruction.
My work here is done.
|
|
|
|
|
I'm sorry i wasn't sure if the question was to be posted in C# section or Java section.
|
|
|
|
|
since the code you will be writing is Java the Java forum is the right one
|
|
|
|
|
On top of Tom's answer, it doesn't mater in this instance too much which you had chosen to start with. But you should have posted only once.
Panic, Chaos, Destruction.
My work here is done.
|
|
|
|
|
hi,could some one help me with my problem...
i'm trying to get the changes or modifications a specific process on my computer has made, i know how to do it in opposite side < i mean knowing what is happening now in registry ,or what files modified,but not telling who did it>... i found a program donig that but i want to do it<by the way : i'm using c# .net 2008>
can someone tell me how i can do that?
|
|
|
|
|
Hi,
I have this problem with C# socket server that's talking to a perl client. When I run the server and run the perl client with "perl client.pl commandtoexecute" the server executes the command displaying it on the server console and then crashes with this error:
Unhandled Exception: System.IO.IOException: Unable to read data from the transpo
rt connection: An existing connection was forcibly closed by the remote host. --
-> System.Net.Sockets.SocketException: An existing connection was forcibly close
d by the remote host
at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size,
SocketFlags socketFlags)
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 s
ize)
--- End of inner exception stack trace ---
I know I am not handling the error correctly, but I have no idea how do I go about fixing this. Any ideas? here is the code for the method that is handling the client connections:
public void HandleConnection()
{
int recv;
byte[] data = new byte[2048000];
TcpClient client = threadListener.AcceptTcpClient();
NetworkStream ns = client.GetStream();
connections++;
Console.WriteLine("New client accepted: {0} active connections", connections);
string welcome = "Welcome to power shell server ... ";
data = Encoding.ASCII.GetBytes(welcome);
ns.Write(data, 0, data.Length);
while (true)
{
data = new byte[2048000];
recv = ns.Read(data, 0, data.Length);
if (recv == 0)
break;
else
{
String cmd = Encoding.ASCII.GetString(data, 0, recv);
Console.WriteLine(cmd);
//Console.WriteLine(Encoding.ASCII.GetString(data, 0, recv));
//ns.Write(Encoding.UTF8.GetBytes(RunShell(cmd)), Convert.ToString((RunShell(cmd))).Length, 10000000);
// Execute incoming shell command and convert the string data to byte data using ASCII encoding.
byte[] byteData = Encoding.ASCII.GetBytes(RunShell(cmd));
// Begin sending the data to the remote device.
if (byteData.Length > 0)
ns.Write(byteData, 0, byteData.Length);
else
{
Console.Write("\nData Length is less than 0");
ns.Write(data, 0, recv);
}
}
}
ns.Close();
client.Close();
connections--;
Console.WriteLine("Client disconnected: {0} active connections", connections);
}
|
|
|
|
|
Probably you get the exception in this line:
recv = ns.Read(data, 0, data.Length);
If yes, then the remote host just disconnect you.
|
|
|
|
|
Thanks for the reply. Actually the server is crashing at:
ns.Write(byteData, 0, byteData.Length);
Because after this is executed, the client has received the data and it closes the connection - I don't know if I have to catch an exception here? I am not good with exceptions. Also, I am closing the network stream here with ns.Close() and the server is still crashing. I am confused.
|
|
|
|
|
Hi,
I have string "[Font: Name=Microsoft Sans Serif, Size=20, Units=3, GdiCharSet=1, GdiVerticalFont=False]",
how can i convert it as Font or how to assign this to a Font.
Thankyou
YPKI
|
|
|
|
|
you need to parse it using string.split and then check the NVP and assign them to a font class
|
|
|
|
|
try FontConverter class. It may help you
|
|
|
|
|
Sorry, but this string can not converted to font!
I use split function instead!
and :
Font F=new Font(params)
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
