Click here to Skip to main content
13,661,044 members
   

C#

 
QuestionRe: Coding Moveable Elements for Games or Whatever Pin
Eddy Vluggen22-Jan-18 13:54
professionalEddy Vluggen22-Jan-18 13:54 
AnswerRe: Coding Moveable Elements for Games or Whatever Pin
Gerry Schmitz22-Jan-18 14:23
memberGerry Schmitz22-Jan-18 14:23 
GeneralRe: Coding Moveable Elements for Games or Whatever Pin
Eddy Vluggen22-Jan-18 14:37
professionalEddy Vluggen22-Jan-18 14:37 
GeneralRe: Coding Moveable Elements for Games or Whatever Pin
Gerry Schmitz22-Jan-18 16:38
memberGerry Schmitz22-Jan-18 16:38 
GeneralRe: Coding Moveable Elements for Games or Whatever Pin
Eddy Vluggen23-Jan-18 0:20
professionalEddy Vluggen23-Jan-18 0:20 
GeneralRe: Coding Moveable Elements for Games or Whatever Pin
Gerry Schmitz23-Jan-18 7:37
memberGerry Schmitz23-Jan-18 7:37 
QuestionHow to insert the XML file in SQL Server Pin
Jieha Lee19-Jan-18 4:23
memberJieha Lee19-Jan-18 4:23 
AnswerRe: How to insert the XML file in SQL Server Pin
OriginalGriff19-Jan-18 4:58
protectorOriginalGriff19-Jan-18 4:58 
Don't do it like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
DROP TABLE MyTable;
A perfectly valid "delete the table" command
--'
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?

Chances are, when you fix that throughout your application, the problem you have noticed will vanish at the same time.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!

AnswerRe: How to insert the XML file in SQL Server Pin
jschell20-Jan-18 5:54
memberjschell20-Jan-18 5:54 
GeneralRe: How to insert the XML file in SQL Server Pin
Laxmidhar clareta technologies23-Jan-18 5:00
memberLaxmidhar clareta technologies23-Jan-18 5:00 
GeneralRe: How to insert the XML file in SQL Server Pin
jschell27-Jan-18 5:09
memberjschell27-Jan-18 5:09 
QuestionCalling a Method from a Form event Pin
ormonds18-Jan-18 14:08
memberormonds18-Jan-18 14:08 
AnswerRe: Calling a Method from a Form event Pin
Peter Vegter18-Jan-18 14:35
memberPeter Vegter18-Jan-18 14:35 
AnswerRe: Calling a Method from a Form event Pin
OriginalGriff18-Jan-18 20:07
protectorOriginalGriff18-Jan-18 20:07 
AnswerRe: Calling a Method from a Form event Pin
ormonds19-Jan-18 17:00
memberormonds19-Jan-18 17:00 
GeneralRe: Calling a Method from a Form event Pin
OriginalGriff19-Jan-18 20:34
protectorOriginalGriff19-Jan-18 20:34 
QuestionWhy ControlAccessibleObject' does not contain a definition for: BUY,SELL Pin
Member 1228884018-Jan-18 8:18
memberMember 1228884018-Jan-18 8:18 
AnswerRe: Why ControlAccessibleObject' does not contain a definition for: BUY,SELL Pin
Richard MacCutchan18-Jan-18 21:10
protectorRichard MacCutchan18-Jan-18 21:10 
GeneralRe: Why ControlAccessibleObject' does not contain a definition for: BUY,SELL Pin
Member 1228884019-Jan-18 7:44
memberMember 1228884019-Jan-18 7:44 
GeneralRe: Why ControlAccessibleObject' does not contain a definition for: BUY,SELL Pin
Richard MacCutchan19-Jan-18 8:01
protectorRichard MacCutchan19-Jan-18 8:01 
GeneralRe: Why ControlAccessibleObject' does not contain a definition for: BUY,SELL Pin
Member 1228884019-Jan-18 11:30
memberMember 1228884019-Jan-18 11:30 
GeneralRe: Why ControlAccessibleObject' does not contain a definition for: BUY,SELL Pin
Pete O'Hanlon19-Jan-18 22:22
protectorPete O'Hanlon19-Jan-18 22:22 
GeneralRe: Why ControlAccessibleObject' does not contain a definition for: BUY,SELL Pin
Member 1228884020-Jan-18 6:59
memberMember 1228884020-Jan-18 6:59 
GeneralRe: Why ControlAccessibleObject' does not contain a definition for: BUY,SELL Pin
Pete O'Hanlon20-Jan-18 22:27
protectorPete O'Hanlon20-Jan-18 22:27 
QuestionProject Reference Installed Applications Pin
TheCoolTech18-Jan-18 5:32
memberTheCoolTech18-Jan-18 5:32 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.


Advertise | Privacy | Cookies | Terms of Service
Web04-2016 | 2.8.180810.1 | Last Updated 14 Aug 2018
Copyright © CodeProject, 1999-2018
All Rights Reserved.
Layout: fixed | fluid