Click here to Skip to main content
15,069,665 members

Comments by Member 14479161 (Top 24 by date)

Member 14479161 1-Apr-20 6:07am View
   
null exeption for the value that i attached GridView1.Rows[1] to it

Member 14479161 31-Mar-20 15:07pm View
   
getting null too
Member 14479161 31-Mar-20 15:01pm View
   
getting null too
Member 14479161 15-Dec-19 5:57am View
   
Deleted
Can you give me an illustration haw this effect the index fragmentation?
Member 14479161 19-Sep-19 11:45am View
   
so if i set the primary key column as identity this future will not work correct i meant the update
Member 14479161 19-Sep-19 11:16am View
   
thanks
Member 14479161 13-Sep-19 3:00am View
   
What is the relation
Member 14479161 12-Sep-19 20:11pm View
   
I KNOW THAT THIS IS NOT THE BEST WAY TO DO THAT BUT I AM STUDING TRIGGERS AND I WANT TO PARCTICE IT
Member 14479161 30-Aug-19 19:36pm View
   
hi
how about this code do it prevent from sql injection attacks

alter proc SP_SelectAll
@SQL  varchar (1000) output
as
begin
    select person_ID,FullName,Email,Date_OF_Birth,Age,GenderValue,City, [DepartementName] ,[location],[DepartementHead] ,Salary
           from Person
           join PersonGender
           on Person.Gender_ID = PersonGender.Gender_ID
           join Departements
           on Person.DepartementID = Departements.Dpartement_ID
           join DatesOfBirth 
           on Person.dateOfBirthID = DatesOfBirth.Date_ID
end
Member 14479161 28-Aug-19 15:13pm View
   
hi i want to assign the result set to a value is that possible
Member 14479161 28-Aug-19 14:47pm View
   
@Maciej Los how can i solve that by your opinion
Member 14479161 28-Aug-19 14:45pm View
   
error massage it is
Msg 156, Level 15, State 1, Procedure SP_GetEmployeeByGender, Line 7 [Batch Start Line 7]
Incorrect syntax near the keyword 'select'.<pre>
Member 14479161 28-Aug-19 14:38pm View
   
hi
o recived this error
Msg 156, Level 15, State 1, Procedure SP_GetEmployeeByGender, Line 7 [Batch Start Line 7]
Incorrect syntax near the keyword 'select'.<pre>
Member 14479161 25-Aug-19 10:19am View
   
ok got it thank you very mush
Member 14479161 25-Aug-19 9:17am View
   
i have writen it like that
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;

namespace Learn_Ado
{
    public partial class WebForm12 : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected void Button1_Click(object sender, EventArgs e)
        {
            string cs = ConfigurationManager.ConnectionStrings["MSSQLDATABASE"].ConnectionString;

            using(SqlConnection con = new SqlConnection(cs))
            {
                con.Open();

                SqlDataAdapter da = new SqlDataAdapter("select * from tblStudents where Name like @Name;", con);

                da.SelectCommand.Parameters.AddWithValue("@Name",TextBox1.Text);

                DataSet ds = new DataSet();

                da.Fill(ds);

                GridView1.DataSource = ds;

                GridView1.DataBind();


            }
        }
    }
}
<pre>
Member 14479161 25-Aug-19 9:14am View
   
hi

i want to ask what about displaying a normal table in a aspx page whithout a form from database just displaying no input
Member 14479161 23-Aug-19 8:35am View
   
you are passing the parameter on the asp.net file but what if i dont want to pass the parameter
const string CmdName = "selectSttment"; // Make it "const" so you can't inject values.
int IDtoFind = @ParamName1;

using (SqlConnection conn = new SqlConnection("..."))
using (SqlCommand cmd = new SqlCommand(CmdName, conn))
{
    cmd.CommandType = CommandType.StoredProcedure;
    cmd.Parameters.AddWithValue("@ParamName1", IDtoFind);
    
    conn.Open();
    using (SqlDataReader reader = cmd.ExecuteReader())
    {
        while (reader.Read())
        {
            ...
        }
    }
}
<pre>
Member 14479161 23-Aug-19 7:50am View
   
that means if i concatinating a a select statment with a value that comes from a text box using the '+' this is ulnerable to SQL Injectio in asp.net
Member 14479161 23-Aug-19 4:37am View
   
have other question if i made a normal seect statment inside a store prosedure without paramater as Select * from tabel name do this prevent from sql injeaction
Member 14479161 22-Aug-19 13:30pm View
   
is that a parameter for select statment or for the insert statment in sql
Member 14479161 8-Aug-19 7:26am View
   
Can you please clarify more
Member 14479161 5-Aug-19 10:47am View
   
hi thank you for the answer will you plese explain more according to the example here
Member 14479161 10-Jul-19 10:37am View
   
thanks
Member 14479161 9-Jul-19 21:00pm View
   
Hi
Here the caller method is the main Method correct