|
private void button1_Click(object sender, EventArgs e)
{
string strDSN = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=c:\\db4.MDB";
string strSQL = "SELECT * FROM ta1";
OleDbConnection myConn = new OleDbConnection(strDSN);
OleDbDataAdapter myCmd = new OleDbDataAdapter(strSQL, myConn);
DataSet dtSet = new DataSet();
string sqlQuery = "SELECT Name,Password FROM ta1 where Name = '" + textBox1.Text.ToString() + "' AND Password= '" + textBox2.Text.ToString() + "'";
myCmd.SelectCommand.CommandText = sqlQuery;
int numberOfRowsFeched = myCmd.Fill(dtSet, "ta1");
if (numberOfRowsFeched > 0)
{
try
{
myCmd.UpdateCommand.CommandText = "UPDATE Users SET " + "Password = '" +textBox3.Text + "'" + " WHERE Name = '" + textBox1.Text + "'";
myCmd.UpdateCommand.Connection = myConn;
myCmd.UpdateCommand.ExecuteNonQuery();
MessageBox.Show("Record updated Successfully");
textBox1.Text = "";
textBox2.Text = "";
textBox3.Text = "";
}
catch (System.Data.OleDb.OleDbException exp)
{
myConn.Close();
MessageBox.Show(exp.Message);
}
}
else
{
MessageBox.Show("wrong Name Or Password", "Password", MessageBoxButtons.OK, MessageBoxIcon.Information);
textBox1.Text = "";
textBox2.Text = "";
textBox3.Text = "";
}
message : http://www.cpestudents.net/upload/up/54.gif[^]
|
|
|
|
|
this keywords SET " + "Password as sql command in result is SETPassword, you have to separate by space, just set space character before Password like this
SET " + " Password
_____________________
Proud to be Albanian
_____________________
|
|
|
|
|
mm310 wrote: what is wrong in this code
You have left it wide open to SQL Injection Attacks. While the other response you got will apparently fix your problem it still leaves your code open to attack.
You should read: SQL Injection Attacks and Tips on How to Prevent Them[^]
This will explain a better way to perform your queries that will solve your problem AND make your code safer - Especially for code dealing with a login. What you have here is unforgivable and any tutorial that you have read that suggests you build SQL this way should be recalled and the author lined up and shot! (in my opinion). No wonder Software Developers have a bad reputation when it comes to security if developers think that concatenating strings together to form a SQL query is acceptable on a day-to-day basis. String concatenation as a way to build a SQL statement should only be done after careful consideration that there is absolutely no other way to achieve the desired result.
Sorry for my rant. It isn't your fault - You've obviously read the wrong tutorials and have picked up some extremely dangerous habits.
ColinMackay.net
Scottish Developers are looking for speakers for user group sessions over the next few months. Do you want to know more?
|
|
|
|
|
Hi!,
Most of you will be aware of a critical update on Sql server from Microsoft, it is called SQLCritUpdPkg_ENU.exe, I executed this exe, but it was unsuccessful. I am a local administrator on this machine.
Is there someone out there who can help! me on this please!!!!!?
Thank you.
happy coding!
|
|
|
|
|
What SP do you have installed on your machine? SP3 or later are secured aginst the worm so they don't need the update you want to install.
André
'A programmer is just a tool which converts caffeine into code'
|
|
|
|
|
I am running SP4 on Sql 2000.
Original Problem:I was unable to connect to my dev Sql server from my UAT enterprise manager. It came up with the error message as follows: SQL Server does not exist or access denied. ConnectionOpen(Connect()).I did a lot of googling but of no avail, finally I got to this web page http://www.doughughes.net/index.cfm?event=ViewEntry&entryId=91.
Then I downloaded SQLCritUpdWiz_ENU.exe and tried to execute it. I am a System administrator on this machine. However, I am unable to run this, it comes up with a message, Critical Update Unsuccessful.
System Info:My OS is win XP Pro(SP2) and SQL server is 2K SP4.
I have also tried to connect to the SQL server using port numbers via Server Network Utility and Client Network Utility , it didn't work.
Any more ideas?
happy coding!
|
|
|
|
|
The update is for SP1 and Sp2, not for SP4 of SQL Server 2000.
Do you have access to the sql server from other tools? Ist the connectionstring correct?
I never had such problems with SQL Server 2000 (german, devoloper Edit. + Sp3).
André
'A programmer is just a tool which converts caffeine into code'
|
|
|
|
|
Hey guess what !!!!!!
I am in Cloud Nine..........I have cracked it.
When you have a default instance of Sql Server 2000 on win xp pro (SP2), you need to change security settings in the exception tab of the Windows firewall.
Have a look at this article , this was like a missile to kill my frustration.
"http://support.microsoft.com/kb/841251/"
happy coding!
|
|
|
|
|
Suj_78 wrote: When you have a default instance of Sql Server 2000 on win xp pro (SP2), you need to change security settings in the exception tab of the Windows firewall.
Thats why I did't have trouble. I disabled the firewall and so I don't have this problems. So happy SQLing
'A programmer is just a tool which converts caffeine into code'
|
|
|
|
|
Why can't I do this: (This is within a stored proc)
DECLARE @STREAM varchar(2)
DECLARE @METHOD_VERSION VARCHAR(10)
SET @STREAM = dbo.udfSplit (@Msg, ',', 2)
CASE LEFT(@STREAM,1)
WHEN '7' THEN SET @METHOD_VERSION = 'CX'
WHEN '8' SET @METHOD_VERSION = 'DX'
END
Is my understanding that all Switch statements in SQL must be within a query statement correct?
If so it will explain why this wont work.
|
|
|
|
|
evilnoodle wrote: Is my understanding that all Switch statements in SQL must be within a query statement correct?
Yes.
evilnoodle wrote: If so it will explain why this wont work.
Because it isn't in a query statement context. Your are using it in a control flow context
Try something like this:
SET @METHOD_VERSION = CASE LEFT(@STREAM, 1) WHEN '7' THEN 'CX' WHEN '8' THEN 'DX' END
ColinMackay.net
Scottish Developers are looking for speakers for user group sessions over the next few months. Do you want to know more?
|
|
|
|
|
How to display an image in a datagrid in vb.net from the SQL Server where the image is stored in byte form in IMAGE field...
|
|
|
|
|
Does anybody know open source list of countries, cities, states in varius languages in any DB format (SQL SERVER, ORACLE, ACCESS, MYSQL etc...)?
Thanks in advance!
ilan.
|
|
|
|
|
Hi.
I use VS 2005 and ADO.NET 2.0.
The simplest example:
I have DataSet with one DataTable ('Person')
The 'Person' Table has 3 columns:
1.ID -> Autoincrement=True
2.LastName
3.FirstName
On my form I have DataGridView Control and BindingNavigator.
Using BindingNavigator's 'AddNewItem' button, I add new
DataRow to my 'Person' Table then
ID = 1 and i repeat this 3 times.
After that I use BindingNavigator's 'DeleteItem' to remove
last DataRow (ID = 3) from 'Person' Table.
Now, when I add NewItem once again I have new DataRow with
ID = 4.
How can I reset this value back to '3' in autoincrement column?
Somebody can help me, please?
Thanks.
|
|
|
|
|
I have no idea how to accomplish this with either an Autoincrement property or using triggers with sequences. But I do know that since these types of columns are mostly used for primary keys, where the values typically have no relationship to the rest of the data in the row, what reason do you have for wanting some control on the next value after some delete operation has occurred. Consider as well, what happens when you delete where ID = 2; Should the next add do an insert with a value of 2 and then the next add use 4?
Chris Meech
I am Canadian. [heard in a local bar]
When I want privacy, I'll close the bathroom door. [Stan Shannon]
BAD DAY FOR: Friendly competition, as Ford Motor Co. declared the employee parking lot at its truck plant in Dearborn, Mich., off limits to vehicles built by rival companies. Workers have to drive a Ford to work, or park across the street. [CNNMoney.com]
Nice sig! [Tim Deveaux on Matt Newman's sig with a quote from me]
|
|
|
|
|
Typically you shouldn't need to set it back to '3' (and if you DO need to set it back, then there may be a fault in your design). It is common to have these "holes" in key/identity columns in databases. My recommendation would be don't worry about it... leave it as '4'.
~Steve
www.roundpolygons.com
|
|
|
|
|
Hi Guys.
Thank you for all respondings.
Answering to Steve's question: My only problem was,
if I do everything OK (just out of sheer curiosity).
Now I know that it's a problem which isn't open to discussion.
Once again Thanks.
|
|
|
|
|
Hi database people,
If I have a table with one columm (col) and these rows:
A
A
B
C
C
C
NULL
NULL
and I run the query:
select col, count(col) group by col
I get:
A 2
B 1
C 3
NULL 0
How would I change it so that I got the count of nulls (ie. 2) rather than 0?
Any help appreciated!
Regards,
Rob Philpott.
|
|
|
|
|
Give NULL a value that can be counted.
SELECT
ISNULL(col,'NULL') AS col,
COUNT(col)
GROUP BY
col
|
|
|
|
|
yeah, that would do it. Thanks for the reply but if I want to see the count of null alongside the other results?
eg.
A 2
B 1
C 3
NULL 2
?
Regards,
Rob Philpott.
|
|
|
|
|
I believe it does put it alongside.
|
|
|
|
|
Quite right! Genious. Perhaps I should have tried it first...
Thanks for your help.
Regards,
Rob Philpott.
|
|
|
|
|
select count(col) from urtable where col=NULL
_____________________
Proud to be Albanian
_____________________
|
|
|
|
|
this will do it:
SELECT tt.col, Count(isnull(tt.col, 'NULL'))<br />
FROM TempTesting tt<br />
GROUP BY tt.col
~Steve
www.roundpolygons.com
|
|
|
|
|
I think you need to change
SELECT tt.col, Count(isnull(tt.col, 'NULL'))
to
SELECT isnull(tt.col, 'NULL'), Count(tt.col)
and the group by needs the isnull check also.
Chris Meech
I am Canadian. [heard in a local bar]
When I want privacy, I'll close the bathroom door. [Stan Shannon]
BAD DAY FOR: Friendly competition, as Ford Motor Co. declared the employee parking lot at its truck plant in Dearborn, Mich., off limits to vehicles built by rival companies. Workers have to drive a Ford to work, or park across the street. [CNNMoney.com]
Nice sig! [Tim Deveaux on Matt Newman's sig with a quote from me]
-- modified at 13:23 Wednesday 22nd March, 2006
|
|
|
|