|
Ignore the last response because he doesn't actually solve your real problem. Your real problem is the code is susceptable to a SQL Injection Attack.
You should use parameterised queries. e.g.
OleDbDataAdapter1.SelectCommand.CommandText =
"SELECT * FROM Login WHERE username = ?";
OleDbDataAdapter1.SelectCommand.Parameters.Add("", TextBox1.Text);
This will go some way to protecting your database from attack.
You will want to read SQL Injection Attacks and Tips on How to Prevent Them[^] which tells you what a SQL Injection Attack is, how to spot code that is susceptable and how to correct the problem.
|
|
|
|
|
Thanks Colin Angus Mackay, i solve the problem already.
|
|
|
|
|
Colin Angus Mackay wrote: SQL Injection Attacks and Tips on How to Prevent Them[^] which tells you what a SQL Injection Attack is, how to spot code that is susceptable and how to correct the problem.
As often as that article is referenced why not just include it in your sig?
I'd love to help, but unfortunatley I have prior commitments monitoring the length of my grass. :Andrew Bleakley:
|
|
|
|
|
S Douglas wrote: As often as that article is referenced why not just include it in your sig?
I don't currently have room. I'll consider it when space frees up a bit.
|
|
|
|
|
Hi, i don't know if is possible to do this: I want to obtain by a single query, values from 2 identical tables, ok, i can do a query from multiple tables and that will return values with no problem BUT these values are returned horizontally but how can i get these values vertically, i hope you understand the terms horizontally and vertically. If you think what i'm trying to do, is to execute 2 queries in 1.
Example:
select t1.col1, t2.col1 from table1 as t1, table2 as t2
-> 1, 2
-> 4, 7
-> 8, 9
but how can i get this?
-> 1
-> 2
-> 4
-> 7
-> 8
-> 9
or this
-> 1
-> 4
-> 8
-> 2
-> 7
-> 9
|
|
|
|
|
SELECT t1.col1 FROM table1 AS t1
UNION
SELECT t2.col1 FROM table2 AS t2
--EricDV Sig---------
Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them.
- Laurence J. Peters
|
|
|
|
|
|
Can anyone tell what is wrong with this select statement?
Select Statement:
***************************************************
SELECT [Primary Number] FROM [Vital Stats] WHERE [Title-D] IS NULL OR [First Name-D] IS NULL OR
[Last Name-D] IS NULL OR [Inform Title] IS NULL OR [Inform first Name] IS NULL OR
[Inform Last Name] IS NULL OR [Address-infor-1] IS NULL OR [City/town-infor] IS NULL OR
[State-infor] IS NULL OR [ZipCode-infor] IS NULL OR [Inf RevRel] IS NULL OR [Director Name] IS NULL IN(selectedCases)
***************************************************
I'm using VB .NET and the data is being pulled (or should be pulled I should say) from an ACCESS Database
I keep getting this error message:
"Invalid use of IS operator in query expression [Title-D] IS NULL OR [First Name-D] IS NULL OR...."
I want to pull the records that contain a NULL value in any of those fields listed in the select statement.
Any suggestion is valid, since I can't get it to work.
Thank you,
silvionr
|
|
|
|
|
silvionr wrote: IS NULL IN(selectedCases)
Doesn't look right. The two operators (IS Null) and (IN (selected Cases) are run on. I would expact an "AND [field] IN (selectedCases)
You might also want some additional parentheses to clear up the precedence:
silvionr wrote: SELECT [Primary Number] FROM [Vital Stats] ( WHERE [Title-D] IS NULL OR [First Name-D] IS NULL OR
[Last Name-D] IS NULL OR [Inform Title] IS NULL OR [Inform first Name] IS NULL OR
[Inform Last Name] IS NULL OR [Address-infor-1] IS NULL OR [City/town-infor] IS NULL OR
[State-infor] IS NULL OR [ZipCode-infor] IS NULL OR [Inf RevRel] IS NULL OR [Director Name] IS NULL ) ???? [????] IN(selectedCases)
|
|
|
|
|
MSAccess syntax is: ISNULL() - there is no space between IS and NULL , and you need parenthesis.
Also, see what Rob Graham said about your IN clause.
--EricDV Sig---------
Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them.
- Laurence J. Peters
|
|
|
|
|
Hi all,
I see (almost) everywhere that the disconnected model for database access is fabulous. Granted, this is the easiest way in VS 2005 to build an application. And for shure, there are fine things in there, but I have doubt about a few things:
- in a multi-user environment, user A starts the application, and while he browses records, user B changes some of them. Unless user A specifically refreshes the data, he does not see the updated data
- records are not updated as soon as a user moves to another record. Say a user have been adding records for the last 5 minutes and have not hit the SAVE button. Then a loss of power occurs: say goodbye to the changes
- how about transactions
Is it that there are things that I don't understand, or am I right in fearing this model ?
Thanks
Gilles Plante
|
|
|
|
|
Gilles Plante wrote: am I right in fearing this model
No these are all things that you need to account for while devoloping. Make use of time stamp columns often. Ultimatly the disconnected model is less stress on the SQL server. This topic has come up several times on the message board, search it for "disconnected database" and you will find long conversations about how to deal with some of the issues you brought up.
I'd love to help, but unfortunatley I have prior commitments monitoring the length of my grass. :Andrew Bleakley:
|
|
|
|
|
hi every one,
i'm using mixed mode as an authentication mode, the problem that anyone can log in to the database server, please help...
Ala'a Al Atrash
Special Systems Co.
Culture St. - Amman - Jordan
Software Developer
Work Tel:- +962 6 5664221 Ext. 140
Home Tel:- +962 6 4752702
Mobile Tel:- +962 7 96700423
|
|
|
|
|
Ala`a Al Atrash wrote: i'm using mixed mode as an authentication mode, the problem that anyone can log in to the database server, please help...
In that case either you have given everyone the ability to log in via windows authenticaion, or the user name and passwords are out in the open.
A user cannot log into the database unless they supply the credentials to SQL Server that they have permission to log in.
If the user names and passwords are not in the open, perhaps you should review the logins to see who actually has access.
|
|
|
|
|
i wanna ask about the ability to connect sql server 2000 database files
without installing sqlserver 2000 itself but i'm hearin about MS desktop engine can give me this ability with coding using my application is this true or not?
|
|
|
|
|
malaky wrote: i wanna ask about the ability to connect sql server 2000 database files
without installing sqlserver 2000
You cannot.
malaky wrote: i'm hearin about MS desktop engine can give me this ability with coding using my application is this true or not?
If you install MSDE then you can attach your SQL Server 2000 database files (so long as they fit the restrictions of MSDE) and then connect to MSDE. NOTE: MSDE is the desktop edition of the SQL Server 2000 database engine - so you are still installing the engine in order to connect to the database.
|
|
|
|
|
Quote:If you are still not convinced then perhaps there is another reason you should look at migrating. Microsoft is working hard to help customers achieve the highest levels of security. As part of this push we have made the decision to not support MSDE on Windows Vista as we believe the combination of SQL Server 2005 Express and Vista is a better choice.
For further details click here[^]
"The key, the whole key, and nothing but the key, so help me Codd"
|
|
|
|
|
Jerry,
Thanks for the info.
Paul
|
|
|
|
|
Hi guys,
I'm writing a program for the high school where I work, I'm using VB 6 for the interface and MS SQL Server 2000 for the Database server. The thing is our school which belongs to a foundation (which also holds a consultant company) has two different network, the first is 192.168.212.* and the second is 192.168.3.*. I do the programming on the 192.168.212.* network and can access the server just fine if it were also installed with the 192.168.212.* IP number, can you guys please help me as to how can I make my program able to access the server if it were installed on the 192.168.3.* network. Any help would be much appreciated.
twindragons
|
|
|
|
|
Hello,
I am not much of a networking guy and I've had the luxury of not dealing with subnets, but I'll give it a try :->
I have a few questions. Who is on 192.168.212.* the school or the consulting company? Have you tried using the computer's network name instead of the IP?
Paul
|
|
|
|
|
If both networks is on the same cabling system or the same routers. You can do a few things
1) Give each server two IP addresses one each subnet
2) Configure a router to route between the two subnets
3) You can also configure a Windows server to route between the two subnets ( this is easy and cheap)
If the are different cabling / routers then you need to a physical router or and another network card to a server and add the routing.
Look where you want to go not where you don't want to crash.
Bikers Bible
|
|
|
|
|
Frank Kerrigan wrote: If both networks is on the same cabling system or the same routers. You can do a few things
1) Give each server two IP addresses one each subnet
2) Configure a router to route between the two subnets
3) You can also configure a Windows server to route between the two subnets ( this is easy and cheap)
If the are different cabling / routers then you need to a physical router or and another network card to a server and add the routing.
Thanks, Frank. I learned something new today :->
|
|
|
|
|
Hi Frank,
my system admin said that the two subnets are running windows server connected by a linux server, configured as a router. the linux server also route to another linux server (the gateway so they call it) to connect to the internet, each subnet's windows server are also using 2 network cards with different subnet, I have tried to access the server in the school domain (the 192.168.3.*) from my office (192.168.212.*) both by calling the server by name or ip number, but I still can't access the data. I feel awful to bother you by asking this again but I really need it to work. he also said that the port for sql server is not blocked by the firewall. can you please help me.
twindragons
|
|
|
|
|
Not that it entirely matters, but can you ping the SQL Server? Odds are you wont be able to becuase of the subnetting thats in place.
What you may need to ask the network admin to do is create a vlan between your subnet and the subnet that the widows box is on.
http://en.wikipedia.org/wiki/Subnetwork[^]
I have another question, are you located on the same campus? Or are you accessing the school through the internet?
I'd love to help, but unfortunatley I have prior commitments monitoring the length of my grass. :Andrew Bleakley:
|
|
|
|
|
twindragons wrote: I do the programming on the 192.168.212.* network and can access the server just fine if it were also installed with the 192.168.212.*
If your network admins find out that your attempting to statically link to a specific IP address their going to laugh at you during the next network review and change the network schema. You are far better off relying on DNS to do the proper translation; that is what it was invented for after all.
I'd love to help, but unfortunatley I have prior commitments monitoring the length of my grass. :Andrew Bleakley:
|
|
|
|