|
Thank you for your comments and the links.
It looks like the article on protecting against SQLInjection Attacks covers what I need very nicely. In my case I'm lucky in that I'm the one writing the select statement and dealing with the parameter values, so since I'm not going to Attack my own system , I don't have to worry about this.
Thanks again.
|
|
|
|
|
howardjr wrote: In my case I'm lucky in that I'm the one writing the select statement and dealing with the parameter values, so since I'm not going to Attack my own system , I don't have to worry about this.
Statistically 90% of all attacks are insider jobs. You might need protection from yourself.
|
|
|
|
|
Colin Angus Mackay wrote: You might need protection from yourself.
Don't you also mean from employees within an organization?
Some people have a memory and an attention span, you should try them out one day. - Jeremy Falcon
|
|
|
|
|
PaulC1972 wrote: Don't you also mean from employees within an organization?
Never underestimate the cunning of a master hacker.
|
|
|
|
|
True enough -- I never know what I'm going to do when I'm sleep-computing.
|
|
|
|
|
Hi ..
when I build a table and indicate the size of all fields like
Name char(30)
Address char(100)
when I enter the data on the table I found that the program is complete the lengn of filed to equal it's size like 30 or 100 as shown above with spaces ...
then when I deal with the table with vb.net items like TextBox this spaces is appear and it's makeing a problem for me
please ... any one come to aid me , i searched alot without any result
( (
jooooo
|
|
|
|
|
kindman_nb wrote: please ... any one come to aid me , i searched alot without any result
Use a varchar and not a char . Only use char if the value is always a fixed length or you are using it as a key. (Not that it is a good idea to key on a char column)
|
|
|
|
|
|
Left Trim LTRIM(field)
Right Trim RTRIM(field)
Both LTRIM(RTRIM(field))
Blog Have I http:\\www.frankkerrigan.com
|
|
|
|
|
|
Hi All,
I am looking to use DTS to manipulate data from a number of sources (access, oracle, etc.) and am looking for some direction as to best practices and gotchas that I should worry about. Do people recommend using DTS or is there a better way of doing this type of data import/manipulation? What would I use Data Link for when using DTS?
Thanks in advance,
---Jay
|
|
|
|
|
|
oh there is .NET 2.0 version as well.
Which is a bit nicer than the .NET 1.1 version
Blog Have I http:\\www.frankkerrigan.com
|
|
|
|
|
Hi All,
I am doing some research about External Linked Servers and am hoping that someone can point me towards some best practices information and let me know about any gotchas that I should look out for when using this capability in applications.
Thanks in advance,
---Jay
|
|
|
|
|
I've quite a lot of experience in this in a few companies and this is how it generally work
Between SQL server no issues
Between other servers (Progress, Oracle, SyBase etc.....) issues are
* Timeouts in SQL command
* Large data migration or copy of large data chunks fails due to ODBC time outs.
* SQL92 is not a standard standard (work different on different boxes)
* You tend to go for extracts to text files for large data volumes and using dts, as it tends to work
Blog Have I http:\\www.frankkerrigan.com
|
|
|
|
|
Hi All,
I am doing some research on the use of ODBC descriptors and hope that the community might have some opinions:
Is anybody out there using ODBC descriptors in their applications?
What are you using them for and why?
Are their alternatives to using them?
Thanks in advance,
---Jay
|
|
|
|
|
I want to implement ajax controls in web application using .net i dont have any idea about this control n i am not getting anythg into my head abt ajax controls pls help me in this matter n mail me to priya.idiol@gmail.com
regards priya
priya fernandes
|
|
|
|
|
Wrong forum - Try the ASP.NET forum.
|
|
|
|
|
hi guys
i have two tables named (table1) and (table2),,
there is a field named ID which belongs to both tables ,,
i want to delete matching records from both tables based on this ID field which is a nvarchar type ,, can any body tell me the exzact query
thanks in advance
hello
|
|
|
|
|
ghumman63 wrote: there is a field named ID which belongs to both tables
Which way does the relationship go? - You have to delete the child first otherwise you get an integrity violation. However, if you have cascading deletes then you can delete the parent and it will cascade delete the child too. (Most people have this off because it can cause devistation if not used properly)
|
|
|
|
|
what if there is no relationship between both tables ?
hello
|
|
|
|
|
If there is no physical relationship (as specified by a Foreign Key), but an implied (logical) one, then it doesn't matter which order you delete the records. What I would do though, is wrap both deletes in a transaction so that you don't get orphaned rows.
the last thing I want to see is some pasty-faced geek with skin so pale that it's almost translucent trying to bump parts with a partner - John Simmons / outlaw programmer
Deja View - the feeling that you've seen this post before.
|
|
|
|
|
Create a trigger that deletes records from the second trigger based on the deleted values from the first
create trigger dbo.DeleteTrigger on dbo.table1<br />
FOR DELETE<br />
AS<br />
DELETE table2 <br />
WHERE table2.ID = ( SELECT ID FROM DELETED)<br />
go
Blog Have I http:\\www.frankkerrigan.com
|
|
|
|
|
Hi
I am noob trying to learn ADO using C# 2005. I am trying to create a simple contact manager that can store contact data. I want to include Add, Edit & Delete buttons so that i can add, edit & delete a record from contract manager. Can anyone tell me how should i go about doing this? I can add the automated data navigator for this but i dont want to do that. I want to write my own code for it. Any help will be appriciated
Thanks
Irfan
I am still learning
|
|
|
|
|
Best approach is to write a DAL (Data Abstraction Layer). This essentially means creating a class (or group of classes) to handle your database interaction. Your application can then call the DAL class(es) rather than the database direct. At a conference I was at a couple of weeks ago one of the speakers gave some excellent advice: If you have anything from your System.Data namespace in the presentation layer (your WinForm or WebForm class, or control classes, etc.) then there is something wrong with the design.
In the DAL class(es) you connect to the database, perform your query, close the connection and return the data.
The way I do it is that each public method in the DAL is a proxy for a stored procedure in the database.
Remember that you can send pretty much and SQL into a SqlCommand. So if you can do it in Query Analyser or SQL Server Management Studio, then you can issue it via a SqlCommand (Just Remember that GO splits the batch, and that isn't supported - you must only issue one batch at a time, but you can have as many SQL Commands as you like in a batch)
Does this help?
|
|
|
|