|
Alaric_ wrote: "SELECT * from isp_email.staff where @id like" + txtname.Text;
Oh Yeah! Another person advising people to put great big security holes in their application.
Please read about SQL Injection Attacks and how to prevent them.[^]
Alaric_ wrote: You need to look up the usage of parameterized queries.
You know about parameterised queries, but you don't advocate it for putting in the value from the TextBox. If you know how to do parameterised queries, why inject the value from the TextBox?
|
|
|
|
|
fixes that...but not quite what you want
...I guess you missed that line. I was advising on syntax. ....Baby steps.
-- modified at 16:50 Wednesday 10th January, 2007
Should be read: Just because I didn't provide information extraneous to the request doesn't mean that I don't know about it.:-> If he would have asked something along the lines of, 'Is this safe?' then I would have given him suggestions on scrubbing his data. ...Another thing, how do you know that his data wasn't scrubbed before the query was specified? I do character validation at the input level to disable invalid input and for any of the text fields that I know are going to be sent through to a query, I send through my SQL formatter. The document you suggested is good for raising discussion but by no means is it perfect. He'll learn about securing his database in his 300 level dba classes. To make the whole thing completely copacetic, I should have suggested something more along the lines of
"SELECT * from isp_email.staff where @id like" + db.ToSQL(txtname.Text);
...happy? (*Note* Remember that it's still not right because he misused the parameter)
|
|
|
|
|
How do I check what kind of file system is installed on a specific drive and is there a way to check if the drive is a CD, an Network share or an USB Drive.
My starting point is like:
---------------------------------
bool driveExist = false;<br />
string[] drives = System.IO.Directory.GetLogicalDrives();
---------------------------------
/Thomas
-- modified at 10:29 Wednesday 10th January, 2007
|
|
|
|
|
|
Hi,
I'm used to c++, and now, with c#, there's one thing that is annoying me:
I want to write text files to disk sequentially, so I dediced to use a StreamWriter. Well, first I create my StreamWriter
StreamWriter filewriter = new StreamWriter(DateTime.Now.ToString("yyyyMMddHHmmss"));
After using it, I close it
filewriter.Close();
and then, how can I open a new file with the same stream writer? Do I have to instance a new streamwriter again? I'm missing c++ filewriter.Open(DateTime.Now.ToString("yyyyMMddHHmmss"));
Thanks in advance.
|
|
|
|
|
The stream writer works as a wrapper around a specific stream. When you close the stream writer it's disposed and not usable any more. To write another stream you create a new stream writer for that stream.
---
Year happy = new Year(2007);
|
|
|
|
|
Ok, thank you for the information. So, now the question is: Is there a file stream oriented object more specialized in reusability?
|
|
|
|
|
jarellan wrote: Is there a file stream oriented object more specialized in reusability?
It has been several years since I last used C++, but I don't think you reused the file resources in C++ either. The when you re-opened a stream you would most likely get a different file handle internally anyway. It was just the class's public interface that made it appear otherwise.
Also, when you Dispose an object in C# (or close a stream) it tells the garbage collector to suppress the finaliser (the .NET equivalent of a destructor). The Finaliser is a safety mechanism in case the managed .NET object goes out of scope while holding onto unmanaged resources, like a file handle. Because the Dispose method and Close method cleans up the unmanaged resources the object can be flagged as not needing to run the finalizer any more. This speeds up garbage collection.
It is possible for an object to call ReRegisterForFinalizer if it needs to, but the documentation does list this very important caveat "Calling the ReRegisterForFinalize method does not guarantee that the garbage collector will call an object's finalizer." [my emphasis]. Without the gurarantee the application could leak memory all over the place if the developer of the client code forgot to call Dispose or Close , or was not disciplined into ensuring that it was called.
I hope this helps.
|
|
|
|
|
I thought c++ fstream open-close doesn't reallocate memory resources...
Anyway, everything I found on the Internet was about StreamWriter, so I think it's the best option...
Thankyou very much.
|
|
|
|
|
jarellan wrote: Is there a file stream oriented object more specialized in reusability?
No, there isn't.
Don't worry about creating a few objects, the memory management in .NET is built to handle that efficiently. Short lived objects are easily handled by the garbage collector, it's actually the objects that you hold on to a bit longer that gets more expensive.
As memory allocation is more expensive in C++, the classes are built for reusability. In .NET it's generally more efficient to just create a new object, so the classes are more often built to be used just once.
---
Year happy = new Year(2007);
|
|
|
|
|
I have to change my mind... Always thinking about memory saving...
Thankyou ;o)
|
|
|
|
|
Hi, I am wondering how can i write only 80 characters to a File.txt file from a string variable line which has more than 100 characters. But rest of the characters should start on a new line in the same file from 81-100. How can i do.
String line=;
FileStream fs = new FileStream("C:\\File.txt", FileMode.Create);
StreamWriter sw = new StreamWriter(fs);
sw.WriteLine(line);
Thanks
|
|
|
|
|
I'll give you a hint: String.ToCharArray
You should be able to complete your homework now.
only two letters away from being an asset
|
|
|
|
|
String line= yourestring.Insert(80,System.Environment.NewLine);
|
|
|
|
|
Use the Substring method to get different parts of a string:
sw.WriteLine(line.Substring(0, 80));<br />
sw.Write(line.Substring(80));
-- modified at 19:16 Wednesday 10th January, 2007
Corrected line,Substring to line.Substring
---
Year happy = new Year(2007);
|
|
|
|
|
substring can give string of 0-80 characters but if i want to to get more strings from 91-100 then it wouldn't work because the second parameter for substring ask how many character you want so i can't even have string.substring(80,string.length).
|
|
|
|
|
umm....Chief, even with the logic that you provided, you could get the 'number of characters that you wanted' by providing
string.substring(80, (string.length-80));
|
|
|
|
|
Look at the code that I gave you. What do you think that the second line does?
If it's not obvious to you, look up the documentation for the Substring method, especially the overload that takes a single parameter.
---
Year happy = new Year(2007);
|
|
|
|
|
...are you saying that to me?
if(you_are)
{
ummm....dude: wasn't replying to you. I was replying to op's post of :
substring can give string of 0-80 characters but if i want to to get more strings from 91-100 then it wouldn't work because the second parameter for substring ask how many character you want so i can't even have string.substring(80,string.length).
..and if you look carefully at the context of my message, you will notice this.
}
else
{
make sure that you reply in the correct context. The way you replied implies that it is tagged to my response.
}
(Nyquist Rate || ! Nyquist Rate)
|
|
|
|
|
Alaric_ wrote: ...are you saying that to me?
Of course not. I replied to netJP12L.
make sure that you reply in the correct context.
I did. I have done this 5000 times before, I think that I have got the hang of it by now...
The way you replied implies that it is tagged to my response.
No, it doesn't. It's just you who aren't familiar with how the tree structure of the thread is displayed. Perhaps it's the lack of the actual tree branches that is confusing?
---
Year happy = new Year(2007);
|
|
|
|
|
...no. The thread spanned 2 pages and the posts in question were on a separate page. Whenever I read your message, I could have sworn it was nested 3 deep
(Nyquist Rate || ! Nyquist Rate)
|
|
|
|
|
Thanks guys i have done it with all of your help. I finally figure out what i really wanted to do.
|
|
|
|
|
Hi all,
My boss has just had a DVMR-N16CD installed along with 6 camera's.
The software viewer (DVR Remote Viewer) connects to the DMVR via port 50000 but when I telnet to that port I get nothing, I have also tried using a Socket connection to connect but receive nothing.
I then used ethereal and watched the communications between my computer and the DMVR using the DVR Remote Viewer and all is fine. I try to replicate the TCP Negotiation but I still get no response.
Anyone had any experience on this?
Regards
Gav
|
|
|
|
|
|
I'm glad someone replied.
It's not so much an C# issue but I would like to use C# to access my DVR Recorder.
I've found some handshakes but they don't seem to respond.
Any idea's?
Gav
|
|
|
|