|
hi,
check whether datatype of Column A or Column B is numeric or not. I think Both A and B is not numeric
Rupesh Kumar Swami
Software Engineer,
Integrated Solution,
Bikaner (India)
|
|
|
|
|
Anyone knows how to set media format when ripping CD? e.i. WMA, MP3...
and also the bitrate?
Thanks.
|
|
|
|
|
can i insert the single quotes programatically into the database.
|
|
|
|
|
Hi,
Yes u can add quotes just by replacing single quote with double quote. Replacing will add only single quote in database.
Example:
strName=Xyz's
"Insert into table1(Name) Values('" & Replace(strName,"'","''") & "')"
Regards
Ali Raza
|
|
|
|
|
|
While the previous poster did answer your question the result is very poor and potentially dangerous advice.
That way SQL Injection Attacks lay. Please read SQL Injection Attacks and Tips on How To Prevent Them[^] and then change your code to use parameterised queries rather than string substitution.
|
|
|
|
|
That way SQL Injection Attacks lay - While you did answer the OP's question, the better answer would have been to replace string injection with parameterised queries. That way you don't have to worry about apostrophes in the data and you help prevent SQL Injection Attacks.
Please read SQL Injection Attacks and Tips on How to Prevent Them[^]
|
|
|
|
|
yes, you can.
try following format
str="insert into table1 values (" & """" & var1 & """" & ")"
where var1 may contain single & double quotes.
hope this helps
Rupesh Kumar Swami
Software Engineer,
Integrated Solution,
Bikaner (India)
|
|
|
|
|
|
Not another one. Please please please! Will people please learn about SQL Injection Attacks!
If you see someone asking a question like this again the best course is to guide them towards parameterised queries as it helps prevent SQL Injection Attacks. Any answer that still involved injecting data in to a SQL String is potentially dangerous.
Please read SQL Injection Attacks and Tips on How to Prevent Them[^]
|
|
|
|
|
Yes, you don't want an angry Scot after you!
__________________
Bob is my homeboy.
|
|
|
|
|
"If it's not Scottish - It's CR****P!"
|
|
|
|
|
Dave Kreskowiak wrote: "If it's not Scottish - It's CR****P!"
Gaun yersel there, Big Yin.
|
|
|
|
|
Colin Angus Mackay wrote: Gaun yersel there, Big Yin.
It took me a minute to figure that one out! Thank you!
|
|
|
|
|
Colin Angus Mackay wrote: Please please please! Will people please learn about SQL Injection Attacks!
No kidding...
|
|
|
|
|
I think that you should read what you are linking to yourself.
If the values are encoded correctly, there is no problem with concatenating string to create an SQL query. It's only if you do it wrong that the code is subject to SQL injections.
Doing it right is not trivial, though, and the methods presented in this thread is for example not at all suitable if you are using an MySQL database. To encode a string for MySQL you would instead replace "\" with "\\", then replace "'" with "\'".
So, using parameterised queries is good advice. It's not, however, the only way to protect the code against SQL injections.
---
single minded; short sighted; long gone;
|
|
|
|
|
Hi,
I don't know if could exist other problems, but I've resolved the problem doubling the apostrophes:
str="INSERT INTO Table1 VALUES(" & Replace(Var1,"'","''") & ")"
In this way, SQL injection by writing apostrophes is not possible (or it is anyway ?)
Peace!
|
|
|
|
|
But you are still injecting values into the SQL command. If you are injecting values in to the SQL command then attacks are possible. That's why it is called a SQL injection attack.
|
|
|
|
|
It isn't that hard to add in code to prevent the injection attacks, if I may add
|
|
|
|
|
How to add an event to Runtime Controls(TextBox) in vb6
Iam using VB6. During Form_Load iam creating textbox dynamically.
I want to add a event for the textbox.
Please tell me...
Thanks & Regards
Kumaran
|
|
|
|
|
I guess you have to take help of API's for that , as VB6 don't have any such provision provided for Events
Thanks & Wishes
Navneet Hegde
Nashik
Develop2Program & Program2Develop
|
|
|
|
|
|
Is it possible to get the current user's windows logon password? I have an application which requires the user to logon, but would like to first try and logon with the same user name and password the user has as their windows logon, thus if they are the same, I will not need to ask the user for the logon name and password again.
Steve Jowett
-------------------------
Sometimes a man who deserves to be looked down upon because he is a fool, is only despised only because he is an 'I.T. Consultant'
|
|
|
|
|
Yes Of Course, You have to and if you have no proper right you can't proceed further .
Thanks & wishes
Navneet Hegde
Nashik
Develop2Program & Program2Develop
|
|
|
|
|
My question was, although I did not actually say so, is "How do I get the current user's windows logon password, in VB.NEt code?"
Sorry of not stating my requirement clearly.
Regard
Steve Jowett
-------------------------
Sometimes a man who deserves to be looked down upon because he is a fool, is only despised only because he is an 'I.T. Consultant'
|
|
|
|