|
I want to update a row in my local DB, and what should I use for updating? with executeNonQuery() it doesn't work, or I am doing something else wrong? Here is the code:
string updateQuery = "UPDATE Credentials SET Username = '" + txtUser.Text + "', Password = '" + txtPass.Text + "', Address = '" + txtAddress.Text + "' WHERE Username='" + user + "', Password='" + pass + "', Address='" + address + "'";
SqlCommand updateCom = con.CreateCommand();
SqlDataAdapter adapter2 = new SqlDataAdapter();
updateCom.CommandText = updateQuery;
adapter2.SelectCommand = updateCom;
DataSet updateDataSet = new DataSet();
adapter2.Fill(updateDataSet, dataTableName);
comm.ExecuteNonQuery();
con.Close();
thx for the help
|
|
|
|
|
Well, you know that this code is very insecure and easy to hack, right ?
What is con ? This does look messy to me. You don't need half of these objects, I am sure of that.
Here is an example I found with google:
Public Sub CreateMySqlCommand(myExecuteQuery As String, myConnection As SqlConnection)
Dim myCommand As New SqlCommand(myExecuteQuery, myConnection)
myCommand.Connection.Open()
myCommand.ExecuteNonQuery()
myConnection.Close()
End Sub 'CreateMySqlCommand
IT's VB.NET, but it's clear which objects you should use, how you should use them, and where you're getting confused.
Christian Graus
Please read this if you don't understand the answer I've given you. If you're still stuck, ask me for more information.
|
|
|
|
|
con is the sql connection what I am declaring above the query. It doesn't work on the way you told me, but thx for the help anyway
|
|
|
|
|
As colin said, you are wide open for attacks. The code I posted, is all you need. If your SQL itself is broken, I don't know, I didn't look that deep, the code was too stuffed for me to worry.
Run your code in the debugger, get out the SQL string, run it inside the DB directly, and work out if you have errors in your SQL. Then fix your SQL access code. Then read up on SQL injection and make your code safe. Right now, it's a mess on all fronts.
Christian Graus
Please read this if you don't understand the answer I've given you. If you're still stuck, ask me for more information.
|
|
|
|
|
string updateQuery = "UPDATE Credentials SET Username = '" + txtUser.Text + "', Password = '" + txtPass.Text + "', Address = '" + txtAddress.Text + "' WHERE Username='" + user + "', Password='" + pass + "', Address='" + address + "'";
---> i think this is the first error, change to this :
string updateQuery = "UPDATE Credentials SET Username = '" + txtUser.Text + "', Password = '" + txtPass.Text + "', Address = '" + txtAddress.Text + "' WHERE Username='" + user + "' AND Password='" + pass + "' AND Address='" + address + "'";
SqlCommand updateCom = con.CreateCommand();
SqlDataAdapter adapter2 = new SqlDataAdapter();
updateCom.CommandText = updateQuery;
adapter2.SelectCommand = updateCom;
DataSet updateDataSet = new DataSet();
adapter2.Fill(updateDataSet, dataTableName);
con.Open();
comm.ExecuteNonQuery();
con.Close();
dhaim
program is hobby that make some money as side effect
|
|
|
|
|
dhaim wrote: change to this
NO! That is still vulnerable to SQL Injection Attacks.
|
|
|
|
|
i know, even in my code i will not do that, just reply submitted code
dhaim
program is hobby that make some money as side effect
|
|
|
|
|
the same query, like I wroted here, I am using with MSSMS, and it works fine and is updating the table, and when I am using here with C#, it doesn't. I get rid of the DataAdapters, I put them because I thought is similar like for SELECT query, now I remove them. The connection is open before the query, I am having one more query for selecting the data, and after that I am trying to update the data. According to your last post, now my code looks like this:
//the connection is already open
con.Open();
string updateQuery = "UPDATE Credentials SET Username = '" + txtUser.Text + "', Password = '" + txtPass.Text + "', Address = '" + txtAddress.Text + "' WHERE Username='" + user + "',AND Password='" + pass + "', AND Address='" + address + "'";
SqlCommand updateCom = con.CreateCommand();
updateCom.CommandText = updateQuery;
comm.ExecuteNonQuery();
con.Close();
thx guys...
|
|
|
|
|
Well, the SQL looks like it should run. So, one has to ask, how do you know it's not working ? Are you sure a record with those three values exists ? Why are you using three values instead of a primary key ?
Christian Graus
Please read this if you don't understand the answer I've given you. If you're still stuck, ask me for more information.
|
|
|
|
|
First off the biggest WTF with this is that it is susceptable to a SQL Injection Attack. Please learn about these and protect your self (they are created by poor programming practices). Here is an article that should help you avoid SQL Injection Attacks in the future: http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx[^]
Secondly, there is zero need for a SqlAdapter in this case. You need a SqlConnection and a SqlCommand - that is all.
|
|
|
|
|
I don't care about the injection right now...I just want to update the record, to see how is working...after that I can try to update with stored procedure, if you guys know how I can update with stored procedure I will be very grateful.
|
|
|
|
|
You don't NEED a stored proc, and if you can't work out how to run SQL, I don't see how you can work out how to run the proc, which involves more code. You need to get rid of all the crap in your function, as I already said, and as Colin said. Perhaps you need to start with SQL like 'insert into mytable values(1,2,3)' or whatever, SQL that is simple and you know works. Then use this to fix your SQL access code. Then work out the problems in your SQL.
If you prefer to run a proc, that's fine, and almost as easy, the examples are just as easy to google, too. A stored proc will give you a degree of injection protection, too.
Christian Graus
Please read this if you don't understand the answer I've given you. If you're still stuck, ask me for more information.
|
|
|
|
|
The same query works fine at SSMSE, the problem is where is my mistake here, and why I cannot implement at the C# code.
|
|
|
|
|
ok guys, I solved, thx for the help anyway, and have a nice day
string updateQuery = someString;
SqlCommand updateCom = con.CreateCommand();
updateCom.CommandText = updateQuery;
int test = updateCom.ExecuteNonQuery();
con.Close();
|
|
|
|
|
how to use calculous to programing three dimensional graphics
in another way ,which one can tell me introduction use the skill(technology) programing one-segment program to implement three dimensional graphics...like render a cube on the screen!
it's better write by the c# or java ,certainly write other of language is ok.i an just curious about the technology !
|
|
|
|
|
C++ is the best language to use if you want to write a ray tracing program, and that's what you need to google, ray tracing.
Christian Graus
Please read this if you don't understand the answer I've given you. If you're still stuck, ask me for more information.
|
|
|
|
|
chenli0513 wrote: how to use calculous to programing three dimensional graphics
You wont get far if you don't know how to spell calculus.
|
|
|
|
|
Calculus isn't appropriate for this; you need linear algebra and geometry.
Your basic problem is transforming a 3D point (space) to a 2D point (x, y coordinates on a screen). This problem has already been solved by others, and is called the "viewing transformation". If you Google this term you'll get links telling you how to do it. It's not hard.
|
|
|
|
|
...is there such a thing?
There is a need to limit the number of characters that can be entered into a NumericUpDown control and I have done this by handling the control's KeyPress event and checking that the length of the text will not exceed the length of the NumericUpDown.Maximum property.
The problem that has left me stumped is handling the case where the user has any number of characters selected in the control and attempts to overwrite the selected character(s) with new ones; I can't handle this case properly because I can't get hold of the SelectedText in the NumericUpDown (because it doesn't exist as a property).
Does anyone have any ideas?
|
|
|
|
|
Hi.
There is no such property.
The property you are looking for is NumericUpDown.Value.
There are three ways for a user to change this value:
1. By clicking the up/down buttons
2. By using up/down (keyboard) buttons
3. By typing any numbers and LEAVE the control
If the typed number is bigger than NumericUpDown.MaxValue (or smaller than MinValue) it will be adjusted.
The Value property will NEVER be bigger than MaxValue..
To control the value, use the ValueChanged event
Kjetil
|
|
|
|
|
Hi, thanks for your reply.
I know validation is performed when the control loses focus, but the thing is I need to be able to perform validation on key press, hence the need for using the KeyPress event and for being able to work out somehow whether or not the text in the NumericUpDown is currently selected.
cheers!
|
|
|
|
|
Hi,
I'm using a propertygrid to view properties of my objects. This works fine for when I have one object selected I also got it to work for multiple objects. But my problem is that I have an "Name" property. When I have selected multiple Items I can set the name property. But I don't want to have the same name.
I there a way to disable this property in the properygrid only when there are multiple objects selected??
Thanks.
|
|
|
|
|
I'm getting this error this morning. I believe it was caused by me deleting an empty resourcefile from my project. I can compile and run the code fine but if i go to any of the ui elements within the project I get the WSOD with this message on it:
Projectitem unavailable.
Hide
at EnvDTE.ProjectItem.get_FileCount()
at Microsoft.VisualStudio.Design.Serialization.ResXGlobalObjectProvider.GetFileNameForProjectItem(ProjectItem item)
at Microsoft.VisualStudio.Design.Serialization.ResXGlobalObject.BuildType()
at Microsoft.VisualStudio.Design.Serialization.ResXGlobalObject.GetObjectType()
at Microsoft.VisualStudio.Shell.Design.GlobalType.get_ObjectType()
at Microsoft.VisualStudio.Shell.Design.GlobalObject.GetHashCode()
at Microsoft.VisualStudio.Shell.Design.GlobalObjectService.GlobalKey.GetHashCode()
at System.Collections.Generic.ObjectEqualityComparer`1.GetHashCode(T obj)
at System.Collections.Generic.Dictionary`2.FindEntry(TKey key)
at System.Collections.Generic.Dictionary`2.ContainsKey(TKey key)
at Microsoft.VisualStudio.Shell.Design.GlobalObjectService.GetGlobalObjects(Type baseType)
at Microsoft.VisualStudio.Shell.Design.GlobalObjectService.GetGlobalObjects()
at Microsoft.VisualStudio.Design.Serialization.CodeDom.AggregateTypeResolutionService.GetTypeFromGlobalObjects(String name, Boolean throwOnError, Boolean ignoreCase)
at Microsoft.VisualStudio.Design.Serialization.CodeDom.AggregateTypeResolutionService.GetType(String name, Boolean throwOnError, Boolean ignoreCase)
at Microsoft.VisualStudio.Design.Serialization.CodeDom.AggregateTypeResolutionService.GetType(String name)
at System.ComponentModel.Design.DesignerHost.System.ComponentModel.Design.IDesignerHost.GetType(String typeName)
at System.ComponentModel.Design.Serialization.CodeDomDesignerLoader.EnsureDocument(IDesignerSerializationManager manager)
at System.ComponentModel.Design.Serialization.CodeDomDesignerLoader.PerformLoad(IDesignerSerializationManager manager)
at Microsoft.VisualStudio.Design.Serialization.CodeDom.VSCodeDomDesignerLoader.PerformLoad(IDesignerSerializationManager serializationManager)
at Microsoft.VisualStudio.Design.Serialization.CodeDom.VSCodeDomDesignerLoader.DeferredLoadHandler.Microsoft.VisualStudio.TextManager.Interop.IVsTextBufferDataEvents.OnLoadCompleted(Int32 fReload)
Any ideas how to fix this?
Cheers
Russell
|
|
|
|
|
I can verify that you get a projectitem unavailable error after removing the settsings file. The solution is as simple as you would think however. Simply add a new settings file usally 'settings1.settings' and move it into the properties folder. VS will then readd a settings.settings file. ?But it works.
|
|
|
|
|
Hi, I have the same problem! how did you solve it?
thanks!
|
|
|
|