|
I suspect you need to put apostrophes around the values, but the better (much much better) solution is to use a parameterized command.
|
|
|
|
|
thank you so much
but I dont know how should I use parameter!for example I have the CreateUserWizard1.UserName variable but I dont know how should use it as parameter! can you say me how should I do it?
|
|
|
|
|
ur missing objcommand.ExecuteNonQuery(); and parenthesis in code
try this one
<script runat="server">
protected void CreateUserWizard1_CreatedUser(object sender, EventArgs e)
{
System.Data.SqlClient.SqlConnection con = new System.Data.SqlClient.SqlConnection();
string connectionstr=@"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\EHSAN\Documents\Visual Studio 2010\Projects\The Club\The Club\App_Data\Database1.mdf;Integrated Security=True;User Instance=True";
con.ConnectionString=connectionstr;
string sqlstring;
sqlstring ="insert into Authenticate (username,password)VALUES ('"+ CreateUserWizard1.UserName+"','"+CreateUserWizard1.Password+"')";
System.Data.SqlClient.SqlCommand objcommand = new System.Data.SqlClient.SqlCommand(sqlstring, con);
Con.Open();
objcommand.ExecuteNonQuery();
Con.Close();
Response.Redirect("~/Login.aspx");
}
</script>
<asp:Content ID="Content1" ContentPlaceHolderID="cphMain" Runat="server">
<asp:CreateUserWizard ID="CreateUserWizard1" Runat="server"
oncreateduser="CreateUserWizard1_CreatedUser">
</asp:CreateUserWizard>
</asp:Content>
|
|
|
|
|
thank you so much,it works
I had 2 mistake:
1:in insert command
2:in execute command
thank you so much again
|
|
|
|
|
This version is still susceptible to SQL Injection[^]. For example, try a password of:
Robert');DROP TABLE Authenticate;--
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Avoiding SQL Injection[^] isn't hard:
protected void CreateUserWizard1_CreatedUser(object sender, EventArgs e)
{
const string connectionstr = @"...";
const string sqlstring = "insert into Authenticate (username, password) VALUES (@username, @password)";
using (var con = new System.Data.SqlClient.SqlConnection(connectionstr))
using (var objcommand = new System.Data.SqlClient.SqlCommand(sqlstring, con))
{
objcommand.Parameters.AddWithValue("@username", CreateUserWizard1.UserName);
objcommand.Parameters.AddWithValue("@password", CreateUserWizard1.Password);
con.Open();
objcommand.ExecuteNonQuery();
}
Response.Redirect("~/Login.aspx");
}
Once you've fixed that problem, you then need to reconsider how you're storing the passwords. Currently, you're storing them as plain text, which is a terrible idea. If anyone managed to gain access to your database, they would be able to see every password used on your site.
Instead, you should be storing a salted hash of the passwords:
http://crackstation.net/hashing-security.htm[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I am receiving an Overflow error from an INSERT statement. I understand this is because a value that is assigned to a variable is larger than the data type, correct? The database was built in Access.
I pinned the values on screen while debugging and took a screen shot, which is linked herewhich is linked here.
I have double checked the data types and they all seem to match.What am I missing?
Thank you in advance.
Here is the code:
<pre lang="c#"> oleDbComQC.CommandText = "INSERT INTO RANKS ([ACCOUNTS], [EOB], [FPD], [F90P], [PDCHECK], [INCOME], [PD], [PD90P]) " +
"VALUES(@ACCTS, @EOB, @FPD, @F90P, @PDC, @INC, @PD, @PD90)";
oleDbComQC.Parameters.AddWithValue("@ACCTS", OleDbType.Integer);
oleDbComQC.Parameters.AddWithValue("@EOB", OleDbType.Decimal);
oleDbComQC.Parameters.AddWithValue("@FPD", OleDbType.Integer);
oleDbComQC.Parameters.AddWithValue("@F90P", OleDbType.Integer);
oleDbComQC.Parameters.AddWithValue("@PDC", OleDbType.Integer);
oleDbComQC.Parameters.AddWithValue("@INC", OleDbType.Decimal);
oleDbComQC.Parameters.AddWithValue("@PD", OleDbType.Integer);
oleDbComQC.Parameters.AddWithValue("@PD90", OleDbType.Integer);
oleDbComQC.Parameters["@ACCTS"].Value = iAccts;
oleDbComQC.Parameters["@EOB"].Value = decEOB;
oleDbComQC.Parameters["@FPD"].Value = iFPD;
oleDbComQC.Parameters["@F90P"].Value = i90PD;
oleDbComQC.Parameters["@PDC"].Value = iNumChks;
oleDbComQC.Parameters["@INC"].Value = decIncome;
oleDbComQC.Parameters["@PD"].Value = iPPD;
oleDbComQC.Parameters["@PD90"].Value = iP90PD;
Jude
|
|
|
|
|
Solved: The data types in the data table were off.
Jude
|
|
|
|
|
hii my project is school management system but i dont have any about that how to start my project i wanna use oracle 10g and what are the step to create a database ???
|
|
|
|
|
Have a HOWTO[^].
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
|
Firstly, you have to download the Oracle Database Software. go to oracle.com and download the software.
I suggest to download 11g R2 windows version. It's more easier to install on windows than on Linux.
nothimg
|
|
|
|
|
Using SQL Server 2008 r2
I am trying to design a table, which has 2 computed column based on the product of other columns including a computed column, which SQL Server doesn't like.
CREATE TABLE [dbo].[BaseRate2](
[ProductType] [varchar](100) NOT NULL,
[LinkToRate] [decimal](18, 0) NULL,
[CopyOfRates] [decimal](18, 0) NULL,
[BCdiscountLoading] [decimal](18, 0) NULL,
[OtherLoading] [decimal](18, 0) NULL,
[ClaimsLoading] [decimal](18, 0) NULL,
[NoClaimsDiscount3Yr] [decimal](18, 0) NULL,
[NoClaimsDiscount4Yr] [decimal](18, 0) NULL,
[NoClaimsDiscount5Yr] [decimal](18, 0) NULL,
[ConstructionLoading] [decimal](18, 0) NULL,
[DiscretionaryDiscount] [decimal](18, 0) NULL,
[MinPremiumLoading] [decimal](18, 0) NULL,
[SecurityDiscount] [decimal](18, 0) NULL,
[ProductLoading] AS ((((((([ClaimsLoading]*[NoClaimsDiscount3Yr])*[NoClaimsDiscount4Yr])*[NoClaimsDiscount5Yr])*[ConstructionLoading])*[DiscretionaryDiscount])*[MinPremiumLoading])*[SecurityDiscount])
) ON [PRIMARY]
Now when I try to add the second computed column when uses the first computed column (ProductLoading) this is where SQL throws an error as it should do.
RateUsed as ([CopyOfRates] * [BCdiscountLoading] * [OtherLoading] * [ProductLoading])
Is there some other technique that I could design this table without manually calculating these product columns (ProductLoadings and RateUsed).
Thanks
Simon
Lobster Thermidor aux crevettes with a Mornay sauce, served in a Provençale manner with shallots and aubergines, garnished with truffle pate, brandy and a fried egg on top and Spam - Monty Python Spam Sketch
|
|
|
|
|
It blows, because you're using a value in your calculation that might not be available yet. Create the table, and a view - add the second computed field to the view.
Alternatively, you could use a normal (non-calculated) field, and update it's contents using a trigger.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Eddy,
Thanks for that suggestion (views) it worked, but I decided against the idea after following through on the documentation of the table / view as it made it more complex to maintain in this situation.
So sadly I adopted the manual calculations before entering into the table.
Thanks again
Lobster Thermidor aux crevettes with a Mornay sauce, served in a Provençale manner with shallots and aubergines, garnished with truffle pate, brandy and a fried egg on top and Spam - Monty Python Spam Sketch
|
|
|
|
|
As Eddie suggested the Product loading may not exists.
This is not going to make you happy. You can replace [ProductLoading] in your second field with the ENTIRE formula from the first field.
ducks and runs I told you it would not make you happy!
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
I understood the why it isn't working and was trying to see if there was another way to do this computationally.
while I did consider the approach you suggested, I also have to write detailed documentation around this insurance rating API and was looking for a easy / elegant solution that would make documentation easy and clear.
With the documentation in mind I decided that it would be easier for me to explain the columns and how they are calculated manually.
Lobster Thermidor aux crevettes with a Mornay sauce, served in a Provençale manner with shallots and aubergines, garnished with truffle pate, brandy and a fried egg on top and Spam - Monty Python Spam Sketch
|
|
|
|
|
Simon_Whale wrote: easy / elegant solution
Does not describe the way sql works some times.
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
Hence I came here to tap into the vast knowledge of others
Lobster Thermidor aux crevettes with a Mornay sauce, served in a Provençale manner with shallots and aubergines, garnished with truffle pate, brandy and a fried egg on top and Spam - Monty Python Spam Sketch
|
|
|
|
|
How to use pivot in sql server here am having 5 colleges in that 5 programs runnig. in that one college runnig 5 programs and another college runnig 3 programs, another college running 2 programs. when am using pivot in sql server each college displaying 5 programs but i want one college runnig 5 programs and another college runnig 3 programs, another college running 2 programs like this. how to use only one select command
|
|
|
|
|
Documentation is here[^]. What have you tried?
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
|
|
hi
i wanna update some rows in files table but i face with error.
can every one help me?
my code is :
UPDATE [Common]..[com_Files] SET
[ReferenceGuid] = (SELECT [Guid] FROM [Personnel]..Missions
WHERE [PersonnelSystem]..Missions.ID= [Common]..[com_Files].ReferenceID)
WHERE
[ReferenceFlag] = 72 AND
[ReferenceGuid] IS NULL AND
[ReferenceSoftwareGuid] = '66944D9C-31F4-4594-9407-4E1F64C079D9' and
[ReferenceID]= [PersonnelSystem]..Missions.ID
GO
thanks for any help
|
|
|
|
|
mehdi.sabet wrote: [Common]..[com_Files]
mehdi.sabet wrote: [PersonnelSystem]..Missions.ID
mehdi.sabet wrote: [Common]..[com_Files].ReferenceID
Why two dots? Does not look correct.
|
|
|
|
|