|
|
Hi guys,
I've been struggling with a list inside a list. I have a table "cart_product" that contains 2 columns: cart_id and product_id.
Also I have a product table "product" with al the information of a product ( name, product_id, price etc ). I want to get the product information when I read the cart from the website, so I can show the price, name etc.
The problem I have is that I can't combine the 2 classes that I've made. If I use them separate its works correctly but combining them wont work..
public void Fetch()
{
database.Query("SELECT * FROM ws_cart_product WHERE cart_id=?cart_id;");
database.Add("?cart_id", cart_id);
foreach (DataRow row in database.FetchAsDataTable().Rows)
{
cart_id = global.ParseInt(row["cart_id"].ToString());
if (row["product_id"] != DBNull.Value)
{
product_id = global.ParseInt(row["product_id"].ToString());
}
if (row["parent_id"] != DBNull.Value)
{
parent_id = global.ParseInt(row["parent_id"].ToString());
}
if (row["quantity"] != DBNull.Value)
{
quantity = global.ParseInt(row["quantity"].ToString());
}
Product product = new Product();
product.product_id = global.ParseInt(row["product_id"].ToString());
product.Fetch();
}
}
public void Fetch()
{
StringBuilder query = new StringBuilder();
query.Append("SELECT *, ");
query.Append("(");
query.Append("SELECT thumbnail ");
query.Append("FROM ws_product_file, file ");
query.Append("WHERE file.file_id=ws_product_file.file_id ");
query.Append("AND ws_product_file.product_id=ws_product.product_id ");
query.Append("AND file.status_id=1 ");
query.Append("ORDER BY sortorder DESC LIMIT 0,1");
query.Append(") ");
query.Append("AS thumbnail, ");
query.Append("(");
query.Append("SELECT mimetype ");
query.Append("FROM ws_product_file, file ");
query.Append("WHERE file.file_id=ws_product_file.file_id ");
query.Append("AND ws_product_file.product_id=ws_product.product_id ");
query.Append("AND file.status_id=1 ");
query.Append("ORDER BY sortorder DESC LIMIT 0,1");
query.Append(") ");
query.Append("AS mimetype ");
query.Append("FROM webpage, ws_product ");
query.Append("WHERE webpage.status_id=1 ");
query.Append("AND webpage.webpage_type_id=4 ");
query.Append("AND ws_product.product_id=webpage.webpage_type_content_id ");
query.Append("AND ws_product.product_id=?product_id; ");
database.Query(query.ToString());
database.Add("?product_id", product_id);
foreach (DataRow row in database.FetchAsDataTable().Rows)
{
product_id = global.ParseInt(row["product_id"].ToString());
if (row["parent_id"] != DBNull.Value)
{
parent_id = global.ParseInt(row["parent_id"].ToString());
}
if (row["status_id"] != DBNull.Value)
{
status_id = global.ParseInt(row["status_id"].ToString());
}
if (row["create_date"] != DBNull.Value)
{
create_date = global.ParseDateTime(row["create_date"].ToString());
}
if (row["product_no"] != DBNull.Value)
{
}
}
}
If I run them seperate the result would become:
{Dotcontent.CartProduct}
cart_id: 1
product_id: 64
parent_id: 0
quantity: 2
customer_id: 0
guid: null
{Dotcontent.Product}
webpage_id: 145
website_id: 0
status_id: 1
url: "mode360-composer-fotostudio-fa40"
type: null
webpage_type_id: 0
webpage_type_content_id: 0
version: 0
language_id: 0
parent_id: 0
related_webpage_id: 0
title: "Mode360 Composer Fotostudio FA40"
text: null
short_description: null
meta_description: null
published_from: 1-1-0001
published_to: 1-1-0001
created_on: 1-1-0001
created_by: 0
product_id: 64
create_date: 16-9-2016
product_no: "291610"
ean: ""
price_on_request: False
weight: 0
brand_id: 0
in_export: False
template_id: 1
mimetype: "image/jpeg"
thumbnail: "iVBORw0KGg
price: 0
old_price: 0
label: "Tijdelijke aanbieding"
quantity: 0
CartProduct cart = new CartProduct();
cart.cart_id = 1;
cart.Fetch();
Response.Write("<pre>" + ObjectDumper.Dump(cart) + "</pre>");
Product product = new Product();
product.product_id = cart.product_id;
product.Fetch();
Response.Write("<pre>" + ObjectDumper.Dump(product) + "</pre>");
|
|
|
|
|
Message Removed
modified 4-Nov-16 4:40am.
|
|
|
|
|
I made it but ı have a problem.For example a string aaaabbbccccc like this which compress by RLE first then 4a3b5c compress by huffman and output is .huf binary file,no problem here.But when ı want to decompress .huf file by huffman then aaaabbbccccc but it's wrong which must be 4a3b5c then rle decompress and the our orginal text.Why it is like this ?
|
|
|
|
|
Rıza Berkay Ayçelebi wrote: Why it is like this ? Because you have a problem with your logic in your code. Without any code, that's as close as we can get to an answer I'm afraid.
This space for rent
|
|
|
|
|
Most likely you are passing the original string into your huffman routine, rather than the RLE output.
|
|
|
|
|
If you're using Huffman compression anyway, you might as well use a slightly larger alphabet for the RLE so that lengths and "original symbols" don't overlap.
|
|
|
|
|
I have seen examples of capturing screen shots in win forms .but i don't find any demo on asp.net.
Is there a way we can capture portion of screen using asp.net and c#
|
|
|
|
|
I hope that there are still some security mechanisms preventing that. I do not want any web applications taking screen shots on my computer!
|
|
|
|
|
but it is upto the user who wants take a screen shot!
|
|
|
|
|
The user has a button called "Print Screen". No screen grabbing from a browser.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Yes, Of course.this action is explicit.
|
|
|
|
|
Explicit or no, you can't take a screenshot. You're limited to what the web-browser offers.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
You do realise that your C# code runs at the server side don't you? Whatever solution you put in place would require you to use JavaScript.
This space for rent
|
|
|
|
|
this functionality is not achievable in web apps
|
|
|
|
|
And what did you think ASP.NET apps were? Typically, server side apps run on servers with no UI running so you can't exactly take a screenshot of the server.
This space for rent
|
|
|
|
|
feature to take user screen shots by user himself.
like sending an error page to support team.
|
|
|
|
|
You have two choices - find a plugin that screenshot the whole desktop, or limit yourself to capturing the web page[^]. Either way, this is not going to be C#.
This space for rent
|
|
|
|
|
I need to design class library for sql injection prevention by using ASP.NET with C# When the application server received input from the user, it dynamically generated the query based on the input. This query, along with the developer-intended query made use of keyword randomization, where the randomly generated key was appended to the SQL keywords in both queries. These queries were then forwarded to an XML parsing component, which converted both queries into XML trees. and comparing the corresponding nodes in these sub-stacks by using multiple threads, and based on the result of comparison, the algorithm was able to determine whether the dynamically built query was an attack or not. If this query was non-malicious, it was allowed to pass further to the database server for execution. However, if the algorithm determined a query as an attack, it was blocked at the application server and was not sent to the database server for execution. The attack queries were added to an error log to help the system administrators to My Email : [DELETED]@gmail.com
[edit]Email removed - OriginalGriff[/edit]
modified 2-Nov-16 15:46pm.
|
|
|
|
|
Never post your email address in any forum, unless you really like spam! If anyone replies to you, you will receive an email to let you know.
And what have you done so far? Where are you stuck? What help do you need?
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
No, you don't. ADO.NET already has plenty of protection from SQL Injection, in the form of parameterized queries.
Whenever you want to pass parameters to your query, pass them as parameters, rather than trying to stuff them into a dynamic query.
command.CommandText = "SELECT <columns> FROM SomeTable WHERE SomeColumn = '" + parameterValue + "'";
command.CommandText = "SELECT <columns> FROM SomeTable WHERE SomeColumn = @Parameter";
command.Parameters.AddWithValue("@Parameter", parameterValue);
If you're writing dynamic SQL in your stored procedures, use sp_executesql[^] and pass the parameters as parameters.
EXEC N'SELECT <columns> FROM SomeTable WHERE SomeColumn = ''' + @ParameterValue + '''';
EXEC sp_executesql N'SELECT <columns> FROM SomeTable WHERE SomeColumn = @Parameter',
N'@Parameter varchar(20)',
@Parameter = @ParameterValue
;
If you find yourself passing dynamic things that can't be passed as parameters (column names, table names, etc.), try to find a way to avoid doing that. If you can't, then use the system views in SQL to validate the values to death:
SET @Query = N'SELECT <columns> FROM ' + @TableName;
DECLARE @TableID int = OBJECT_ID(@TableName);
If @TableID Is Null RAISERROR('Table does not exist.', 16, 1);
DECLARE @SchemaName sysname, @RealTableName sysname;
SELECT
@SchemaName = S.name,
@RealTableName = T.name
FROM
sys.tables As T
INNER JOIN sys.schemas As S
ON S.schema_id = T.schema_id
WHERE
T.id = @TableID
And
T.type = 'U'
;
If @@ROWCOUNT = 0 RAISERROR('Table does not exist.', 16, 1);
SET @Query = N'SELECT <columns> FROM ' + QUOTENAME(@SchemaName) + N'.' + QUOTENAME(@RealTableName);
If you're passing multiple column names, then you'll need to use one of the many available SQL "split" functions to extract the individual column names.
In other words, rather than wasting your time trying to come up with a complicated scheme to try to detect some types of SQL Injection, use the built-in methods which prevent parameters from ever being treated as code.
Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
We're not here to do the work for you.
My advice, starts out with what you do know, divide the problem into smaller problems that you can handle and come back with a problem that got you stuck, provide information on that (I tried this and and that and search there and there, but I'm still stuck because ...)
Then it is LESS likely you get downvoted and MORE likely to get an answer to your question.
(And even MORE likely that you'll learn something)
|
|
|
|
|
So I decided to update an older application with calls using await...async instead of embeding Thread.Start(() => { myFunction(); }); lambda expressions for long running operations. I have had a few successes but I am a little confused about making asynchronous method call with the dispatcher.
Lets start with the original multithreaded database call. It updates a ListView when it is done.
public bool PushToDatabase(DataCollection data)
{
try
{
PerformDatabaseInsert(data);
App.Current.Dispatcher.Invoke(new Action(() => lst_MyData.ItemsSource = data.ToArray()));
return true;
}
catch (Exception ex)
{
return false;
}
}
This is all wrapped up in a click event in a pop-out control
private void btn_Submit_Click(object sender, RoutedEventArgs e)
{
if (InputsAreGood())
{
DataCollection data = GetFormFields();
Thread thread = new Thread(() =>
{
MainWindow.SetCursor_Wait();
if (PushToDatabase(data))
{
ClosePopOutControl();
}
MainWindow.SetCursor_Arrow();
});
thread.Start();
}
else
{
}
}
Nothing really fancy. The UI remains responsive while the database operation is performed on another thread.
Now, I converted these to asynchronous methods. The code works but I am still not understanding why it is supposed to be better when it seems to make the code look a lot more complicated. I can only surmise that I am going about this all wrong.
First, I moved the ListView update to a separate function.
public async Task UpdateListViewAsync(DataCollection data)
{
await Dispatcher.Invoke(() =>
{
return Task.Run(() => { lst_MyData.ItemsSource = data.ToArray(); });
}
}
And added an async function to perform the database call.
public async Task<bool> PushToDatabaseAsync(DataCollection data)
{
Task<bool> dataPushTask = Task.Run(() => PushToDatabase(data));
bool result = await dataPushTask;
await UpdateListViewAsync();
return result;
}
There are fewer lines of code in the function but am I really gaining anything here?
What I had to rewrite the submit code to really bakes my noodle.
private btn_Submit_Click(object sender, RoutedEventArgs e)
{
bool taskResult;
try
{
MainWindow.SetCursor_Wait();
if (InputsAreGood())
{
DataCollection data = GetFormFields():
Func<Task<bool>> dataPushLambda = async () => await PushToDatabaseAsync(data);
taskResult = await App.Current.Dispatcher.InvokeAsync(dataPushLambda).Result;
if (taskResult)
{
ClosePopOutForm();
}
else
{
}
}
else
{
}
}
catch (Exception ex)
{
}
finally
{
MainWindow.SetCusor_Arrow();
}
}
What am looking for is a deeper explanation of what is going on with these two lines
Func<Task<bool>> dataPushLambda = async () => await PushToDatabaseAsync(data);
taskResult = await App.Current.Dispatcher.InvokeAsync(dataPushLambda).Result;
Also, what is the difference between these two lines?
taskResult = await App.Current.Dispatcher.InvokeAsync(dataPushLambda).Result;
taskResult = await await App.Current.Dispatcher.InvokeAsync(dataPushLambda);
Lastly, I ran into a lot of trouble with the InvokeAsync call not accepting Task<bool> but I couldn't find anything else that would work.
Is there a better way to call async methods with the Dispatcher then what I have here?
Is (or why is) async...await better then spinning up a separate thread for long running operations?
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|
|
Foothill wrote: it seems to make the code look a lot more complicated
That's because you've significantly over-complicated it!
private btn_Submit_Click(object sender, RoutedEventArgs e)
{
try
{
MainWindow.SetCursor_Wait();
if (InputsAreGood())
{
DataCollection data = GetFormFields():
await PushDataToDatabaseAsync(data);
ClosePopOutForm();
}
else
{
}
}
catch (Exception ex)
{
}
finally
{
MainWindow.SetCusor_Arrow();
}
}
private async Task PushToDatabaseAsync(DataCollection data)
{
await Task.Run(() => PerformDatabaseInsert(data));
if (Dispatcher.CheckAccess())
{
UpdateList(data)
}
else
{
await Dispatcher.BeginInvoke((Action<DataCollection>)UpdateList, data);
}
}
private void UpdateList(DataCollection data)
{
lst_MyData.ItemsSource = data.ToArray();
}
NB: If at all possible, you should make your PerformDatabaseInsert method async , using the built-in async methods on the DbConnection / DbCommand types. If you're using a DataAdapter , there's no async support, so you're stuck with pushing the update onto a background thread.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I can see that. I guess I will chalk that up to this being my first serious attempt and multithreading with the async...await model.
Currently reading Best Practices in Asynchronous Programming to get a better idea of what I am doing wrong here and what is the right way.
Any other tips to get me started would be appreciated.
Does over-complicating something simple make me an engineer?
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|