|
As I said above you should start by converting your SQL to proper parameterised queries, not concatenated strings. In your code above what will happen if the user types "MyName'; Drop Table tblContact; --"?
You just need to use a compound WHERE clause as described at SQL AND, OR, NOT Operators[^].
[edit]
Thanks to @RichardDeeming for pointing out my syntax error.
[/edit]
modified 12-Mar-19 4:21am.
|
|
|
|
|
Richard MacCutchan wrote: what will happen if the user types "MyName; Drop Table tblContact; --"?
Not much, since you missed the single quote.
MyName'; Drop Table tblContact; --
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
[snicker]
Never underestimate the power of human stupidity -
RAH
I'm old. I know stuff - JSOP
|
|
|
|
|
(again)
|
|
|
|
|
One of these days I will really learn SQL syntax. (maybe)
|
|
|
|
|
Here is my code:
Private Sub Button2_Click(sender As Object, e As EventArgs) Handles Button2.Click
AddHandler send_sms.SerialPort.DataReceived, New SerialDataReceivedEventHandler(AddressOf DataReceived)
Try
With send_sms.SerialPort
rcvdata = ""
send_sms.SerialPort.WriteLine("AT" & vbCrLf) 'is modem okay?
Thread.Sleep(1000)
send_sms.SerialPort.WriteLine("AT+CMGF=1" & vbCrLf) 'To format SMS as a TEXT message
Thread.Sleep(1000)
send_sms.SerialPort.WriteLine("AT+CPMS=""SM""" & vbCrLf) ' Select SIM storage
Threading.Thread.Sleep(1000)
send_sms.SerialPort.WriteLine("AT+CMGL=""REC UNREAD""" & vbCrLf) 'read unread messages
Threading.Thread.Sleep(1000)
send_sms.SerialPort.WriteLine("AT+CMGL=""ALL""" & vbCrLf) 'print all message
Threading.Thread.Sleep(1000)
RichTextBox1.Text = send_sms.SerialPort.ReadBufferSize()
RichTextBox1.Text = send_sms.SerialPort.ReadLine()
' send_sms.SerialPort.ReadLine = RichTextBox1.ToString()
'MsgBox(rcvdata.ToString)
End With
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
Private Sub test(ByVal indata As String)
rcvdata &= indata
End Sub
__ it only read the status of port says "OK"
please, help me.
|
|
|
|
|
It looks like you only read a single line. You need to keep reading until the entire message is received.
|
|
|
|
|
After every Writeline-Command your wait 1 Second and block the complete System during this time.
I suppose you need a kind of Statemachine for your issue.
Perhaps you explain want you want to have happen ...
|
|
|
|
|
how, can u please teach me? thank you
|
|
|
|
|
At first you have to explain what should happen - for example :
you send : ("AT" & vbCrLf)
- you get back ???
then you send (AT+CMGF=1" & vbCrLf)
- you get back ???
then you send ("AT+CPMS=""SM""" & vbCrLf)
- you get back ???
and so on ...
|
|
|
|
|
i already have code for sending sms I want to read the message in case someone reply. Thank you for the advice..
|
|
|
|
|
Hello guys,
What is wrong at below code? I have 3 tables at Access with using INNER JOIN
Private Sub RetrieveData(Optional ByVal blnSearch As Boolean = False)
strSQL = " SELECT tblContact.ContactPK, tblContact.Fullname, tblContact.Nickname, tblContact.Mobile, " &
" tblContact.Phone, tblContact.eMail, tblContact.FacebookID, tblContact.PictureName, tblContact.Note, tblContact.Mobil, tblContact.Area" &
" tblPosition.PositionName, tblDepartment.DepartmentName, tblArea.Areaname " &
" FROM [tblPosition] INNER JOIN [tblDepartment] INNER JOIN (tblArea INNER JOIN tblContact ON " &
" tblDepartment.DepartmentPK = tblContact.DepartmentFK) ON tblPosition.PositionPK = tblContact.PositionFK ON tblArea.AreaPK = tblContact.Area "
'// blnSearch = True for Search
If blnSearch Then
strSQL = strSQL &
" WHERE " &
" [Fullname] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" [Nickname] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" [PositionName] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" [DepartmentName] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" [Mobile] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" [Phone] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" [eMail] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" [FaceBookID] " & " Like '%" & txtSearch.Text & "%'" &
" [Mobil] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" [Area] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" ORDER BY ContactPK "
Else
strSQL = strSQL & " ORDER BY ContactPK "
|
|
|
|
|
At this rate, you're better off composing this query in Access itself; using its query designer.
THEN, you might use the SQL it generated (though creating a temporary Access table is probably better, in your case).
"(I) am amazed to see myself here rather than there ... now rather than then".
― Blaise Pascal
|
|
|
|
|
same error comes up at below too, whats mistake here in syntax ?
Private Sub RetrieveData(Optional ByVal blnSearch As Boolean = False)
strSQL = " SELECT tblContact.ContactPK, tblContact.Fullname, tblContact.Nickname, tblContact.Mobile, " &
" tblContact.Phone, tblContact.eMail, tblContact.FacebookID, tblContact.PictureName, tblContact.Note, tblContact.Mobil, tblContact.Area, tblContact.City, tblContact.State, tblContact.Country, tblContact.Responsible, " &
" tblPosition.PositionName, tblDepartment.DepartmentName " &
" FROM [tblPosition] INNER JOIN (tblDepartment INNER JOIN tblContact ON " &
" tblDepartment.DepartmentPK = tblContact.DepartmentFK) ON tblPosition.PositionPK = tblContact.PositionFK "
'// blnSearch = True for Search
If blnSearch Then
strSQL = strSQL &
" WHERE " &
" [Fullname] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" [Nickname] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" [PositionName] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" [DepartmentName] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" [Mobile] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" [Phone] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" [eMail] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" [FaceBookID] " & " Like '%" & txtSearch.Text & "%'" &
" [Mobil] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" [Area] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" [City] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" [State] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" [Country] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" [Responsible] " & " Like '%" & txtSearch.Text & "%'" & " OR " &
" ORDER BY ContactPK "
Else
strSQL = strSQL & " ORDER BY ContactPK "
End If
'
Try
Cmd = New OleDbCommand
If Conn.State = ConnectionState.Closed Then Conn.Open()
Cmd.Connection = Conn
Cmd.CommandText = strSQL
Dim DR As OleDbDataReader = Cmd.ExecuteReader
Dim i As Long = dgvData.RowCount
While DR.Read
With dgvData
.Rows.Add(i)
.Rows(i).Cells(0).Value = DR.Item("ContactPK").ToString
.Rows(i).Cells(1).Value = DR.Item("Fullname").ToString
.Rows(i).Cells(2).Value = DR.Item("Nickname").ToString
.Rows(i).Cells(3).Value = DR.Item("PositionName").ToString
.Rows(i).Cells(4).Value = DR.Item("DepartmentName").ToString
.Rows(i).Cells(5).Value = DR.Item("Mobile").ToString
.Rows(i).Cells(6).Value = DR.Item("Phone").ToString
.Rows(i).Cells(7).Value = DR.Item("eMail").ToString
.Rows(i).Cells(8).Value = DR.Item("FaceBookID").ToString
.Rows(i).Cells(9).Value = DR.Item("PictureName").ToString
newFileName = DR.Item("PictureName").ToString
.Rows(i).Cells(10).Value = DR.Item("Note").ToString
.Rows(i).Cells(11).Value = DR.Item("Mobil").ToString
.Rows(i).Cells(12).Value = DR.Item("Area").ToString
.Rows(i).Cells(13).Value = DR.Item("City").ToString
.Rows(i).Cells(14).Value = DR.Item("State").ToString
.Rows(i).Cells(15).Value = DR.Item("Country").ToString
.Rows(i).Cells(16).Value = DR.Item("Responsible").ToString
End With
i += 1
End While
lblRecordCount.Text = "[total : " & dgvData.RowCount & " record]"
DR.Close()
Catch ex As Exception
MessageBox.Show(ex.Message)
End Try
'//
txtSearch.Clear()
End Sub
|
|
|
|
|
Missing OR on line
" [FaceBookID] " & " Like '%" & txtSearch.Text & "%'" &
Also you end the where clause with an additional OR
Never underestimate the power of human stupidity -
RAH
I'm old. I know stuff - JSOP
|
|
|
|
|
|
Take Note of Richards reply, not only will you application be safer, and that is a VERY serious issue, but these string structure problems will disappear.
To give you an idea if I (or any competent development manager) saw that code I would immediately reject the application.
Never underestimate the power of human stupidity -
RAH
I'm old. I know stuff - JSOP
|
|
|
|
|
thank you so much, I will follow the advice.
|
|
|
|
|
HI.
I am building a race simulator using outputs from the iRacing SDK. Most outputs are straightforward but some (described in documentation as "FLOAT" are giving me the error: "Value of type 'iracingsdkwrapper.telemetryvalue(of single)'cannot be converted to integer."
I've tried all kinds of things including extensions but nothing gets a useable number from these types of values.
A typical output using .tostring shows the output as -0.0123456 rad
If I try to use Cint(), I get an error:
"An unhandled exception of type 'System.Reflection.TargetInvocationException' occurred in mscorlib.dll
Additional information: Exception has been thrown by the target of an invocation."
I'm using VB.NET through VS2012 Express.
Any help would be greatly appreciated.
Mike.
|
|
|
|
|
Why are you trying to convert such values into integers? The resulting numbers are unlikely to be of any use, as they lose most of their precision. The value -0.0123456 rad looks like an angle, so converting that to an integer will give you -0 which probably is not much use.
|
|
|
|
|
The particular parameter I'm looking at right now is the value for body roll which is, as you say, measured in rads.
The value as generated by the simulator is far too low to use but simply multiplying the value before converting would give me numbers that could safely be translated to integers.
Although the output is very precise, I only need approximate values as they will be mixed in with lateral acceleration, suspension deflection and some other values so any inaccuracies will be lost in the mix so to speak.
I just want a number that I can work with!
|
|
|
|
|
For such a small starting value you need to multiply by 100 or 1000 at least, I would guess.
|
|
|
|
|
That is my intention.
I currently do the same with the Lateral acceleration values which works fine. As would this, if I could get a useful number to start from.
|
|
|
|
|
How to retrieve the data from table and put in textbox
|
|
|
|
|
We will need a lot more information than this in order to help you. Post the code you have already tried and tell us what the problem is
|
|
|
|