|
hi all i'm using VB.Net and i have a form that i need to have the results displayed into labels that populate the form.
this is what i have so far
**************** CODE *****************
Private Sub SearchTBBtn_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles SearchTBBtn.Click
Dim Cnxn As New ADODB.Connection
Dim cmdChange As ADODB.Command
'Connection String
Dim strCnxn As String
'SQL Query
Dim strSQL As String
'search criteria
Dim strSearchLName, strSearchFName As String
Dim Now As DateTime
Dim UserPassID As Integer
UserPassID = Val(lblPassID.Text)
'Now = DateTime()
' Now = Format(Now, "h:nnAM/PM")
strSearchLName = txtLName.Text
strSearchFName = txtFName.Text
' define strSQLUpdate to insert the fields
strSQL = "SELECT * FROM Contacts WHERE (LName) = '" & strSearchLName & "' AND (FName) = '" & strSearchFName & "'"
strCnxn = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\RMSC LOGIN\MYDataBase.mdb;Persist Security Info=False"
Cnxn = New ADODB.Connection
Cnxn.Open(strCnxn)
cmdChange = New ADODB.Command ' Create command object
cmdChange.ActiveConnection = Cnxn
cmdChange.CommandText = strSQL
cmdChange.Execute() ' execute the SQL command
' Fill the fields with the results
'************* This is where i have a problem
Dim rsContact As New ADODB.Recordset
rsContact = cmdChange
lblPassID.Refresh()
lblLName.Refresh()
Cnxn.Close() ' Close everything
Cnxn = Nothing
End Sub
*************** END CODE ******************
i guess i don't knowhow to populate the labels with the results of cmdChange
any help would be great
thank you
Help is great only if yu ask correctly
|
|
|
|
|
I would like to move over to the mySQL database for my VS 2002 (V7.0) MFC application. (I have downloaded the current mySQL database and that works fine on my Windows 2000 PC).
I have then downloaded the file mysql++1.7.21.tar (C/C++ API) from the mySQL.com website to interface with my application, but it requires VS 2003 (7.1) to build this library.
Are they any binaries that I can download or how can I proceed.
I have been posting and searching and instructions etc on this interface but not making any progress.
|
|
|
|
|
|
I have bought sql server space, the hosting company as provided me with the login details.
Currently, I am connecting to my database using:
"server=TheIPAddress;uid=admin;pwd=pass;database=TheDatabase"
However, I realise that I should not connect to the database using 'admin' login details as this user is the administrator of the database and it would not be appropriate to this login.
So I tried to create additional users for my DB, but was unsuccessful. After contacting my hosting company, they told me that I cannot create additional users.
So I would like to ask what are my options????
Should I just use 'admin' login details, and hope that nothing serious happens. Or shoudl I really press the hosting company to create additioanl less-powerful users for me. Any other options??
thanks
|
|
|
|
|
If you had real admin rights, you'd be able to create the users...
The normal admin account for SQL Server isn't named 'admin', so they have probably created a non-admin account which has most rights in your database, but not in the others running on the server.
Steve S
Developer for hire
|
|
|
|
|
Yes, you are right. The account provided to us is 'db_owner' so it has full access to the database.
How dangerous is it to provide this account detail in the connection string. Are there any alternatives???
regards
|
|
|
|
|
Only alternative is to programmatically set the properties from code. If you were writing a server component to connect to a database in C++, this is relatively simple, but of course, if the password is compromised, the code needs to be recompiled...
The string should be on server side in ASP or similar, and never in an HTML page sent to the client, of course 
Steve S
Developer for hire
|
|
|
|
|
The string should NOT be in the asp file. It should be encrypted in a separate file and decrypted only to set the connection property.
It will still be compromised during logon. specially if you don't trap for errors and your web page ends up showing "failed to connect to database with connection string ...blah,blah...." but at least no one can tell what the pwd is if they come across the asp source or the file containing the pwd string.
You can use xor encryption which is the most basic one (can download source from web) or buy a component and go triple DES. It depends on how much you value your data (and/or how much trouble you'll get into if you get audited for security)
Ideally too, you should press your hosting company to get at least one more account and create a program that changes the password on that account to some random string, encrypts it and saves it on the pwd file. You use the original account for db maintenance and the new one for access with the application. That way nobody knows what the password is for the application account (the app works because it decrypts the pwd from the file using the appropiate key). You can then easily monitor activity on both accounts. If the app acount is used from any machine other than the server where the asp is running you have intruders. If the original account is used from any machine other than the one you use for maintenance then you have intruders.
Sounds complicated but it is much safer than using only one account for app access and db maintenance. That, and you can tell the security auditor "here is the password file, knock yourself out trying to break in!".
|
|
|
|
|
I am using the like statement in searching forms. It works as long as I don't have a column in the SQL DB which haven't NULL as entry.
For example : A car and it's color
Porsche Grey
Honda NULL
BMW Black
SELECT .... WHERE TYP LIKE 'Porsche%' AND COLOR LIKE '%'
works ! Whole Porsche line
SELECT .... WHERE TYP LIKE '%' AND COLOR LIKE 'Black'
works too. Whole BMWline
but both ...
SELECT .... WHERE TYP LIKE 'Honda%' AND COLOR LIKE '%'
SELECT .... WHERE TYP LIKE 'Honda%'
don't work because Column Color for Honda has a NULL entry. Confusing, isn't it ?
Is this a bug, or something what can be solved ?
|
|
|
|
|
No, not a bug; it can be confusing though.
NULL means "I don't know". You're asking for any colour, but SQL is saying it can't tell if the Honda has a colour (hey, a transparent car!!).
You could try:
SELECT ... WHERE TYP LIKE 'Honda%' AND (COLOR LIKE '%' OR COLOR IS NULL)
I don't know why you're not getting anything for the case where the TYP is specified but not the colour, since that shouldn't cause a problem.
Are you doing a single table query, or is it more complex? If the latter, you might not have results for a different reason, like there being no suitable data (no data in one of the other tables to join, for instance)
Steve S
Developer for hire
|
|
|
|
|
Hi,
I don't know why you're not getting anything for the case where the TYP is specified but not the colour, since that shouldn't cause a problem.
Because there are cases in life where you have to accept nulls. Beside your response I have found a further solution.
Instead TYP I have to write CARS.TYP and CARS.COLOR
CARS is the Table ... and finally it works with the table prefix 
Unbelievable ...
|
|
|
|
|
Vector7 wrote:
Because there are cases in life where you have to accept nulls.
Yes, I know that; I've been using RDBMS for over 20 years
What I was trying to point out was that if you perform a syntactically correct select statement
SELECT * FROM CARS WHERE TYP = 'Honda%'
it should return rows, regardless of whether any column in the table has a NULL value (apart from TYP, obviously!). (Your original post said it wasn't working). If that doesn't work, it suggests issues other than NULL handling.
Since you 'fixed' it by specifying a table prefix, that suggests the parser is otherwise being slightly confused by the names. What version and SP of SQL Server are you running?
Steve S
Developer for hire
|
|
|
|
|
I have a bunch of scripts in one folder (example: c:\myScripts). How can I execute them all as opposed to loading/running them one by one from Query Analyzer?
Thanks.
Norman Fung
|
|
|
|
|
|
Thanks. That's a very handy utility. Can you show me what's the format for -r (resource) argument so I dont have so go over the code? This didn't work for obvious reason:
RunSQL -r localhost -f script.sql
I presume "-r" (resource) is a fully construction connection string? I tried:
RunSQL -r "Data Source=localhost,1433;Initial Catalog=MyDB;User ID=sa;Password=testing" -f "test_RunSQL.sql"
I'm getting a System.ArgumentNullException.
Norman Fung
|
|
|
|
|
"The demo application takes two command line arguments. The first is either a -r (for embedded resource) or -f (for a file). The second argument is either the name of the resource, or the name of the file."
So, you use a -r OR a -f but not both
-r is for an embedded resource. The demo also shows how to embed SQL Scripts as resources in your application so that you don't have to rely on external files.
So all you need is:
RunSQL -r script.sql
Do you want to know more?
WDevs.com - The worlds first Developers Services Provider
|
|
|
|
|
|
for %i in (*.sql) do osql -E %i You might need to use the -U and -P options rather than -E, and you might need to specify -S to run them on another server. If you need to run them in a particular order, remember that NTFS always outputs directory listings in alphabetical order.
Stability. What an interesting concept. -- Chris Maunder
|
|
|
|
|
Dear CPians,
Is there a way to invoke a Web Service from a Stored Procedure?
Thank you,
theJazzyBrain
Excellence is not an act, but a habit! Aristotle
|
|
|
|
|
Anybody knows about this? Any information please!
<italic>Work hard and a bit of luck is the key to success. You don`t need to be genius, to be rich.
|
|
|
|
|
If you fill your database with premium, it runs faster and you get more miles to the gallon.
In other words, what the hell are you talking about ?
Christian
I have several lifelong friends that are New Yorkers but I have always gravitated toward the weirdo's. - Richard Stringer
|
|
|
|
|
I don`t know that databse either. That`s why I ask you guys. Maybe there isn`t any premium database.
<italic>Work hard and a bit of luck is the key to success. You don`t need to be genius, to be rich.
|
|
|
|
|
I see - you've just failed to word your question in a way that makes sense. I'd recommend SQL Server as a database, I think Oracle is the main competitor, and it is utterly crap.
Christian
I have several lifelong friends that are New Yorkers but I have always gravitated toward the weirdo's. - Richard Stringer
|
|
|
|
|
No, no, no. What I meant was, is there any DBMS called "premium".
<italic>Work hard and a bit of luck is the key to success. You don`t need to be genius, to be rich.
|
|
|
|
|
Why would there be ? Have you tried google ?
Christian
I have several lifelong friends that are New Yorkers but I have always gravitated toward the weirdo's. - Richard Stringer
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
