I will post a sequence of examples and thought about sql injection, I wish the expert will correct any small mistake in what I will say so I can know exactly the possible danger.
The required is to create a function in vb.net that accept 2 parameter (table_name, fields_list) and return the result in datatable
Now, I am aware of that table_name and fields_list cannot be passed as parameter to the command object using .AddParameter
here is a couple of thoughts, what I would like to know is
1- which function is exposed to sql injection
2- Which function is more safe
Public Class Form14
Dim conn as New SqlClient.SqlConnection(connection_string)
Private Sub Button1_Click( ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
I have a table which contains a list of products for a company. They input data about how much stock they have and also the level at which they want to be reminded that they need to order new stock.
[Code]...
I want to list all the true results in a form which the user is then able to navigate through. What would be the best way to go about doing this?
I have a data grid view on a form which is currently filled with the following query:
SELECT TopicCode, TopicName, NoOfCourses, Lev FROM tblTopics WHERE TopicCode = @TopicCode1(Where I obviously pass a TopicCode parameter) However, I have added two custom columns to the data grid view, and the values that i want be in here are in a different table than the query i'm using to fill the data grid view.is it possible to "nest" queries? which will allow me to select fields from two different tables?
Example:SELECT TopicCode, TopicName, NoOfCourses, Duration, Lev FROM tblTopics AND SELECT StartDate, EndDate FROM tblSubscriptions WHERE TopicCode = @TopicCode1
I am using the following code to get all my database fields, I would like to convert one of the fields to Cdbl, not sure how to do that
Dim comm As New OleDb.OleDbCommand("Select * From " & Me.OpenFileDialog1.SafeFileName & " Where Status <> 'S'", con)
I know how to individually do it field by field but i dont want to have to write a select for each field if that makes sense?
Dim comm2 As New OleDbCommand("Select Cdbl([Selling Price]) as SoldPrice, Status From " & Me.OpenFileDialog1.SafeFileName & " Where Status = 'S'", con)
So something that pulls ALL fields and converts one
I have two tables Employees and CafeLogs. Some employees can be cashiers and also customers at the Cafe shop.
Table structures:
Employees: EmployeeId(PK) , FirstName, LastName CafeLogs: LogId (PK), CashierId, EmployeeId, Value, => CashierId and EmployeeId are the data from column EmployeeId of Empoyee table
Table relationship:
Employees 1:N CafeLogs (CashierId (FK))
[code]....
Right now I know how to select only LogId, Employee's name, and , Value, not with Cashier name yet.
Dim query = From log In db.CafeLogs _ Join emp In db.Employees On emp.EmployeeId Equals log.EmployeeId _ Select log.LogId, emp.FirsName, emp.LastName, log.Value
in my form, I want to display a 200x200 table each field containing a 16x16 image. There should be no space between fields, and the fields need to be selectable... how to create such table.
I have been using the code below to edit SQL database fields from the data stored in a dataset. Problem is I have to repeat this long code for each database field to be edited....I find this very tiring...IS THERE A SHORTER WAY OF EDITING SQL Database FIELDS. (Am using VS 2005 and SQL Server 2005
'3. Create an Update command Dim strUpdateAccounts As String = "UPDATE Accounts SET Description = @Description" 'create a SqlCommand object and assign it to the UpdateCommand property
Assume my form has four text boxes and it's bond with a Dataset, therefore The user can 1-4 fields. Typically I write one update statement that take four input parameters. Therefore I update the updated fields as well as non updated field. To do this in the proper way, how many update statements I have to write? Or How do I do this update properly? I use SQL server 2K5
Using myConnection As New System.Data.OleDb.OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & databasePath & ";User Id=admin;Password=;")
[Code]......
This did not work but did when i just tried creating the table and not the fields.
Have anyone developed a textbox where it is possible to display 2 fields in the textbox. We want to be able to show ID + description in the same textbox. (When user enter the textbox description may go away and the user can enter an ID)
In my first attempt to create a Class that contains something useful (if you will), I am a little lost what a sound way to proceed is. I am trying to make a table that has fields and records. Perhaps imagine a tiny spreadsheet. So, I create my Class. Properties might include the number of columns, the column titles, and the number of rows or records. I then think the thing to do is create a couple of structures to be used within the class. Thus far I have this:
Imports System.Console Public Class ConsoleTable Property NumberofCOlumns As Int32
[Code]....
Problems I am creating in my mind include:
1) In the Field Structure, could I make the FieldValue so that I can change the data type? Meaning sometimes I want an instance of a Field to hold a string,or an integer, or a decimal.
2) In the Record structure, for any given instance of one I don't know the number of fields it will hold until I create the new instance. I tried Public RecordFields(FieldCount) As Field in the Structure, but that's not allowed. I then used Public RecordFields() As Field, and then in my code used the ReDim method. Is there a better way?
3) With the Table Class, same problem. The number of records within any instance of the class needs to be dynamic.
What i'm trying to do here is login using a table and fields with username and password and also usertype in it. If the user is an Admin then it displays the the command button cmdAdmin and if not admin it disables it. This is the code that i currently have at the moment Hope someone can help me out and also i want to get rid of the username and password that's currently in it and use database instead.?
I'm trying to add a service company from a vb form to an SQL table. It works as long as I enter something in every field on the form. If not I get a syntax error so I thought I should check that the field values were not null
I've tried to add a sub to check for blanks but it's not working
btw the table will allow nulls for all fields
Private Sub btnSubmit_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnSubmit.Click Try
I am trying to filter fields in a table that contain percent (%) and apostrophe (') characters. I kow that to filter an apostrophe you need to add another apostrophe (''). However, when a text contains the percent (%) character in combination with an apostrophe (') character, an exception is thrown. Also, when using the % character in a filter string, it will be function as an "*" (fields starting or ending with). I need the % to be considered as a character whenever the % makes part of a string in the field. How can I address these issues? [code]
Why MS Access adodb in .NET returns 34 in fieldcount when table has 42 fields ?I see 42 fields in table of my MS Access mdb database. But ADODB layer in .NET sees only 34 fields. The Outofrange exception occures when I am calling method getOrdinal("FieldName") of reader class.
I have the code I am using below. On 3.5 framework Access 2003 database vb net 2008
I already have the database created but need to be able to add Tables and fields with the correct datatypes. So far it's not working but i don't know why or where the error is.
Private Sub MDIParent_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load Try
I have a problem with unicode character, as i create a database in SQL Server 2005. I want to query from a table that criteria fields are contain unicode character i.e NVARCHAR.
e.g: SELECT * FROM tblMyTable WHERE MyField='ភាសាខ្មែរ'. But when i did like this all rows that contain Unicode Character always display. it doesn't fit to my criteria
I need to select all records from Table2 where there are NO records in Table1 having matches of both Col2 & Col3. For instance, Table 2 records where Table1.Col2 <> Table2.Col2 AND Table1.Col3 <> Table2.Col3.
I have a typed dataset with 2 tables and a relation between the 2 tables. The relation is a 1 to 1 relation.First, who cane help me how to bind both the fields of the parent and the child table to a textbox.And second, in the dataset designer you cane preview the data. There a see for each record 1 row with all fields of the parent and also the fields of the child table. How cane i have the same result in a datagridview?
i saw jim example in the codebank and i added the percent progress parameter to report progress method (to change the progress bar value)this is jim example:-
vb.net Private Sub BackgroundWorker1_DoWork(ByVal sender As Object, _ ByVal e As DoWorkEventArgs) Handles BackgroundWorker1.DoWork
I want to select column 'F1' from an excel spreadsheet and dump the data into my datatable 'oleDT'. How do I map the column F1 to the column i've added called 'colTest' ? When i call Fill, the dataTable has 2 columns, which are 'colTest' full of nulls and a created column called F1.[code]...
