I've found some tutorials on this already, but they aren't exactly what I'm looking for, I can use the following for username fields and password fields
[Code]...
So I need to run this with parametrized queries rather than how I'm doing it now?
I have this code
UPDATE OPENQUERY (db,'SELECT * FROM table WHERE ref = ''"+ Ref +"'' AND bookno = ''"+ Session("number") +"'' ')
How would I prevent SQL Injections on this?
[code].....
I would like to know if removing the following specials character would be enough to protect my program against SQL Injection :
"'/*$%()!#^&
I know it is possible with C#, C++, VB 6 but i'm not sure about VB.net 2008, i have looked around to see if it is possible but have not found a way. There isn't a specific reason i need to know, just curious... So, is it possible with vb.net, if so how? CreateRemoteThread?
View 30 RepliesI've been contracted to analyze an existing Data Provider and I know the following code is faulty; but in order to point out how bad it is, I need to prove that it's susceptible to SQL injection.
Question What "Key" parameter could break the PrepareString function and allow me to execute a DROP statement?
[Code]...
is there a way to detect if the text in a textbox contain code for Sql Injection?
View 2 RepliesI have re-written my code I would now like to check if my code is still open to SQL Injections after this work. I believe the code is now working as it should, but any blinding errors that you see i'd love to hear about too. My code is now looking like: -code removed-
View 5 RepliesI know i must use Stored Procedures as much as Possible, but i would like to know the following.
A: Can i get a SQL Injection attack from a SELECT statement such as (Select * from MyTable) ?
B: Also, can i get a SQL Injection attack when I use the SQLDataSource in ASP.NET?
I will post a sequence of examples and thought about sql injection, I wish the expert will correct any small mistake in what I will say so I can know exactly the possible danger.
The required is to create a function in vb.net that accept 2 parameter (table_name, fields_list) and return the result in datatable
Now, I am aware of that table_name and fields_list cannot be passed as parameter to the command object using .AddParameter
here is a couple of thoughts, what I would like to know is
1- which function is exposed to sql injection
2- Which function is more safe
Public Class Form14
Dim conn as New SqlClient.SqlConnection(connection_string)
Private Sub Button1_Click( ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
[code].....
I have a question... I recently came across a program called WPE Pro (Winsock Packet Editor Pro). Basically what it does is lets you sniff, edit and send packets intercepted from a process. Thats the key word here PROCESS. From what I can tell WPE uses DLL injection to sniff and inject packets directly into an active socket connection on the target process. What I want to know is how would I go about achieving this? If it isn't possible with the .NET language, is it possible to goto C++ or something?
View 4 RepliesMy question is how best to avoid SQL Injection with the method I am currently using.EDIT (Reasoning): There are many of columns in a number of tables (a number which grows (only) and is maintained elsewhere). I need a method of allowing the user to decide which (predefined) column they want to query (and if necessary apply string functions to). The query itself is far too complex for the user to write themselves, nor do they have access to the db. There are 1000's of users with varying requirements and I need to remain as flexible as possible - I shouldn't have to revisit the code unless the main query needs to change - Also, there is no way of knowing what conditions the user will need to use
View 2 RepliesI have a relatively small app that Im building using vb.net 2.0, and nant. Its a app that calls out to an external exe to produce some output files, then processes those output files afterwards.I have built an interface to the exe, which I have created a stub implementation and the real implementation, what I would like to be able to do is use nant to either create a DEBUG build of the app, which calls the stub implementation, or create a PROD build of the app which will use the correct implementation.
View 2 RepliesI'm developing a VS2008 ASP.NET VB.NET application that uses a SQL Server Express databaseALL database access is via parametrized stored procedures, where I pass the data for each field to the stored procedure as a parameter.
View 5 RepliesI know that hooks are programmed with C++.
I would like to know some stuff here:
1) When dll is injected how can u activate a function?
2) What is a class exactly in a dll?
3) Can you design a class?
I have a web service running that reliably returns a dataset and allows me to provide a list now drop down list box of records returned.I would like to capture the users selection from the DDL and call another web service to return detailed information regarding the selection. Hence a WHERE stmt in the query of the web service. I am of course worried about SQL injection. But I would ike to at least get the SQL stmt working.The selection is a string field type, and looks like this,[code]Everything works for other web services if I remove the query with the WHERE clause.
View 3 RepliesI have the following sub in a windows form:
Private Sub BTNC_storeclientdata_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles BTNC_storeclientdata.Click
' Update Clientdata[code].....
This performs an update in the SQL Database via a stored procedure. When I add '; insert into codeinjection(test) values ('CodeInjected!'); select ' in the last textbox (TBC_phone.Text) the value 'codeinjdected' is inserted into the table codeinjection as well. How can I avoid this?
On my form, i've got some textboxes and some richtextboxes. I'm using the following code, to search through the text properties of each of the two types of control. see below:-
For Each ctl As Control In Me.Controls
If ctl.Text = "7777" Then
ctl.Text = "found the sevens"
End If
Next
What i'd like to do is isolate the textboxes only, is there a way to do that? I tried this but i got an error:-
For Each box As TextBox In Me.Controls
If box.Text = "7777" Then
box.Text = "Found"
End If
Next
My goal is to, Pull information from a websight's textboxes in IE into my program textboxes. and to later Put changes from into other values on the websight from my program into it. The sight has multiple textboxes, on different frames. within it.I need to keep it as a exsiting open browser instead of making a new one. only gotten as far as finding the open internet explorer window, by useing
[Code]...
I have a Form with 4 Textboxes. The Textboxes are multiline. To write the contents of the 4 textboxes, I did the following.
[Code]...
How do I read to or populate the Textboxes using StreamReader or StringReader or other means?
I have 15 textboxes i want to put 5 random numbers from 1 to 48 in 5 of this textboxes.
my CODE:
Dim lstInt As New List(Of Integer)
Dim lstTB As New List(Of TextBox)
Dim rndm As New Random
[Code].....
AM I DOING SOMETHING WRONG THERE error message what i get is this: Index was out of range. Must be non-negative and less than the size of the collection. Parameter name: index
My problem is that I have a gridview with five rows and an unknow number of columns. What I want to do is in row 1 I want each column to be a textbox and in the next row create a button/link to create a report for each column. My problem is only the last column is being changed to a textbox. Here is my code.
[Code]...
I try to calculate some values that I have stored in textboxes..I made 2 variables as double and tried theese two lines of code.
View 2 RepliesIm just wondering if some one can take a look at my insert statement, as is not working,
Im trying to add values to SQL from 4 textboxes. Public Sub Insert(ByVal textbox3, ByVal textbox4, ByVal textbox5, ByVal textbox6)
Dim conn As New SqlConnection
Dim comm As New SqlCommand
conn = New SqlConnection("Server=Scott-VaioSQLSERVER;Database=Testing;Trusted_Connection=True;")
conn.Open()
[Code]...
I have a VB Web Application with a bunch of textboxes on it in Default.aspx (Using the basic template in Visual Web Designer 2010 Express). I'd like to iterate through those textboxes using some sort of VB solution if at all possible and clear them when the user presses a button. I've tried using something like this:
Dim cControl As Control
For Each cControl in Me.Controls
If cControl Is TextBox Then
[Code].....
I want to have a button that clears all textboxes except three. This code I got so far which clears all the textboxes except 1
[code]....
I have three textboxes and a button. The button's role is to clear all the textboxes. This one textbox that I don't want to clear keeps clearing. What do I have to do for this one textbox to not clear up when the clear button is pressed ?
View 2 RepliesI got hold of this code to give RGB components of a pixel in a
PictureBox(picPic): Code:Dim pnt As Point = New Point(txtXpos.Text, txtYpos.Text) Dim RGBstring As String = ((TryCast(picPic.Image, Bitmap)).GetPixel(pnt.X,
[code]....
I am trying to build an XML file using textboxes that users can enter and then hit a button which will generate the XML file.[cod]e...
View 15 RepliesHello,
So I'm trying to create a function that will remove certain characters (defined by me and may be subject to change later) from a string leaving only numbers. Reason-being is I have some textboxes that I format as phone, SSN, and accounts numbers based on string length, and when I click or tab back into the textbox I need to make sure those formatting characters get removed so when I re-exit the textbox the proper formatting takes place. I am able to accomplish it by calling CleanUp(), below,
Public Sub CleanUp()
TextBox1.Text = TextBox1.Text.Replace(")", "")
TextBox1.Text = TextBox1.Text.Replace("(", "")
TextBox1.Text = TextBox1.Text.Replace("-", "")
TextBox1.Text = TextBox1.Text.Replace(" ", "")
TextBox1.Text = TextBox1.Text.Replace("$", "")
End Sub
but the problem I have it this obviously only works for Textbox1, not any textbox I want to apply it to. I want to be able to call CleanUp() from textbox1.gotfocus, textbox2.gotfocus, textbox3.gotfocus, etc... .
I've tried
Dim Box as Textbox = Textbox.text
Box = Box.Replace(")", "")
Box = Box.Replace("(", "")
Box = Box.Replace("-", "")
Box = Box.Replace(" ", "")
Box = Box.Replace("$", "")
but get the error "Reference to a non-shared member requires an object reference" (blue squiggly under "Textbox.Text" (VB 2010 Express) which I can't seem to find anything relevant to this by searching for that error.
Thanks for your help.
how to INSERT FROM in vb.net if you are getting values from textboxes?
View 2 Replies