Windows Forms Textbox Stored Procedure Code Injection?
Jul 12, 2011
I have the following sub in a windows form:
Private Sub BTNC_storeclientdata_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles BTNC_storeclientdata.Click
' Update Clientdata[code].....
This performs an update in the SQL Database via a stored procedure. When I add '; insert into codeinjection(test) values ('CodeInjected!'); select ' in the last textbox (TBC_phone.Text) the value 'codeinjdected' is inserted into the table codeinjection as well. How can I avoid this?
View 7 Replies
ADVERTISEMENT
Jan 13, 2011
I am working this app and stored procedures are very new to me.I have a stored procedure that stores a variable of max number of books.I want to get the max number from the procedure to store in a textbox.[code]how to get @ maxbooks into a variable and pass it on to a textbox.text?
View 2 Replies
Oct 9, 2009
If a stored procedure execution takes 10 minutes does it mean that windows app will wait till the stored procedure finishes or will it continure while the stored procedure is running on the server?
View 1 Replies
Jul 14, 2011
I have a quick Questiom On a ASP.net form, I need to add a textbox to update a date field in MS SQL server via stored procedure. Using a text box datemissed
[Code]...
View 1 Replies
Dec 8, 2009
My app calls for the use of an SP that doesn't return rows from a table, but results based on certain conditions.
View 3 Replies
Sep 11, 2009
The store procedure which give me the information I need is:
USE [UCSMIS]
GO
SET ANSI_NULLS ON
[Code].....
When I try to add it to my report it gives an error, is it because of the temp table and how should I go about it?
View 2 Replies
Apr 13, 2011
I am using LLBLGEN Pro to generate a data layer...some of my stored procs have parameter name as "date"...so this is cauing a problem when I compile in VS2010...I have to go through the class and change the function parameters "date" to "[date]".
Is there a way to inject these changes in LLBLGEN Pro during code generation?
View 1 Replies
Feb 3, 2010
Can convert this c# code to vb.net code.
DataClassesDataContext dc =
new DataClassesDataContext();
//proc_GetExistProductDetails is a Stored procedure method from my DataContext class.
[CODE]...
View 6 Replies
Aug 2, 2010
I am triggering a stored procedure from code inside a form and I am wanting to return any TSQL errors back to the form. I have written code to do it but when I force an error in TSQL for testing, my vb.net code drops to debug mode with "SQL Exception was unhandled" error.
[Code]...
View 6 Replies
May 11, 2010
I have a stored procedure that keeps timing out even though I have set the connection timeout set to 10000. The code that runs the stored procedure is this...
ADFConn1 = New System.Data.SqlClient.SqlConnection("Data Source=STPISSQ01ADF;Initial Catalog=ADF;User Id=ADFXXXXX;Password=XXXXXX;Persist Security Info=True;connect timeout=10000;packet size=4096")
[code].....
View 4 Replies
Apr 9, 2012
i have a stored procedure to insert data into table create procedure insertdata
[Code]...
View 11 Replies
Feb 1, 2012
on a new project - windows form app i would like to bring a simple stored procedure from a server ( with credentials ) with one parameter.
the stored procedure is on the : "SERVER" "database" "sa" "sa" and it looks like this:
sql
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
[Code]....
also if i could select the client name from a drop down list would be verry nice. the select for the name is : "select name from clients"
The results could be exported into excel or a screen. ( after selecting the client in the form , another button for export )
View 1 Replies
Feb 16, 2011
I am in need of being able to show a user the contents of a Oracle stored procedure. I have no idea of how to go about actually getting and then displaying the code contained in a stored procedure. Does anyone know of a way? I know how to call and execute a stored procedure but is about it. I am developing using VB.NET 2010 with Oracle 10G as my back end.
View 3 Replies
Oct 6, 2009
I have written a little helper app that mostly does various text operations on a paragraph of text. I am able to select a block of text from the Code Window and drop it onto my VB.NET apps TextBox and complete the text operation. However I am unable to drag and drop the altered text back to the VB Code window Via the DoDragDrop method.
If e.Button = MouseButtons.Left Then
Dim d As New DataObject
d.SetText(Me.TextBox3.Text)
Me.TextBox3.DoDragDrop(d, DragDropEffects.Move)
End If
View 2 Replies
Mar 3, 2012
i am trying to add the the text in the textbox with a stored procedure in mysql this is the error: [Code]
View 14 Replies
Jun 12, 2012
I know there are the 'Wizards' to help me, but I need the code to access the Table Manager, the data set and so on, create them in my project and access the tables or stored procedures
View 2 Replies
Aug 3, 2011
How can I get the output data of sql procedure from SQL Server to my asp.net[vb.net] page dropdown list?<asp:DropDownList ID="DdLocation"></asp:DropDownList>
View 1 Replies
Aug 29, 2011
I have a stored procedure to update a table, but needs a couple of values from another table.
the first two selects get the value from the table and then are used in the update statement.
The select statments:
Select @iStatusDropDownValueID = iDropDownValueID
From DropDownValue
Inner Join DropDownValueType On DropDownValue.iDropDownValueTypeID =
[Code].....
First, the values that are retrieved by the first two select statements are always the same. So they could be passed in by the code itself. I don't know that this will speed things up at all, just make the entire stored procedure better and easier to read.
Second, if the "Value Name" should change this store procedure will break (which is possible, but not often).
I am looking for any insight into the Best Practices for this situation.
View 2 Replies
May 17, 2011
I connected to the Informix server using RazorSQL, created a stored procedure and tested it, getting the expected answer, so the procedure exists in the database in some form.
I then run the following code:
If ConnectToInformix() Then
Dim cmd As New IfxCommand("dc_routeHasOutstandingQuantity", conn)
cmd.CommandType = CommandType.StoredProcedure
[Code]....
This error does not occur when calling the stored procedure from a live SQL connection.
View 1 Replies
Nov 25, 2009
I've been contracted to analyze an existing Data Provider and I know the following code is faulty; but in order to point out how bad it is, I need to prove that it's susceptible to SQL injection.
Question What "Key" parameter could break the PrepareString function and allow me to execute a DROP statement?
[Code]...
View 7 Replies
Mar 31, 2011
same errors or something related to System.windows.forms. Unable to cast object of type 'Public_Information_System_Remake.PIS' to type 'System.Windows.Forms.TextBox'.
[Code]...
View 5 Replies
Jan 19, 2010
I'm porting code that I wrote for use in a Windows Forms application to a Windows Service, but for some reason, the code that worked in the Windows Forms application is now throwing errors in the Service
View 7 Replies
Apr 28, 2009
I have a panel with some controls in it (several textboxes, a slider, 2 buttons, and a small groupbox).. When I click a button, I want all of the textboxes within the panel to be readonly... So I have this code: [code] When I run it though, I get the following error:Unable to cast object of type 'System.Windows.Forms.Button' to type 'System.Windows.Forms.TextBox'.If I remove a button, it moves on to give me the same error but for a label..
View 4 Replies
Oct 4, 2011
"TEXTBOX is not a member of SYSTEM.WINDOWS.FORMS.TEXTBOX"
Why it is that the text boxes have errors like this even they are in the tax forms..
Label13.Text = sss.Text - philhealth.Text - pagibig.Text
Label18.Text = semiSalary.Text - Label13.Text
[CODE]...
View 14 Replies
Sep 7, 2009
I want use a stored procedure in my project but I have no idea about it. Please could you tell me a little bit about how to use I can use one in my vb.net application ?
View 2 Replies
Dec 22, 2011
I have noticed the following but unable to understand why.Whenever a procedure is called in .net it takes more time than when it is called subsequently.Even if a procedure is called after some interval it takes more time than it takes if it is called quite frequently. i am not asking about sql query or sql command. any user definded function or user defined method takes much more time to finish when it is called occasionaly. but when the same procedure is called quite often it finishes a lot faster. why?
View 1 Replies
Jan 26, 2012
I am currently building an ASPX webpage for internal use. Basically, there are two buttons on this page and I need each one to kick off a different stored procedure on our local SQLServer based on the needed task. these stored rocedures do quite a bit of work and take 3-5 minutes to finish running. In neither case do I need any kind of gridview or other output from these stored procedures, as they are simply crunching/cleaning data that will populate some tables that the user will then use to complete their task. There are also no inputs or parameters needed.
So i'm OK at ASPX and pretty good at SQL, but have no idea on the VB code behind page. This is what I have ben able to put together based on 3 days of googling. i think i am close but can't quite get across the line.
CODE:
I'm not sure if you need to see any of my ASPX or my SQL. both work fine on their own, but i am not able to get these buttons to work.
View 4 Replies
Aug 11, 2009
I have a stored procedure that when I run it within my application it times out, but when I use Management Studio and pass in the same exact parameters, the stored procedure executes under a second. I had this exact same issue with the same stored procedure before, and all I did was recompile it, and it fixed the problem, but I do not want to keep having to recompile this stored procedure every few days or so. Has anyone else ran into this issue before?
Another note I would like to mention, is that I'm currently working on a test database, so I'm not inserting, deleting or updating any of the records that the Stored Procedure is using. So the database itself is not changing, but for some reason the Stored Procedure is showing degradation, and at the most we have 2 users in the database at a time.
Below is the code I use to call the Stored Procedure from my app.
cmd.CommandText = "sp__RECAP_SELECTION_GET_GRID_RECORDS_RECAP_TYPES"
cmd.Parameters.Add("@FK_KitchenID", SqlDbType.SmallInt).Value = cmbKitchenCustomer.KitchenID_SelectedPrimaryKey
[Code]....
As I mentioned, if I run the Stored Procedure within Mangement Studio, it runs with no problems. Also if I recompile the stored procedure, it runs fine within the app, but after a few days, the stored procedure starts to timeout again within the app and I need to recompile it again.
View 10 Replies
May 6, 2011
I am pretty new to VB and I am not sure why this is not working, basically I am trying to run a stored procedure from my web code. The sp runs just fine in SQL, I've tried it several times so I am sure that is not the problem. I don't want to return any results, I just want to see an "ok" statement if it runs and an error message if it doesn't. The code I am using for the lables (warnings and confirmation) is reused from earlier on the same page, the same goes for the validations (valUpload).
[Code]...
View 2 Replies
Apr 12, 2011
I am using SSMS 2008 and VB. I'm a novice VB developer. I am trying to display results of a simple stored proc on my ASPX page. But I get the error below. Here is my code behind for the ASPX page:
>MsgBox(GlobalFunctions.GlobalF.GetDevSQLServerStoredProcedure())
And my code from GlobalF namespace:
Public Shared Function GetDevSQLServerStoredProcedure()
Dim conn As SQLConnection
Dim DSPageData As New System.Data.DataSet[code]....
View 1 Replies
