473,698 Members | 1,996 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

fixing multi line text before saving to dbase

I am saving to database a result from multi-line textbox. The database of
course wants \x escape codes, not the invisible ones. Is there any easy -
one line code - way to do this (c#) eg by String.Format() ?
Nov 19 '05 #1
4 1479
"The database" or a dynamically created SQL statement ?

Using String.Replace should do but you could use parameters instead... IMO
the problem is that you are creating a dynamic SQL string. If you use
parametized queries you shouldn't have this problem (as line feeds will not
be part of the "SQL statement" but will just be included inside the
parameter value).

Patrice

--

"Daves" <db****@simnet. is> a écrit dans le message de
news:uP******** ******@tk2msftn gp13.phx.gbl...
I am saving to database a result from multi-line textbox. The database of
course wants \x escape codes, not the invisible ones. Is there any easy -
one line code - way to do this (c#) eg by String.Format() ?

Nov 19 '05 #2
umm not sure what you mean but it goes like

string ContentString = Textbox1.Text;

.... here I could do some ContentString.R eplace() functions but I thought
maybe there would be a simple one line to do the job eg. String.Format() ?
....

SQLString = "UPDATE Content='" + ContentString + "'" WHERE ...";
myCommand = new OleDbCommand(SQ LSave, myConnection);
myCommand.Execu teNonQuery();


"Patrice" <no****@nowhere .com> wrote in message
news:%2******** ********@tk2msf tngp13.phx.gbl. ..
"The database" or a dynamically created SQL statement ?

Using String.Replace should do but you could use parameters instead... IMO
the problem is that you are creating a dynamic SQL string. If you use
parametized queries you shouldn't have this problem (as line feeds will
not
be part of the "SQL statement" but will just be included inside the
parameter value).

Patrice

--

"Daves" <db****@simnet. is> a écrit dans le message de
news:uP******** ******@tk2msftn gp13.phx.gbl...
I am saving to database a result from multi-line textbox. The database of
course wants \x escape codes, not the invisible ones. Is there any easy -
one line code - way to do this (c#) eg by String.Format() ?


Nov 19 '05 #3
Daves wrote:
... here I could do some ContentString.R eplace() functions but I thought maybe there would be a simple one line to do the job eg. String.Format() ? ...

SQLString = "UPDATE Content='" + ContentString + "'" WHERE ...";
myCommand = new OleDbCommand(SQ LSave, myConnection);
myCommand.Execu teNonQuery();


As Patrice mentioned, you are having problems because you are ignoring
some Best Practices for building applications in .NET. Ideally you
should be using stored procedures:

myCommand = new SqlCommand("sp_ ContentUpdate", myConnection);
myCommand.Param eters.Add("@Con tentString", contentString);
myCommand.Execu teNonQuery();

Ad hoc SQL in your code is a Bad Thing. If you absolutely must use it,
you should at least use parameterized sql:

SQLString = "UPDATE Content set ContentString = @ContentString WHERE
....";
myCommand = new SqlCommand(SQLS tring , myConnection);
myCommand.Param eters.Add("@Con tentString", contentString);
myCommand.Execu teNonQuery();

No more formatting your strings off the page, no more SQL Injection
attacks against your site. Check out
http://www.uberasp.net/getarticle.aspx?id=46 for more info.

Good Luck!
Jason
http://www.expatsoftware.com/

Nov 19 '05 #4
very interesting, I didn't know this! Does this mean I should also used SP
queries when not using fixed queries that is no data from a form?
"jasonkeste r" <ja*********@gm ail.com> wrote in message
news:11******** **************@ g14g2000cwa.goo glegroups.com.. .
Daves wrote:
... here I could do some ContentString.R eplace() functions but I

thought
maybe there would be a simple one line to do the job eg.

String.Format() ?
...

SQLString = "UPDATE Content='" + ContentString + "'" WHERE ...";
myCommand = new OleDbCommand(SQ LSave, myConnection);
myCommand.Execu teNonQuery();


As Patrice mentioned, you are having problems because you are ignoring
some Best Practices for building applications in .NET. Ideally you
should be using stored procedures:

myCommand = new SqlCommand("sp_ ContentUpdate", myConnection);
myCommand.Param eters.Add("@Con tentString", contentString);
myCommand.Execu teNonQuery();

Ad hoc SQL in your code is a Bad Thing. If you absolutely must use it,
you should at least use parameterized sql:

SQLString = "UPDATE Content set ContentString = @ContentString WHERE
...";
myCommand = new SqlCommand(SQLS tring , myConnection);
myCommand.Param eters.Add("@Con tentString", contentString);
myCommand.Execu teNonQuery();

No more formatting your strings off the page, no more SQL Injection
attacks against your site. Check out
http://www.uberasp.net/getarticle.aspx?id=46 for more info.

Good Luck!
Jason
http://www.expatsoftware.com/

Nov 19 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
5
7102
Open Office 2.0 import to dBase from text & spreadsheets
by: Java script Dude | last post by:
For those who are missing the feature on how to import into Open Office dBase app from text files and spreadsheets in OOO Base 2.0: A wizard exists to import from spreadsheets only at this time but there is no menu pick for `importing` at this time. OOO 2.0 dBase Import SOP: 1) Open the spreadsheet -or- text file as a spreadsheet 2) Select range on spreadsheet you wish to import including title rows if applicable
Microsoft Access / VBA
2
63319
C# WinForm....changing font colors for multi line rich textbox
by: Mr.Baha | last post by:
Hello, I have a situation where I am appending text to a multi-line (rich)textbox in a C# form. Now depending on which event does the appendtext, i want to distinguish the lines in the textbox by having them written in different font colors. So my multi-line textbox will contain lines of various colored text. I tried setting the textboxe's ForeColor property, but quickly realized that the fore color will change every line within the...
C# / C Sharp
2
2670
Multi-Line TextBox writting to Sql Server
by: John Carnahan | last post by:
I have a problem writing the text from a multi-line textbox to the Sql Server db. If the user sends a vbcrlf (enter key) in the middle of the entered text, the text gets truncated at the vbcrlf when writting the data to the database. The text could get rather long. The dataset has all of the text (including the vbcrlf), but the resulting table field in the database only ends up with the portion of text before the
ASP.NET
6
11777
multi column combo box in vb.net
by: CindyH | last post by:
Hi Does anyone know how to create a multi column combo box from the same table? Thanks, Cindy
Visual Basic .NET
8
6589
Multi-line comments
by: cj | last post by:
Has MS included in VB2005 any multi-line comment methods like in C? /* This is a multi-line comment in C */ It's something I'd like to have. I did read somewhere that I could use Ctrl+K, Ctrl+C and Ctrl+K, Ctrl+U to comment or uncomment selected lines of text in VB but it doesn't work
Visual Basic .NET
2
1839
Saving MS Access Dbase to CD & Verifying it Works !
by: chiefsitebuilder | last post by:
I have a question about saving an MS Access program to CD and verifyng that the program works after being saved. Here is my situation, I have a person who developed an application for me using MS Access 2003 and the person will be transferring ownership to me. The developer will be giving me a CD with Access DBase source code on it. How do I verify that he gives me everthing I need to run the application once the developer departs. ...
Microsoft Access / VBA
1
2683
Access 97 import and export of text and HTML not working
by: Wandering | last post by:
I know you guys are heavy duty coders, while I do ad-hoc analysis, and rarely write code. And, I may be in the wrong groups because this is about an install issue, and I don't think it's a code issue. But ... Office 2000 was on this machine when it was given to me. I don't own it. After installing Office 97, mine, in a different directory, and checking most of it out, I uninstalled Office 2000. Well, it's a lot easier to upgrade than...
Microsoft Access / VBA
3
7072
Problems with <new line> even if I use "\r\n" - UNICODE
by: MIUSS | last post by:
Hello everyone! I got a problem with creating new line... I tried this: lstrcpy(NewLineIdr, TEXT("\r\n")); I already tried this: NewLineIdr = 0x000D; NewLineIdr = 0x000A; NewLineIdr = 0x0000; I need it to use it in my saving procedure because I need to create tabullary text file. But my effort usually results in one or two small
C / C++
0
1238
downgrade dbase 7 to dbase 4 using command line
by: Garima12 | last post by:
Can I downgrade dbase 7 to dbase 4 file using command line?
Microsoft SQL Server
0
8674
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
9027
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
8861
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
7725
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
6518
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
4369
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
4619
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
3046
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
2329
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us