Hi,
I can a big problem... because I have a byte[] data = new byte[length], and
I need to save this to a field on my MySQL database (here I have a BLOB
field) but ¿can I save it? because if I put:
Insert into archiv(ref, databinary) VALUES('"+ref+" ', '"+ data+"')
In my Database only save "System.byt e[]"
Can Someone help me?
Luis
4  3002 
Use....
PARAMETERS.
NEVER EVER put together your SQL like this.
Look up the term "SQL Injecion attack" in google.
Thomas Tomiczek
THONA Software & Consulting Ltd.
(Microsoft MVP C#/.NET)
"Luis" <ll*@telefonica .net> wrote in message
news:uf******** ******@TK2MSFTN GP12.phx.gbl... Hi,
I can a big problem... because I have a byte[] data = new byte[length],
and I need to save this to a field on my MySQL database (here I have a BLOB
field) but ¿can I save it? because if I put:
Insert into archiv(ref, databinary) VALUES('"+ref+" ', '"+ data+"')
In my Database only save "System.byt e[]"
Can Someone help me?
Luis
I can't understand you...
"Use parameters" but... can you said me one example? because I put in google
SQL Injecion attack and I can't undestand...
Thanks
"Thomas Tomiczek [MVP]" <t.********@tho na-consulting.com> escribió en el
mensaje news:uI******** *****@TK2MSFTNG P11.phx.gbl... Use....
PARAMETERS.
NEVER EVER put together your SQL like this.
Look up the term "SQL Injecion attack" in google.
Thomas Tomiczek
THONA Software & Consulting Ltd.
(Microsoft MVP C#/.NET)
"Luis" <ll*@telefonica .net> wrote in message
news:uf******** ******@TK2MSFTN GP12.phx.gbl... Hi,
I can a big problem... because I have a byte[] data = new byte[length],
and I need to save this to a field on my MySQL database (here I have a BLOB
field) but ¿can I save it? because if I put:
Insert into archiv(ref, databinary) VALUES('"+ref+" ', '"+ data+"')
In my Database only save "System.byt e[]"
Can Someone help me?
Luis
"Luis" <ll*@telefonica .net> wrote in message
news:%2******** ********@TK2MSF TNGP12.phx.gbl. .. I can't understand you...
But you know how to read documentation?
"Use parameters" but... can you said me one example? because I put in
google
Use Parameters.
* Open online documentation.
* Then start thinking. Along this line: I use SqlConnection, let's see
whether ethere is a SqlParameter.
* Hit.
* Read documentation.
* Read samples.
* Program.
In case you have problems with the documentation, a viable approach is -
google.
Let's see.
"+sqlparame ter +sample" as search string.
FIrst site: .NET Samples - ASP.NET Data Access (.NET Framework QuickStarts)
COULD be something. Lets go there.Na, not good.
Let's see further.Fourth link: Inserting Record into Database
Could be it.
http://www.aspnet101.com/aspnet101/a...ode=showinsert
Guess what - complete code sample. OK, in VB.NET, but moving between
languages THAT similar for a similar API should not be that hard on trivial
samples.
SQL Injecion attack and I can't undestand...
And again.
* Open Google.
* enter "+sql +injection +attack" as search term.
* Whow - first titem:
SQL Injection Attacks - Are You Safe?
* Third Item:
The alt.2600 / #hack FAQ: What is an SQL Injection Attack
* Fourth Item:
Secure Your ASP.NET Application from a SQL Injection Attack
Hm - you know how to click the hyperlinks, right? Just wondering.
The first title I got links to http://www.sitepoint.com/article/794 and has
a VERY nice explanation of what "crime" you actually commit by your SQL - it
basiclly is, if the rest of the application is written as well, an
invitation for every hacker out there to delete your database. THis is a
known attack for years now, and everytime I stumble over someone not knowing
what a SQL Injecton attack is I really wonder what planet they live on so
that they do not read current security warnings. SQL Injection attacks are
CRITICAL.
If you can not understand what is in there, you should NOT program databases
but should follow the following path:
* Go to a bookshop or a book online website.
* Get a book about SQL, introductory books. The "for Dummies" books are very
good (without ANY pun intended - I keep them around for reference here and I
really like them) and are pretty thorough and well explained. You could also
get some SQL books from Joe Celko (he really rocks in SQL - very good guy)
and last but not least: reading the complete API documentation and
documentation for your database server is a MUST.
Alternatively:
* Get some training in SQL through a training company.
You should take some good advice from this:
* Newsgroups are perfect BUT
* They are no excuse not to do your homework. This includes
* Reading the documentation first, including going through all the
examples you find.
* Using your own brain. This includes getting your way around google.
* They are no excuse for learning your stuff. Reading some good books is a
way more efficient way to get knowledge than running around and asking
questions for which you actually don't have the knowledge to understand the
answer.
Newsgroups will nve help you getting the basic knowledge. Te are no
replacement for books and the documentation.
Thomas Tomiczek
THONA Software & Consulting Ltd.
(Microsoft MVP C#/.NET)
Thanks
"Thomas Tomiczek [MVP]" <t.********@tho na-consulting.com> escribió en el
mensaje news:uI******** *****@TK2MSFTNG P11.phx.gbl... Use....
PARAMETERS.
NEVER EVER put together your SQL like this.
Look up the term "SQL Injecion attack" in google.
Thomas Tomiczek
THONA Software & Consulting Ltd.
(Microsoft MVP C#/.NET)
"Luis" <ll*@telefonica .net> wrote in message
news:uf******** ******@TK2MSFTN GP12.phx.gbl... Hi,
I can a big problem... because I have a byte[] data = new
byte[length], and I need to save this to a field on my MySQL database (here I have a
BLOB field) but ¿can I save it? because if I put:
Insert into archiv(ref, databinary) VALUES('"+ref+" ', '"+ data+"')
In my Database only save "System.byt e[]"
Can Someone help me?
Luis
Oh!! thanks, but I not want to said this :) no problem, I find and if I
have a other problem I will answer :)
I know more or less ALL that you said me, only that the examples that I see
not work correctly and I answers this, but I know the basic structures and I
have a documentation for review...
But, thanks for all.
Thanks...
Luis
"Thomas Tomiczek [MVP]" <t.********@tho na-consulting.com> escribió en el
mensaje news:OV******** ********@TK2MSF TNGP09.phx.gbl. ..
"Luis" <ll*@telefonica .net> wrote in message
news:%2******** ********@TK2MSF TNGP12.phx.gbl. .. I can't understand you...
But you know how to read documentation?
"Use parameters" but... can you said me one example? because I put in
google
Use Parameters.
* Open online documentation.
* Then start thinking. Along this line: I use SqlConnection, let's see
whether ethere is a SqlParameter.
* Hit.
* Read documentation.
* Read samples.
* Program.
In case you have problems with the documentation, a viable approach is -
google.
Let's see.
"+sqlparame ter +sample" as search string.
FIrst site: .NET Samples - ASP.NET Data Access (.NET Framework
QuickStarts)
COULD be something. Lets go there.Na, not good.
Let's see further.Fourth link: Inserting Record into Database
Could be it.
http://www.aspnet101.com/aspnet101/a...ode=showinsert
Guess what - complete code sample. OK, in VB.NET, but moving between
languages THAT similar for a similar API should not be that hard on
trivial samples.
SQL Injecion attack and I can't undestand...
And again.
* Open Google.
* enter "+sql +injection +attack" as search term.
* Whow - first titem:
SQL Injection Attacks - Are You Safe?
* Third Item:
The alt.2600 / #hack FAQ: What is an SQL Injection Attack
* Fourth Item:
Secure Your ASP.NET Application from a SQL Injection Attack
Hm - you know how to click the hyperlinks, right? Just wondering.
The first title I got links to http://www.sitepoint.com/article/794 and
has a VERY nice explanation of what "crime" you actually commit by your SQL -
it basiclly is, if the rest of the application is written as well, an
invitation for every hacker out there to delete your database. THis is a
known attack for years now, and everytime I stumble over someone not
knowing what a SQL Injecton attack is I really wonder what planet they live on so
that they do not read current security warnings. SQL Injection attacks are
CRITICAL.
If you can not understand what is in there, you should NOT program
databases but should follow the following path:
* Go to a bookshop or a book online website.
* Get a book about SQL, introductory books. The "for Dummies" books are
very good (without ANY pun intended - I keep them around for reference here and
I really like them) and are pretty thorough and well explained. You could
also get some SQL books from Joe Celko (he really rocks in SQL - very good guy)
and last but not least: reading the complete API documentation and
documentation for your database server is a MUST.
Alternatively:
* Get some training in SQL through a training company.
You should take some good advice from this:
* Newsgroups are perfect BUT
* They are no excuse not to do your homework. This includes
* Reading the documentation first, including going through all the
examples you find.
* Using your own brain. This includes getting your way around google.
* They are no excuse for learning your stuff. Reading some good books is a
way more efficient way to get knowledge than running around and asking
questions for which you actually don't have the knowledge to understand
the answer.
Newsgroups will nve help you getting the basic knowledge. Te are no
replacement for books and the documentation.
Thomas Tomiczek
THONA Software & Consulting Ltd.
(Microsoft MVP C#/.NET)
Thanks
"Thomas Tomiczek [MVP]" <t.********@tho na-consulting.com> escribió en el
mensaje news:uI******** *****@TK2MSFTNG P11.phx.gbl... Use....
PARAMETERS.
NEVER EVER put together your SQL like this.
Look up the term "SQL Injecion attack" in google.
Thomas Tomiczek
THONA Software & Consulting Ltd.
(Microsoft MVP C#/.NET)
"Luis" <ll*@telefonica .net> wrote in message
news:uf******** ******@TK2MSFTN GP12.phx.gbl...
> Hi,
>
> I can a big problem... because I have a byte[] data = new byte[length], and
> I need to save this to a field on my MySQL database (here I have a BLOB > field) but ¿can I save it? because if I put:
> Insert into archiv(ref, databinary) VALUES('"+ref+" ', '"+ data+"')
>
> In my Database only save "System.byt e[]"
>
> Can Someone help me?
>
> Luis
>
>
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Devhead |
last post by:
i have a blob field in an sql server column field that stores html text. how
do i convert it so that it is readable in a text control. right now when i
convert using:
byte byteBlob = (byte) TMSFinding.Rows;
System.Text.ASCIIEncoding enc = new System.Text.ASCIIEncoding();
txtbxDetailedDescription.Text = enc.GetString(byteBlob);
|
by: dale zhang |
last post by:
Hi,
I have a C# web application in ASP.Net, which has a user contact info DB in
MS Access. Can I add a column to each user to save pdf attachments for each
user if needed? If so, how do we do this?
Thanks for help.
-Dale
|
by: Markusek Peter |
last post by:
Hi,
I'm using MySQLDriverCS. I've got no problem to store BLOB into database,
but I can't get it back(save to file).
Problem is with DataTable(returns string:( )
My code:
--
DataTable dt = new MySQLSelectCommand(...; //select that row and column
where is BLOB
string dest = Server.MapPath("image.jpg");
FileStream binFile = new
|
by: Big George |
last post by:
Hello,
I'm trying to save a jpg file of 300KB as a BLOB field in an Oracle
10g Database.
If I try to call a Stored Procedure, it fails.
If I use CommandText with SQL sentence, it success.
I can't save the jpg file as a BLOB field using this Method (I'm
calling a Stored Procedure):
Private Sub save_BLOB(ByVal Photo As Byte())
|
by: Vinciz |
last post by:
hi guys... im new in java and i would love to learn some of these...
basically i got a sample code to retrieve the blob from the mysql.
however, i dont really know what to do with these retrieved byte/binary data as i got no idea on how to save them in our pc. For this situation, what i need to do is give the byte/binary data an extension (retrieved from another field in the table) in order to revert back to the original data i had in the...
| | |
by: kev |
last post by:
Hi folks,
I have created a database to store information on equipments. During
the first level of registration, there is a form that i need the user
to fill up details on the equipment testing. i have done this one.Now
what i need is to enable the users to upload files and save it into the
corresponding table.
Example: 3. A laser inventory form has been completed for each 3b or
4 laser and submitted to the Laser Safety Officer...
|
by: =?Utf-8?B?UHVjY2E=?= |
last post by:
Hi, I'm using VS2005, .net 2 and C# for windows application. I need to
convert a IntPtr to a byte to be able to add a meetingBlob data to the
meeting class object in Active Directory schema. I get a "unspecified error"
if I tried to add the data before converting to a byte in
"deNewContextObject.Properties.Add((object)blob.pData);".
public struct Blob
{
public IntPtr pData;
public int nLength;
|
by: =?Utf-8?B?Unlhbg==?= |
last post by:
How do I read a blob field of a database using System.Byte?
A sample code would be appreciated.
|
by: simonyong |
last post by:
Hello, anyone
I had search for few days with how to save file when user choose a file name from listbox and i will search the file from database and user can save it into their desktop
what I had done currently is uploading a file to database but totally no idea about how to "download" from database
the following is my codes to upload file to database:
If Not (myFile.PostedFile Is Nothing) Then
OpenConn()
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
