Hi,
I can a big problem... because I have a byte[] data = new byte[length], and
I need to save this to a field on my MySQL database (here I have a BLOB
field) but ¿can I save it? because if I put:
Insert into archiv(ref, databinary) VALUES('"+ref+"', '"+ data+"')
In my Database only save "System.byte[]"
Can Someone help me?
Luis
4  2961 
Use....
PARAMETERS.
NEVER EVER put together your SQL like this.
Look up the term "SQL Injecion attack" in google.
Thomas Tomiczek
THONA Software & Consulting Ltd.
(Microsoft MVP C#/.NET)
"Luis" <ll*@telefonica.net> wrote in message
news:uf**************@TK2MSFTNGP12.phx.gbl... Hi,
I can a big problem... because I have a byte[] data = new byte[length],
and I need to save this to a field on my MySQL database (here I have a BLOB
field) but ¿can I save it? because if I put:
Insert into archiv(ref, databinary) VALUES('"+ref+"', '"+ data+"')
In my Database only save "System.byte[]"
Can Someone help me?
Luis
I can't understand you...
"Use parameters" but... can you said me one example? because I put in google
SQL Injecion attack and I can't undestand...
Thanks
"Thomas Tomiczek [MVP]" <t.********@thona-consulting.com> escribió en el
mensaje news:uI*************@TK2MSFTNGP11.phx.gbl... Use....
PARAMETERS.
NEVER EVER put together your SQL like this.
Look up the term "SQL Injecion attack" in google.
Thomas Tomiczek
THONA Software & Consulting Ltd.
(Microsoft MVP C#/.NET)
"Luis" <ll*@telefonica.net> wrote in message
news:uf**************@TK2MSFTNGP12.phx.gbl... Hi,
I can a big problem... because I have a byte[] data = new byte[length],
and I need to save this to a field on my MySQL database (here I have a BLOB
field) but ¿can I save it? because if I put:
Insert into archiv(ref, databinary) VALUES('"+ref+"', '"+ data+"')
In my Database only save "System.byte[]"
Can Someone help me?
Luis
"Luis" <ll*@telefonica.net> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl... I can't understand you...
But you know how to read documentation?
"Use parameters" but... can you said me one example? because I put in
google
Use Parameters.
* Open online documentation.
* Then start thinking. Along this line: I use SqlConnection, let's see
whether ethere is a SqlParameter.
* Hit.
* Read documentation.
* Read samples.
* Program.
In case you have problems with the documentation, a viable approach is -
google.
Let's see.
"+sqlparameter +sample" as search string.
FIrst site: .NET Samples - ASP.NET Data Access (.NET Framework QuickStarts)
COULD be something. Lets go there.Na, not good.
Let's see further.Fourth link: Inserting Record into Database
Could be it.
http://www.aspnet101.com/aspnet101/a...ode=showinsert
Guess what - complete code sample. OK, in VB.NET, but moving between
languages THAT similar for a similar API should not be that hard on trivial
samples.
SQL Injecion attack and I can't undestand...
And again.
* Open Google.
* enter "+sql +injection +attack" as search term.
* Whow - first titem:
SQL Injection Attacks - Are You Safe?
* Third Item:
The alt.2600 / #hack FAQ: What is an SQL Injection Attack
* Fourth Item:
Secure Your ASP.NET Application from a SQL Injection Attack
Hm - you know how to click the hyperlinks, right? Just wondering.
The first title I got links to http://www.sitepoint.com/article/794 and has
a VERY nice explanation of what "crime" you actually commit by your SQL - it
basiclly is, if the rest of the application is written as well, an
invitation for every hacker out there to delete your database. THis is a
known attack for years now, and everytime I stumble over someone not knowing
what a SQL Injecton attack is I really wonder what planet they live on so
that they do not read current security warnings. SQL Injection attacks are
CRITICAL.
If you can not understand what is in there, you should NOT program databases
but should follow the following path:
* Go to a bookshop or a book online website.
* Get a book about SQL, introductory books. The "for Dummies" books are very
good (without ANY pun intended - I keep them around for reference here and I
really like them) and are pretty thorough and well explained. You could also
get some SQL books from Joe Celko (he really rocks in SQL - very good guy)
and last but not least: reading the complete API documentation and
documentation for your database server is a MUST.
Alternatively:
* Get some training in SQL through a training company.
You should take some good advice from this:
* Newsgroups are perfect BUT
* They are no excuse not to do your homework. This includes
* Reading the documentation first, including going through all the
examples you find.
* Using your own brain. This includes getting your way around google.
* They are no excuse for learning your stuff. Reading some good books is a
way more efficient way to get knowledge than running around and asking
questions for which you actually don't have the knowledge to understand the
answer.
Newsgroups will nve help you getting the basic knowledge. Te are no
replacement for books and the documentation.
Thomas Tomiczek
THONA Software & Consulting Ltd.
(Microsoft MVP C#/.NET)
Thanks
"Thomas Tomiczek [MVP]" <t.********@thona-consulting.com> escribió en el
mensaje news:uI*************@TK2MSFTNGP11.phx.gbl... Use....
PARAMETERS.
NEVER EVER put together your SQL like this.
Look up the term "SQL Injecion attack" in google.
Thomas Tomiczek
THONA Software & Consulting Ltd.
(Microsoft MVP C#/.NET)
"Luis" <ll*@telefonica.net> wrote in message
news:uf**************@TK2MSFTNGP12.phx.gbl... Hi,
I can a big problem... because I have a byte[] data = new
byte[length], and I need to save this to a field on my MySQL database (here I have a
BLOB field) but ¿can I save it? because if I put:
Insert into archiv(ref, databinary) VALUES('"+ref+"', '"+ data+"')
In my Database only save "System.byte[]"
Can Someone help me?
Luis
Oh!! thanks, but I not want to said this :) no problem, I find and if I
have a other problem I will answer :)
I know more or less ALL that you said me, only that the examples that I see
not work correctly and I answers this, but I know the basic structures and I
have a documentation for review...
But, thanks for all.
Thanks...
Luis
"Thomas Tomiczek [MVP]" <t.********@thona-consulting.com> escribió en el
mensaje news:OV****************@TK2MSFTNGP09.phx.gbl...
"Luis" <ll*@telefonica.net> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl... I can't understand you...
But you know how to read documentation?
"Use parameters" but... can you said me one example? because I put in
google
Use Parameters.
* Open online documentation.
* Then start thinking. Along this line: I use SqlConnection, let's see
whether ethere is a SqlParameter.
* Hit.
* Read documentation.
* Read samples.
* Program.
In case you have problems with the documentation, a viable approach is -
google.
Let's see.
"+sqlparameter +sample" as search string.
FIrst site: .NET Samples - ASP.NET Data Access (.NET Framework
QuickStarts)
COULD be something. Lets go there.Na, not good.
Let's see further.Fourth link: Inserting Record into Database
Could be it.
http://www.aspnet101.com/aspnet101/a...ode=showinsert
Guess what - complete code sample. OK, in VB.NET, but moving between
languages THAT similar for a similar API should not be that hard on
trivial samples.
SQL Injecion attack and I can't undestand...
And again.
* Open Google.
* enter "+sql +injection +attack" as search term.
* Whow - first titem:
SQL Injection Attacks - Are You Safe?
* Third Item:
The alt.2600 / #hack FAQ: What is an SQL Injection Attack
* Fourth Item:
Secure Your ASP.NET Application from a SQL Injection Attack
Hm - you know how to click the hyperlinks, right? Just wondering.
The first title I got links to http://www.sitepoint.com/article/794 and
has a VERY nice explanation of what "crime" you actually commit by your SQL -
it basiclly is, if the rest of the application is written as well, an
invitation for every hacker out there to delete your database. THis is a
known attack for years now, and everytime I stumble over someone not
knowing what a SQL Injecton attack is I really wonder what planet they live on so
that they do not read current security warnings. SQL Injection attacks are
CRITICAL.
If you can not understand what is in there, you should NOT program
databases but should follow the following path:
* Go to a bookshop or a book online website.
* Get a book about SQL, introductory books. The "for Dummies" books are
very good (without ANY pun intended - I keep them around for reference here and
I really like them) and are pretty thorough and well explained. You could
also get some SQL books from Joe Celko (he really rocks in SQL - very good guy)
and last but not least: reading the complete API documentation and
documentation for your database server is a MUST.
Alternatively:
* Get some training in SQL through a training company.
You should take some good advice from this:
* Newsgroups are perfect BUT
* They are no excuse not to do your homework. This includes
* Reading the documentation first, including going through all the
examples you find.
* Using your own brain. This includes getting your way around google.
* They are no excuse for learning your stuff. Reading some good books is a
way more efficient way to get knowledge than running around and asking
questions for which you actually don't have the knowledge to understand
the answer.
Newsgroups will nve help you getting the basic knowledge. Te are no
replacement for books and the documentation.
Thomas Tomiczek
THONA Software & Consulting Ltd.
(Microsoft MVP C#/.NET)
Thanks
"Thomas Tomiczek [MVP]" <t.********@thona-consulting.com> escribió en el
mensaje news:uI*************@TK2MSFTNGP11.phx.gbl... Use....
PARAMETERS.
NEVER EVER put together your SQL like this.
Look up the term "SQL Injecion attack" in google.
Thomas Tomiczek
THONA Software & Consulting Ltd.
(Microsoft MVP C#/.NET)
"Luis" <ll*@telefonica.net> wrote in message
news:uf**************@TK2MSFTNGP12.phx.gbl...
> Hi,
>
> I can a big problem... because I have a byte[] data = new byte[length], and
> I need to save this to a field on my MySQL database (here I have a BLOB > field) but ¿can I save it? because if I put:
> Insert into archiv(ref, databinary) VALUES('"+ref+"', '"+ data+"')
>
> In my Database only save "System.byte[]"
>
> Can Someone help me?
>
> Luis
>
>
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Devhead |
last post by:
i have a blob field in an sql server column field that stores html text. how
do i convert it so that it is readable in a text control. right now when i
convert using:
byte byteBlob = (byte)...
|
by: dale zhang |
last post by:
Hi,
I have a C# web application in ASP.Net, which has a user contact info DB in
MS Access. Can I add a column to each user to save pdf attachments for each
user if needed? If so, how do we do...
|
by: Markusek Peter |
last post by:
Hi,
I'm using MySQLDriverCS. I've got no problem to store BLOB into database,
but I can't get it back(save to file).
Problem is with DataTable(returns string:( )
My code:
--
DataTable dt = new...
|
by: Big George |
last post by:
Hello,
I'm trying to save a jpg file of 300KB as a BLOB field in an Oracle
10g Database.
If I try to call a Stored Procedure, it fails.
If I use CommandText with SQL sentence, it success.
I...
|
by: Vinciz |
last post by:
hi guys... im new in java and i would love to learn some of these...
basically i got a sample code to retrieve the blob from the mysql.
however, i dont really know what to do with these...
|
by: kev |
last post by:
Hi folks,
I have created a database to store information on equipments. During
the first level of registration, there is a form that i need the user
to fill up details on the equipment testing....
|
by: =?Utf-8?B?UHVjY2E=?= |
last post by:
Hi, I'm using VS2005, .net 2 and C# for windows application. I need to
convert a IntPtr to a byte to be able to add a meetingBlob data to the
meeting class object in Active Directory schema. I...
|
by: =?Utf-8?B?Unlhbg==?= |
last post by:
How do I read a blob field of a database using System.Byte?
A sample code would be appreciated.
|
by: simonyong |
last post by:
Hello, anyone
I had search for few days with how to save file when user choose a file name from listbox and i will search the file from database and user can save it into their desktop
what I had...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |
