....another beginnger question.
I have a web application in .net v2 VB that requires multiple reads from sql tables where
each read is slightly different - so the sql select statements also differ frequently. I've created a
few functions in an .ascx file to handle these reads and send them back to the main code.
2 examples are below. Each works - the first returns a single integer value, the second returns the entire row
that contains a mix of integers, boolean, and strings. Other similiar functions I've written write data using slightly
different versions for writing strings or integers.
Because I'm using these or similar functions frequently in the application, I'm wondering whether this is the best way to accomplish
these tasks or whether there is a faster, more efficient method to do what I'm doing. Comments?
Thanks in advance
Jeff
Function GetIntAnswer(By Val CurrQuestion As String) As Integer
Dim TableP As System.Data.Dat aView
Dim sb As New StringBuilder(" select ")
sb.Append(CurrQ uestion)
sb.Append(" from Answers where ID = ")
sb.Append(Sessi on("ID"))
SqlAnswers.Sele ctCommand = sb.ToString
TableP = SqlAnswers.Sele ct(DataSourceSe lectArguments.E mpty)
Return TableP.Item(0)( 0)
End Function
Function GetInfo() As System.Data.Dat aView
Dim sb As New StringBuilder(" select * from Questions where QuestionNu = ")
sb.Append(Sessi on("QuestionPoi nter"))
SqlQuestions.Se lectCommand = sb.ToString
Return SqlQuestions.Se lect(DataSource SelectArguments .Empty)
End Function
--
Posted via a free Usenet account from http://www.teranews.com 3 1887
Hello Jeff,
All together now, smile and say, "SQL INJECTION ATTACK!" *click*.
Become intimately familliar with SqlParameter and SqlCommand.
-Boo
...another beginnger question.
I have a web application in .net v2 VB that requires multiple reads
from sql tables where
each read is slightly different - so the sql select statements also
differ frequently. I've created a
few functions in an .ascx file to handle these reads and send them
back to the main code.
2 examples are below. Each works - the first returns a single integer
value, the second returns the entire row
that contains a mix of integers, boolean, and strings. Other similiar
functions I've written write data using slightly
different versions for writing strings or integers.
Because I'm using these or similar functions frequently in the
application, I'm wondering whether this is the best way to accomplish
these tasks or whether there is a faster, more efficient method to do
what I'm doing. Comments?
Thanks in advance
Jeff
Function GetIntAnswer(By Val CurrQuestion As String) As Integer
Dim TableP As System.Data.Dat aView
Dim sb As New StringBuilder(" select ")
sb.Append(CurrQ uestion)
sb.Append(" from Answers where ID = ")
sb.Append(Sessi on("ID"))
SqlAnswers.Sele ctCommand = sb.ToString
TableP = SqlAnswers.Sele ct(DataSourceSe lectArguments.E mpty)
Return TableP.Item(0)( 0)
End Function
Function GetInfo() As System.Data.Dat aView
Dim sb As New StringBuilder(" select * from Questions where
QuestionNu = ")
sb.Append(Sessi on("QuestionPoi nter"))
SqlQuestions.Se lectCommand = sb.ToString
Return SqlQuestions.Se lect(DataSource SelectArguments .Empty)
End Function
I've done some small amount of reading about injection attacks and have the general idea. Could you help out someone new and give me
a bit more detail about what the vulnerability here is and a bit more detail about how to address it? If you're speaking about the
fact that there are text boxes, yes, I'm aware of that problem and will incorporate validation into the application. In the
meantime, I'll attempt to read up as much as I can about SqlParameter and SqlCommand.
Thanks for whatever you have time to offer...
Jeff
"GhostInAK" <gh*******@gmai l.comwrote in message news:be******** *************** ***@news.micros oft.com...
Hello Jeff,
All together now, smile and say, "SQL INJECTION ATTACK!" *click*.
Become intimately familliar with SqlParameter and SqlCommand.
-Boo
...another beginnger question.
I have a web application in .net v2 VB that requires multiple reads
from sql tables where
each read is slightly different - so the sql select statements also
differ frequently. I've created a
few functions in an .ascx file to handle these reads and send them
back to the main code.
2 examples are below. Each works - the first returns a single integer
value, the second returns the entire row
that contains a mix of integers, boolean, and strings. Other similiar
functions I've written write data using slightly
different versions for writing strings or integers.
Because I'm using these or similar functions frequently in the
application, I'm wondering whether this is the best way to accomplish
these tasks or whether there is a faster, more efficient method to do
what I'm doing. Comments?
Thanks in advance
Jeff
Function GetIntAnswer(By Val CurrQuestion As String) As Integer
Dim TableP As System.Data.Dat aView
Dim sb As New StringBuilder(" select ")
sb.Append(CurrQ uestion)
sb.Append(" from Answers where ID = ")
sb.Append(Sessi on("ID"))
SqlAnswers.Sele ctCommand = sb.ToString
TableP = SqlAnswers.Sele ct(DataSourceSe lectArguments.E mpty)
Return TableP.Item(0)( 0)
End Function
Function GetInfo() As System.Data.Dat aView
Dim sb As New StringBuilder(" select * from Questions where
QuestionNu = ")
sb.Append(Sessi on("QuestionPoi nter"))
SqlQuestions.Se lectCommand = sb.ToString
Return SqlQuestions.Se lect(DataSource SelectArguments .Empty)
End Function
--
Posted via a free Usenet account from http://www.teranews.com
Hello Jeff,
Between doin your homework on sql injection attacks and reading the MSDN
doco on SqlParameter and SqlCommand.. you should be golden.
-Boo
I've done some small amount of reading about injection attacks and
have the general idea. Could you help out someone new and give me
a bit more detail about what the vulnerability here is and a bit more
detail about how to address it? If you're speaking about the
fact that there are text boxes, yes, I'm aware of that problem and
will incorporate validation into the application. In the
meantime, I'll attempt to read up as much as I can about SqlParameter
and SqlCommand.
Thanks for whatever you have time to offer...
Jeff
"GhostInAK" <gh*******@gmai l.comwrote in message
news:be******** *************** ***@news.micros oft.com...
>Hello Jeff,
All together now, smile and say, "SQL INJECTION ATTACK!" *click*.
Become intimately familliar with SqlParameter and SqlCommand.
-Boo
>>...another beginnger question.
I have a web application in .net v2 VB that requires multiple reads from sql tables where
each read is slightly different - so the sql select statements also differ frequently. I've created a
few functions in an .ascx file to handle these reads and send them back to the main code.
2 examples are below. Each works - the first returns a single integer value, the second returns the entire row
that contains a mix of integers, boolean, and strings. Other similiar functions I've written write data using slightly
different versions for writing strings or integers.
Because I'm using these or similar functions frequently in the application , I'm wondering whether this is the best way to accomplish
these tasks or whether there is a faster, more efficient method to do what I'm doing. Comments?
Thanks in advance Jeff Function GetIntAnswer(By Val CurrQuestion As String) As Integer Dim TableP As System.Data.Dat aView Dim sb As New StringBuilder(" select ") sb.Append(Cur rQuestion) sb.Append(" from Answers where ID = ") sb.Append(Ses sion("ID")) SqlAnswers.Se lectCommand = sb.ToString TableP = SqlAnswers.Sele ct(DataSourceSe lectArguments.E mpty) Return TableP.Item(0)( 0) End Function Function GetInfo() As System.Data.Dat aView Dim sb As New StringBuilder(" select * from Questions where QuestionNu = ") sb.Append(Ses sion("QuestionP ointer")) SqlQuestions. SelectCommand = sb.ToString Return SqlQuestions.Se lect(DataSource SelectArguments .Empty) End Function
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Narendra C. Tulpule |
last post by:
Hi,
if you know the Python internals, here is a newbie question for you.
If I have a list with 100 elements, each element being a long string,
is it more efficient to maintain it as a dictionary (with a key = a
string from the list and value = None) for the purpose of insertion
and removal?
Basically, if Python really implements lists as linked lists but
dictionaries as hash tables, it may well be that hashing a key takes
negligible time...
|
by: Kamus of Kadizhar |
last post by:
ANother newbie question:
I have large files I'm dealing with. Some 600MB -1.2 GB in size, over a
slow network. Transfer of one of these files can take 40 minutes or an
hour.
I want to check the integrity of the files after transfer. I can check
the obvious - date, file size - quickly, but what if I want an MD5 hash?
From reading the python docs, md5 reads the entire file as a string.
|
by: Awah Teh |
last post by:
I am working on a project that involves importing IIS Log files into a SQL
Server database (and these logfiles are big --> Some up to 2GB in size).
Up until now I thought that DTS or the BULK INSERT command was the fastest
method out there, but still proves to be long (taking an average of 45mns to
an hour to process each log file).
Because I have to import the log files from three web heads in my cluster
(therefore 2GB log files per...
|
by: sandeep |
last post by:
Hi i am new to this group and to c++ also though i have the knowledge
of "c" and now want to learn c++ and data structure using c/c++ .
so could nebody please suggest me some tips(books,links,&experiences)
so that i can be an EFFICIENT programmer of c++.
Also i want to ask that how can we develope efficient codes and what
are various techniques for writing code sin efficient manner.
Please help me.
|
by: John |
last post by:
Just a general question...
I'm currently using a combobox that when updated, opens a form with
its recordset based on a query using the combo box value as the
criteria.
I'm I correct in thinking that using:
docmd.openfrm "frmName",,,where "=" & cboSelectID
will open all records and then just navigate to that filtered record,
which is not as fast/efficient as using a query where the criteria is
| |
by: Eirik WS |
last post by:
Is there a more efficient way of comparing a string to different words?
I'm doing it this way:
if(strcmp(farge, "kvit") == 0)
peikar_til_glas_struktur->farge = KVIT;
if(strcmp(farge, "raud") == 0)
peikar_til_glas_struktur->farge = RAUD;
if(strcmp(farge, "blå") == 0)
peikar_til_glas_struktur->farge = BLAA;
if(strcmp(farge, "gul") == 0)
|
by: hoopsho |
last post by:
Hi Everyone,
I am trying to write a program that does a few things very fast
and with efficient use of memory...
a) I need to parse a space-delimited file that is really large,
upwards fo a million lines.
b) I need to store the contents into a unique hash.
c) I need to then sort the data on a specific field.
d) I need to pull out certain fields and report them to the user.
|
by: chrisben |
last post by:
Hi,
I need to insert more than 500,000 records at the end of the day in a C#
application. I need to finish it as soon as possible.
I created a stored procedure and called it from ADO to insert one by one. It
is kind of slow (seems slower than using a DTS package to import from a file).
Just a general question, in ADO, what will be the MOST efficient way to do
this work. I normally do it as I described. I am using .NET framework 1.1
|
by: Ken Fine |
last post by:
This is a question that someone familiar with ASP.NET and ADO.NET DataSets
and DataTables should be able to answer fairly easily. The basic question is
how I can efficiently match data from one dataset to data in a second
dataset, using a common key. I will first describe the problem in words and
then I will show my code, which has most of the solution done already.
I have built an ASP.NET that queries an Index Server and returns a...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |