473,473 Members | 2,215 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

Is this the most efficient/fastest code to use? (beginner sql question)


....another beginnger question.
I have a web application in .net v2 VB that requires multiple reads from sql tables where
each read is slightly different - so the sql select statements also differ frequently. I've created a
few functions in an .ascx file to handle these reads and send them back to the main code.

2 examples are below. Each works - the first returns a single integer value, the second returns the entire row
that contains a mix of integers, boolean, and strings. Other similiar functions I've written write data using slightly
different versions for writing strings or integers.

Because I'm using these or similar functions frequently in the application, I'm wondering whether this is the best way to accomplish
these tasks or whether there is a faster, more efficient method to do what I'm doing. Comments?

Thanks in advance
Jeff

Function GetIntAnswer(ByVal CurrQuestion As String) As Integer
Dim TableP As System.Data.DataView
Dim sb As New StringBuilder("select ")
sb.Append(CurrQuestion)
sb.Append(" from Answers where ID = ")
sb.Append(Session("ID"))
SqlAnswers.SelectCommand = sb.ToString
TableP = SqlAnswers.Select(DataSourceSelectArguments.Empty)
Return TableP.Item(0)(0)
End Function

Function GetInfo() As System.Data.DataView
Dim sb As New StringBuilder("select * from Questions where QuestionNu = ")
sb.Append(Session("QuestionPointer"))
SqlQuestions.SelectCommand = sb.ToString
Return SqlQuestions.Select(DataSourceSelectArguments.Empt y)
End Function

--
Posted via a free Usenet account from http://www.teranews.com

Sep 20 '06 #1
3 1861
Hello Jeff,

All together now, smile and say, "SQL INJECTION ATTACK!" *click*.

Become intimately familliar with SqlParameter and SqlCommand.

-Boo
...another beginnger question.

I have a web application in .net v2 VB that requires multiple reads
from sql tables where

each read is slightly different - so the sql select statements also
differ frequently. I've created a

few functions in an .ascx file to handle these reads and send them
back to the main code.

2 examples are below. Each works - the first returns a single integer
value, the second returns the entire row

that contains a mix of integers, boolean, and strings. Other similiar
functions I've written write data using slightly

different versions for writing strings or integers.

Because I'm using these or similar functions frequently in the
application, I'm wondering whether this is the best way to accomplish

these tasks or whether there is a faster, more efficient method to do
what I'm doing. Comments?

Thanks in advance
Jeff
Function GetIntAnswer(ByVal CurrQuestion As String) As Integer
Dim TableP As System.Data.DataView
Dim sb As New StringBuilder("select ")
sb.Append(CurrQuestion)
sb.Append(" from Answers where ID = ")
sb.Append(Session("ID"))
SqlAnswers.SelectCommand = sb.ToString
TableP = SqlAnswers.Select(DataSourceSelectArguments.Empty)
Return TableP.Item(0)(0)
End Function
Function GetInfo() As System.Data.DataView
Dim sb As New StringBuilder("select * from Questions where
QuestionNu = ")
sb.Append(Session("QuestionPointer"))
SqlQuestions.SelectCommand = sb.ToString
Return SqlQuestions.Select(DataSourceSelectArguments.Empt y)
End Function

Sep 21 '06 #2

I've done some small amount of reading about injection attacks and have the general idea. Could you help out someone new and give me
a bit more detail about what the vulnerability here is and a bit more detail about how to address it? If you're speaking about the
fact that there are text boxes, yes, I'm aware of that problem and will incorporate validation into the application. In the
meantime, I'll attempt to read up as much as I can about SqlParameter and SqlCommand.

Thanks for whatever you have time to offer...

Jeff

"GhostInAK" <gh*******@gmail.comwrote in message news:be**************************@news.microsoft.c om...
Hello Jeff,

All together now, smile and say, "SQL INJECTION ATTACK!" *click*.

Become intimately familliar with SqlParameter and SqlCommand.

-Boo
...another beginnger question.

I have a web application in .net v2 VB that requires multiple reads
from sql tables where

each read is slightly different - so the sql select statements also
differ frequently. I've created a

few functions in an .ascx file to handle these reads and send them
back to the main code.

2 examples are below. Each works - the first returns a single integer
value, the second returns the entire row

that contains a mix of integers, boolean, and strings. Other similiar
functions I've written write data using slightly

different versions for writing strings or integers.

Because I'm using these or similar functions frequently in the
application, I'm wondering whether this is the best way to accomplish

these tasks or whether there is a faster, more efficient method to do
what I'm doing. Comments?

Thanks in advance
Jeff
Function GetIntAnswer(ByVal CurrQuestion As String) As Integer
Dim TableP As System.Data.DataView
Dim sb As New StringBuilder("select ")
sb.Append(CurrQuestion)
sb.Append(" from Answers where ID = ")
sb.Append(Session("ID"))
SqlAnswers.SelectCommand = sb.ToString
TableP = SqlAnswers.Select(DataSourceSelectArguments.Empty)
Return TableP.Item(0)(0)
End Function
Function GetInfo() As System.Data.DataView
Dim sb As New StringBuilder("select * from Questions where
QuestionNu = ")
sb.Append(Session("QuestionPointer"))
SqlQuestions.SelectCommand = sb.ToString
Return SqlQuestions.Select(DataSourceSelectArguments.Empt y)
End Function



--
Posted via a free Usenet account from http://www.teranews.com

Sep 22 '06 #3
Hello Jeff,

Between doin your homework on sql injection attacks and reading the MSDN
doco on SqlParameter and SqlCommand.. you should be golden.

-Boo
I've done some small amount of reading about injection attacks and
have the general idea. Could you help out someone new and give me

a bit more detail about what the vulnerability here is and a bit more
detail about how to address it? If you're speaking about the

fact that there are text boxes, yes, I'm aware of that problem and
will incorporate validation into the application. In the

meantime, I'll attempt to read up as much as I can about SqlParameter
and SqlCommand.

Thanks for whatever you have time to offer...

Jeff

"GhostInAK" <gh*******@gmail.comwrote in message
news:be**************************@news.microsoft.c om...
>Hello Jeff,

All together now, smile and say, "SQL INJECTION ATTACK!" *click*.

Become intimately familliar with SqlParameter and SqlCommand.

-Boo
>>...another beginnger question.

I have a web application in .net v2 VB that requires multiple reads
from sql tables where

each read is slightly different - so the sql select statements also
differ frequently. I've created a

few functions in an .ascx file to handle these reads and send them
back to the main code.

2 examples are below. Each works - the first returns a single
integer value, the second returns the entire row

that contains a mix of integers, boolean, and strings. Other
similiar functions I've written write data using slightly

different versions for writing strings or integers.

Because I'm using these or similar functions frequently in the
application, I'm wondering whether this is the best way to
accomplish

these tasks or whether there is a faster, more efficient method to
do what I'm doing. Comments?

Thanks in advance
Jeff
Function GetIntAnswer(ByVal CurrQuestion As String) As Integer
Dim TableP As System.Data.DataView
Dim sb As New StringBuilder("select ")
sb.Append(CurrQuestion)
sb.Append(" from Answers where ID = ")
sb.Append(Session("ID"))
SqlAnswers.SelectCommand = sb.ToString
TableP = SqlAnswers.Select(DataSourceSelectArguments.Empty)
Return TableP.Item(0)(0)
End Function
Function GetInfo() As System.Data.DataView
Dim sb As New StringBuilder("select * from Questions where
QuestionNu = ")
sb.Append(Session("QuestionPointer"))
SqlQuestions.SelectCommand = sb.ToString
Return SqlQuestions.Select(DataSourceSelectArguments.Empt y)
End Function

Sep 22 '06 #4
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
6
Are lists at least as efficient as dictionaries?
by: Narendra C. Tulpule | last post by:
Hi, if you know the Python internals, here is a newbie question for you. If I have a list with 100 elements, each element being a long string, is it more efficient to maintain it as a dictionary...
Latest Bytes
3
Efficient MD5 (or similar) hashes
by: Kamus of Kadizhar | last post by:
ANother newbie question: I have large files I'm dealing with. Some 600MB -1.2 GB in size, over a slow network. Transfer of one of these files can take 40 minutes or an hour. I want to check...
Latest Bytes
2
Hyper-efficient Text Importing
by: Awah Teh | last post by:
I am working on a project that involves importing IIS Log files into a SQL Server database (and these logfiles are big --> Some up to 2GB in size). Up until now I thought that DTS or the BULK...
Latest Bytes
3
About Efficient c++
by: sandeep | last post by:
Hi i am new to this group and to c++ also though i have the knowledge of "c" and now want to learn c++ and data structure using c/c++ . so could nebody please suggest me some...
Latest Bytes
6
Q: What is the most efficient/fastest way to open a form?
by: John | last post by:
Just a general question... I'm currently using a combobox that when updated, opens a form with its recordset based on a query using the combo box value as the criteria. I'm I correct in...
Latest Bytes
18
A more efficient way
by: Eirik WS | last post by:
Is there a more efficient way of comparing a string to different words? I'm doing it this way: if(strcmp(farge, "kvit") == 0) peikar_til_glas_struktur->farge = KVIT; if(strcmp(farge, "raud") ==...
Latest Bytes
11
fastest way to parse a file; Most efficient way to store the data?
by: hoopsho | last post by:
Hi Everyone, I am trying to write a program that does a few things very fast and with efficient use of memory... a) I need to parse a space-delimited file that is really large, upwards fo a...
Latest Bytes
13
Most efficient way to insert 1,000,000 records?
by: chrisben | last post by:
Hi, I need to insert more than 500,000 records at the end of the day in a C# application. I need to finish it as soon as possible. I created a stored procedure and called it from ADO to insert...
Latest Bytes
3
How can I make this more efficient? (combining DataSet results with the results of a DB lookup.)
by: Ken Fine | last post by:
This is a question that someone familiar with ASP.NET and ADO.NET DataSets and DataTables should be able to answer fairly easily. The basic question is how I can efficiently match data from one...
Latest Bytes
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Latest Bytes
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Latest Bytes
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
Latest Bytes
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Latest Bytes
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Latest Bytes
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Latest Bytes
0
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
Latest Bytes
1
muto222
php
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
Latest Bytes
0
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
Latest Bytes

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us