|
I'm installing sql server 2005 and already have 2000 installed. That's my problem. I can install sql server 2005 but afterwards there is no sql server management studio option in the start menu, only 'sql server 2005 -> Configuration Tools'.
Kiefie
The man with an idea.
|
|
|
|
|
|
It is the full version (Enterprise) I believe.
Another fellow developer here also tried it and got the same results - no Management Studio.
I just started at this company and am trying to get my pc setup...
Kiefie
The man with an plan.
|
|
|
|
|
SSMS (SQL Server Management Studio) should be under:
Workstation Components, Books Online, and Development Tools
in the installation.
|
|
|
|
|
I may have found the cause and the solution, trying it now...
Cause : SQL 2000 was installed and then Visual Studio 2005, with VS 2005 it installs 'sql Express' so when you install sql 2005 it sees it as already installed and therefore does not update the start menu shortcuts.
Solution : Uninstall sql Express then re-install 2005.
Kiefie
The man with an plan.
|
|
|
|
|
I execute an sql-query from code (C#) via OleDb to an Access database.
But one of the values pasted in the query has a ' character resulting in an error.
How can you escape that character in the query?
eg. SELECT * from A_Communes where label_d like 'BRAINE-L'ALLEUD%';
I googled for it, but most results are for Oracle which don't seem to work for Access.
thanks.
|
|
|
|
|
You should use sqlparameters as they will help you to avoid issues with escape characters and it will protect you from sql injections.
|
|
|
|
|
Unfortunately we don't use sqlparameters and I don't think it's an option to re-write the DAL component...
|
|
|
|
|
Then you should parse all the query and replace ' with \' but you will have to do that for every escape character. But it leaves your database open to sql injections. Have a look at these links:
http://www.codeproject.com/aspnet/SqlInjection.asp
http://www.codeproject.com/cs/database/SqlInjectionAttacks.asp
|
|
|
|
|
V. wrote: Unfortunately we don't use sqlparameters and I don't think it's an option to re-write the DAL component...
Then you should give the person that wrote the DAL a good hard slap for being an idiot.
Seriously - You need to use SqlParameters to reduce the risk of a SQL Injection Attack. No ifs, no buts, it just needs to be done.
Upcoming events:
* Glasgow: Mock Objects, SQL Server CLR Integration, Reporting Services, db4o, Dependency Injection with Spring ...
* Reading: Developer Day 5
Ready to Give up - Your help will be much appreciated.
My website
|
|
|
|
|
Colin Angus Mackay wrote: Then you should give the person that wrote the DAL a good hard slap for being an idiot
It was me... the dll is actually a very easy and stable dal component, but written before I even knew the very existance of what SQL injection was. I'll probably keep myself busy with making this better, but now is just not the time...
|
|
|
|
|
Do you have to the time to waste with problems like the one you're asking about now? Either you make your future life easier by rewriting for parameters, or you waste your time by dealing with little problems that crop up like this because you didn't use parameters in the first place.
|
|
|
|
|
Maybe you didn't mean too, but I find this reply not really constructive.
If you can't give a constructive answer, please don't waste your time writing it.
Your parameters option might be the best and I surely will keep it in mind for the future, but for now the DAL component I wrote has saved me hours and hours of time, so it can't be thát bad. (Yes I know, it probably is in your eyes.)
thank you.
|
|
|
|
|
V. wrote: I wrote has saved me hours and hours of time,
Did it now?
So now you're stuck with this problem, future problems, and if just a single attack get's through and destroys your database, how many hours of time are you going to "Save" rebuilding it?
Let me put it to you this way. Your code is going to face an attack. It's inevitable in a production environment. Where is the most likely source of an attack going to come from? The first one on your list of things to plan for are disgruntled employees, not some script-kiddies or hackers.
|
|
|
|
|
|
Dave is right. Statistically most attacks are insider jobs.
Upcoming events:
* Glasgow: Mock Objects, SQL Server CLR Integration, Reporting Services, db4o, Dependency Injection with Spring ...
* Reading: Developer Day 5
Ready to Give up - Your help will be much appreciated.
My website
|
|
|
|
|
lol, I'm not saying he was wrong, I just didn't like the tone of his reply.
You set me straight as well, but at least in a constructive way.
|
|
|
|
|
ah... okay.
Upcoming events:
* Glasgow: Mock Objects, SQL Server CLR Integration, Reporting Services, db4o, Dependency Injection with Spring ...
* Reading: Developer Day 5
Ready to Give up - Your help will be much appreciated.
My website
|
|
|
|
|
do it like this
SELECT * from A_Communes where label_d like 'BRAINE-L''ALLEUD%';
just place another [ ' ] the apostrophe
|
|
|
|
|
life can be so simple sometimes...
Thank you very much!
|
|
|
|
|
The advice you were given still leaves you vulnerable to SQL Injection Attacks. Please use parameterised queries at a minimum to reduce the risk.
Upcoming events:
* Glasgow: Mock Objects, SQL Server CLR Integration, Reporting Services, db4o, Dependency Injection with Spring ...
* Reading: Developer Day 5
Ready to Give up - Your help will be much appreciated.
My website
|
|
|
|
|
gamzun wrote: just place another [ ' ] the apostrophe
That is poor advice. While technically it will work, it still has the risk of SQL Injection Attacks occurring. You should be using parameterised queries, that way you don't have to escape anything.
Upcoming events:
* Glasgow: Mock Objects, SQL Server CLR Integration, Reporting Services, db4o, Dependency Injection with Spring ...
* Reading: Developer Day 5
Ready to Give up - Your help will be much appreciated.
My website
|
|
|
|
|
yes I know its a bad choice to accomplish that but as he wants it that way can't help him out in any other way
|
|
|
|
|
I have data in MS SQL Server 2005 express edition, my client want that database to be in Oracle 10g. Can anyone please suggest me any solution to do that with ease.
Thanks
|
|
|
|
|
hi
i havnt used 2005 i am presntly using 2000
u can do this using sql enterprise manager with option export data--> select the Server(10G) and follow the wizard
NOTE: 10G should be installed
|
|
|
|