|
...but bear in mind that input fields on web forms are not the only method a hacker has of passing data to your application - they can also use the QueryString and even cookie values, so if you utilise any of these you msu also validate them.
Basically, validate ANYTHING that gets passed to the database. Life is much easier if you don't allow HTML to be posted, but unfortunately a lot of clients want it nowadays... but, for example, no-one should ever be allowed to pass "<script" back...
|
|
|
|
|
Agreed. I'm aware of this.
What I wanted most was some advise on the initial code, i.e. if the approach described is vulnerable in some way. Any ideas?
Regards,
Daníel
Wenn ist das Nunstück git und Slotermeyer? Ja! Beierhund das oder die Flipperwaldt gersput!
|
|
|
|
|
Well I hope it is, as it's essentially what I do as well in such a case... basically, you have ensured that nothing but an integer can get passed to your query, so you should be safe...
|
|
|
|
|
I am showing one image initialy. Now I need to manipulate with image color and i am changing image color in same image and once again i m assigning the image source as same image name.Physically it is changing color and showing changed colored image on drive but on page it is not refreshing. I mean it is not showing that changed color image. If i assign some other image name to its source and put one alert msg and then i assign the same image name then it is showing that changed color image. i dont know why withou alert msg it is not showing that changed color image.
|
|
|
|
|
Ive found in the past that I have an image which I change in my file location but when I go to the webpage it didnt change. I deleted my cache and then it was updated. maybe try that.
Post back if that doesnt work
We are not a Code Charity
|
|
|
|
|
The image is cached in the browser, so reloading the image will only load it from the cache, not from the server.
You can add a querystring to the url that changes every time you reload the image. That way the url is different every time, and the browser has to get the image from the server.
Despite everything, the person most likely to be fooling you next is yourself.
|
|
|
|
|
SqlDataAdapter da = new SqlDataAdapter();
...
...
...
da.Update(tbl);
where tbl is DataTable object and it has records.
for above code I am passing some command
da.command=....
It has more than one insert query so if error occur in any one insert query then everything should be roll back from database.
how to maintain transaction in da.update(tbl) or any other option to roll back if error occur or da.update(tbl) itself not insert anything if error occur in anyone.
thanks
You get the best out of others when you give the best of yourself.
|
|
|
|
|
Hi, According to me this is possible through the Transaction Scope. Please a test with this.
using( TransactionScope tx = new TransactionScope()))
{
da.Update(tbl);
tx.Complete();
}
Parwej Ahamad
R & D: REST services with WCF
|
|
|
|
|
System.Data.DataSet dsEntityReturned;
System.Data.DataTable dtEntityReturned;
public System.Data.DataSet ToDataSet(ArrayList arrayList)
{
dsEntityReturned = new System.Data.DataSet();
int i=0;
foreach (object obj in arrayList)
{
dtEntityReturned = new System.Data.DataTable();
dsEntityReturned.Tables.Add(dtEntityReturned);
dsEntityReturned.Tables[i].Columns.Add("Region", System.Type.GetType("System.Object"));
dsEntityReturned.Tables[i].Columns.Add("dat", System.Type.GetType("System.Object"));
dsEntityReturned.Tables[i].Columns.Add("rs_date", System.Type.GetType("System.Object"));
System.Data.DataRow rows = dsEntityReturned.Tables[i].NewRow();
rows[0].ItemArray = new object[] { obj }; //error comes here
dsEntityReturned.Tables[i].Rows.Add(rows);
i++;
}
return dsEntityReturned;
}
Can anyone tell me how the problem can be solved?
Am tryin to convert an array list to dataset
each item in arraylist is a multidimensional array and the arraylist contains more than one item
Regards,
Arun.
|
|
|
|
|
please can anyone tell me ...what is the problem here?
Regards,
Arun.
|
|
|
|
|
Hello everybody
I need to read the inbox mail from my application how can i read
i have completed sending its easy but i have no idea of reading mail
Best Regards,
Chetan Patel
|
|
|
|
|
So you want to access your e-mail accounts and read the e-mails in them using asp.net??
Why?
We are not a Code Charity
|
|
|
|
|
I have code now ok don't think yourself smart
Best Regards,
Chetan Patel
|
|
|
|
|
I don't think Im smart, you just posted a silly question
We are not a Code Charity
|
|
|
|
|
Don't be rude. You'll get yourself ignored in the future.
|
|
|
|
|
hai friends
in a page i have two iframes namely iframe1 and iframe2
iframe1 has a default.aspx page as srouce and
iframe2 has a default2.aspx page as srouce
i transfered data from iframe1 to iframe2 thru java script
in default2.aspx page ihave a dropdown list box
i assigned some text to this drop down list thru javascript
the code is
parent.frames("iframe1").document.forms("form2").item("DropDownList1").value = sometext;
the is already a item in dropdownlist
now here i want to raise the "selectedindexchanged" event of dropdownlist
plz help me
thanks in advance
vijay
|
|
|
|
|
do you mean you want to know how to call an event i.e selectedindexchanged?
We are not a Code Charity
|
|
|
|
|
How to store audio files in sqlserver 2000? i want to store all mp3 files in sqlserver and want to retrieve them from the database , so that i can play them one by one , can anyone tell me the code for this task ? please suggest me the logic or any code for this help me out
|
|
|
|
|
As audio file is big enough you can store as VARBINARY type which stores as binary data if VARBINARY is available in SQL SERVER 2000(VARBINARy is avaiable in sql server 2005). As I am working using sql server 2005 please check what is equivalent to VARBINARY of SQl server 2005 in SQL server 2000.
Thanks,
Arindam D Tewary
|
|
|
|
|
Why not store the address for the music file in the database and then just retrive that, therefore you wont database wont bloat in size with loads of music files
We are not a Code Charity
|
|
|
|
|
Although i would recommend u not to store audio files in sql, rather u should store them in ur file system, I guess you need to store them in sql as BLOB type ie in a byte stream. While fetching it from sql again u have to convert again this byte stream to ur suitable format(audio).
|
|
|
|
|
|
what ?
Christian Graus
Please read this if you don't understand the answer I've given you
"also I don't think "TranslateOneToTwoBillion OneHundredAndFortySevenMillion FourHundredAndEightyThreeThousand SixHundredAndFortySeven()" is a very good choice for a function name" - SpacixOne ( offering help to someone who really needed it ) ( spaces added for the benefit of people running at < 1280x1024 )
|
|
|
|
|
LMAO again. This guy thought he was going to get the code from his previous question...
"Sex is not the answer, it's the question and the answer is yes"
|
|
|
|
|
Oh no I jus voted this question as Good accidently! what have I done!
This guy needs to be removed from the forum
We are not a Code Charity
|
|
|
|