|
|
Don't do it like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.
When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood' The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable; Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x'; A perfectly valid SELECT
DROP TABLE MyTable; A perfectly valid "delete the table" command
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.
So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
As Griff said, your code is vulnerable to SQL Injection[^].
Fixing it to use parameters isn't too hard:
StringBuilder sb = new StringBuilder("INSERT INTO table VALUES (");
foreach (object value in ((IDictionary<string, object>)rec).Values)
{
if (command.Parameters.Count != 0) sb.Append(", ");
string name = "@V" + command.Parameters.Count;
command.Parameters.AddWithValue(name, value);
sb.Append(name);
}
sb.Append(");");
command.CommandText = sb.ToString();
However, this may still not work. You haven't specified the list of columns you want to insert into. And there's no guarantee that the dictionary's Values collection will return the values in the same order as the columns of the table. So you could end up trying to insert the wrong value into the wrong column, which will either result in an error, or in data corruption.
Assuming the keys of your dictionary match the column names from your table, you'll want something more like this:
StringBuilder columnsList = new StringBuilder();
StringBuilder valuesList = new StringBuilder();
foreach (KeyValuePair<string, object> item in (IDictionary<string, object>)rec)
{
if (columnsList.Length != 0) columnsList.Append(", ");
if (valuesList.Length != 0) valuesList.Append(", ");
string name = "@" + item.Key;
command.Parameters.AddWithValue(name, item.Value);
columnsList.Append(item.Key);
valuesList.Append(name);
}
command.CommandText = "INSERT INTO table (" + columnsList + ") VALUES (" + valuesList + ");";
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I updated a project from .Net Framework 4.7 to .Net Core 6.
I'm getting compilation errors saying it can't find "Microsoft.Practices.Composite.Presentation.Events"
Is this depracated? Anyone know what the new namespace is? I've been Googling and can't find it.
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
Ya can't fix stupid.
|
|
|
|
|
It looks like that was part of the Microsoft Patterns & Practices Enterprise library, which has been deprecated and no longer supported.
I don't know of any replacement library for it.
|
|
|
|
|
|
I am making a VR game and I have this script and it's getting a lot of errors. I only have one more error to diagnose, but I just can't figure out the problem. It's error code CS1001, and here is the script.
using PhotonVRManager;
using System.Collections;
using System.Collections.Generic;
using UnityEngine;
using UnityEngine.UI;
using Photon;
using TMPro;
public class NameScript : MonoBehaviour
{
public string NameVar;
public TextMeshPro NameText;
private void Update()
{
if (NameVar.Length > 12);
{
NameVar = NameVar.Substring(0, 12);
}
NameText.text = NameVar;
PhotonVRManager.SetUsername(NameVar);
}
}
|
|
|
|
|
If you search for the error number CS1001 at DuckDuckGo[^] you will find it is declaring an enum. Where that is occurring is up to you to debug and find out check out the properties of TextMeshPro (guess only)
Never underestimate the power of human stupidity -
RAH
I'm old. I know stuff - JSOP
|
|
|
|
|
Since we have no idea where in that code the problem is being reported, we pretty much have to guess.
In this case, it's probably this line:
if (NameVar.Length > 12); The semicolon ends the statement, so the following code block will be executed regardless of the if condition.
If you had indented your code properly - and Visual Studio will do that for you - =that would have been pretty obvious!
You should expect to get syntax errors every day, probably many times a day while you are coding - we all do regardless of how much experience we have! Sometimes, we misspell a variable, or a keyword; sometimes we forget to close a string or a code block. Sometimes the cat walks over your keyboard and types something really weird. Sometimes we just forget how many parameters a method call needs.
We all make mistakes.
And because we all do it, we all have to fix syntax errors - and it's a lot quicker to learn how and fix them yourself than to wait for someone else to fix them for you! So invest a little time in learning how to read error messages, and how to interpret your code as written in the light of what the compiler is telling you is wrong - it really is trying to be helpful!
So read this: How to Write Code to Solve a Problem, A Beginner's Guide Part 2: Syntax Errors[^] - it should help you next time you get a compilation error!
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
It might help if you would copy past the error description here. The error code alone doesn’t say much to some of us
modified 14-Nov-22 9:37am.
|
|
|
|
|
|
I have developed Console Application in .NET Compact Framework 3.5 for an embedded device.
I have a foreach loop which check for file exists. If file not found I have displayed message using MessageBox.
My message box pops up to 5 times due to use of for each loop. But at the end of 5th MessageBox display when i press Ok it gets stuck on
MessageBox.Show(p + "File Not Found...!!!!"); and does not go forward when checked in debugging mode
foreach (string p in TypeofProcess)
{
string FileToFetch1 = getFileName(p);
if (File.Exists(FileToFetch1))
{
using (StreamReader r = File.OpenText(FileToFetch1))
{
ReadAndDumpToCNC(r, 36000+i, 31000+i, 41000+i);
}
}
else
{
MessageBox.Show(p + "File Not Found...!!!!");
}
i = i + 1000;
}
|
|
|
|
|
What do you mean "does not go forward when checked in debugging mode"?
What exactly did you do, and what exactly did you find using the debugger?
And why use MessageBox in a Console app at all?
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Hi, i deployed the code on my embedded device for debugging, when file is not found message box will show to alert user. However after completion of foreach loop code should continue further, right?? But when i pause my code it is still stuck at line Message.ShowBox. Code after foreach loop does not get execute.
|
|
|
|
|
You haven't shown any code after the foreach loop, so we have no idea whether it should continue.
Does the message actually show? Have you dismissed it? Does the MessageBox.Show method actually return control to your code?
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
The below code runs in an infinite loop in console application. Message box is shown and user press OK everytime it is shown. At last iteration of foreach loop when user press ok it should continue to check next if condition in an infinite loop, mean while it does not. And when i pause my code to check where the control of the code is, it shows me control at Message.ShowBox line and even after pressing step over it still remains at that place.
Just for info.. it is developed in .net Compact 3.5 in visual studio 2008
for(;;)
{
if (CheckBitData(5, 965) == true)
{
string[] TypeofProcess = { "P", "V", "F", "C", "Q" };
int i = 0;
foreach (string p in TypeofProcess)
{
string FileToFetch1 = getFileName(p);
if (File.Exists(FileToFetch1))
{
using (StreamReader r = File.OpenText(FileToFetch1))
{
ReadAndDumpToCNC(r, 36000+i, 31000+i, 41000+i);
}
}
else
{
MessageBox.Show(p + "File Not Found...!!!!");
}
i = i + 1000;
}
MakeZeroPMC(5, 965);
}
if (CheckBitData(5, 967) == true)
{
ManipulateArray(31000, 31999, 41000, 36000, 11075, 11076);
MakeMasterData("Power", "Max", 41000, 41999);
MakeMasterData("Power", "Min", 36000, 36999);
ManipulateArray(32000, 32999, 42000, 37000, 11077, 11078);
MakeMasterData("Voltage", "Max", 42000, 42999);
MakeMasterData("Voltage", "Min", 37000, 37999);
ManipulateArray(33000, 33999, 43000, 38000, 11079, 11080);
MakeMasterData("Freq", "Max", 43000, 43999);
MakeMasterData("Freq", "Min", 38000, 38999);
ManipulateArray(34000, 34999, 44000, 39000, 11081, 11082);
MakeMasterData("Curr", "Max", 44000, 44999);
MakeMasterData("Curr", "Min", 39000, 39999);
ManipulateArray(35000, 35999, 45000, 40000, 11083, 11084);
MakeMasterData("Quench", "Max", 45000, 45999);
MakeMasterData("Quench", "Min", 40000, 40999);
MakeZeroPMC(5, 967);
}
if (CheckBitData(5, 968) == true)
{
DumpMasterDataG1V();
MakeZeroPMC(5, 968);
}
if (CheckBitData(5, 969) == true)
{
DumpMasterDataG1Q();
MakeZeroPMC(5, 969);
}
if (CheckBitData(5, 970) == true)
{
DumpMasterDataG2V();
MakeZeroPMC(5, 970);
}
if (CheckBitData(5, 971) == true)
{
DumpMasterDataG2Q();
MakeZeroPMC(5, 971);
}
System.Threading.Thread.Sleep(10);
}
|
|
|
|
|
"Step over" will execute the line, which will show the message box. The code won't continue until you press "OK" in that message box.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Yes at last iteration also, it is executing message show box line then message show box appears then i press ok. Only after i press ok message box disappears and control of code remains on that same line it doesn't continue my for(;;). And my application doesn't responds to futher triggers
|
|
|
|
|
How are you expecting to escape from your infinite loop? Your first line is
for(;;) , so when your main inner loop has finished, it will start all over again unless you have a
break lower down that we cannot see.
|
|
|
|
|
yes i want to continue my for(;;) loop but my code gets stuck at Message Box even after i press OK on Message Box.
There is no need of break statement
|
|
|
|
|
The chances are we can't help you - it looks like you need the exact hardware you have setup in exactly the same way, and we have no access to that.
So start small, and assume that it's something to do with "multiple message boxes" on your system. Create a minimal console program that increments a number in a loop and displays it in a MessageBox. Test it. Does that fail after 5 presses? Or 10? Or 100? If so, it's something to do with how MessageBox interacts with your hardware / software combination, and we can't do anything about it - talk to the tech support for your embedded device.
If it doesn't ... then it's your software. So start expanding your minimal app until it does fail after 5, 10, or 100 presses. When it fails, you know it is what you added that caused the problem - so look at what you just added!
Sorry, but we can't do any of that for you!
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Sorry for being late to the party. You do not, ever, use a MessageBox in a non-GUI app. In services we write to the EventLog, in console we write to the.. console.
Replace it with a Console.WriteLine. After that, we'll look further. But never, ever, use something that displays a UI on the console. If you think you need an OK-Cancel button, you wrong. You need to readline (Y/N) on the console.
Is this during an education?
Bastard Programmer from Hell
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
You're looping and simply displaying the same information. Your "5" corresponds to the 5 items in your array.
"Before entering on an understanding, I have meditated for a long time, and have foreseen what might happen. It is not genius which reveals to me suddenly, secretly, what I have to say or to do in a circumstance unexpected by other people; it is reflection, it is meditation." - Napoleon I
|
|
|
|
|
I’m trying to get a better understanding of net framework. I used to think net is just a MFC replacement. GUI programming on Windows the easy way. Windows is basically GUI tied to device drivers. In my mind .NET doesn’t reach the driver level, it’s just shallow scripting
|
|
|
|
|
Yes, in the same way that a F1 car is just a Ford Fiesta replacement.
You can compare MFC to .NET, but .NET is a lot more than "just a windows framework" - MFC is just a structured C++ framework around the Win32 API. But it made Windows development so much easier than the entirely manual message handling that preceded it. And .NET makes development so much easier than MFC was*. It's also language agnostic in a way that MFC never could be, despite being a solid part of C# - to the point where C# can't actually do much if anything without .NET behind it to provide even basic string handling! The number of languages that you can use .NET is is pretty impressive - and any assembly written in one of them can be used in another as it it was written in the same language.
I used C for Windows, Then C++, then MFC/C++, and finally moved to C# with .NET and despite it's vast scale it's pretty much consistent: it something works for one control, there's a good chance the same properties will exist in another for example.
Would I go back to DLL Hell and MFC? Not a chance in Hades!
* You may have noticed that I didn't mention "Windows" with .NET - it also exists for Linux, Android, and iOS via Xamarin. Try that with MFC ...
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|