freelanceprogrammers.org Forum Index » ASP

View previous topic :: View next topic
Post new topic   Reply to topic

Application Block Configuration Management


View user's profile Post To page top
travis.falls@... Posted: Thu Jan 13, 2005 11:51 pm


Joined: 10 Jan 2006

Posts: 33
Application Block Configuration Management
Does anyone have any good samples using the configuration management
application block offered from Microsoft or a good tutorial?

Travis D. Falls |Consultant, Raft.Net IT | 860.547.4070 |
travis.falls@...



-----Original Message-----
From: Ben Miller [mailto:mylists@...]
Sent: Thursday, January 13, 2005 12:46 PM
To: AspNetAnyQuestionIsOk@yahoogroups.com
Subject: Re: [AspNetAnyQuestionIsOk] Form wil not submit. amazing


Just as a precaution.

I would not concatenate strings together into one statement, due to the
possibilities of SQL injection. I would use parameters.

strSQLstring = "INSERT INTO tblBTC ([Name], [Playingname], [Password],
[Location], [Email], [Age], [icq], [aim], [Occupation], [bio],
[PersonalInformation], [GamesPlayed], [Connect], [Processor], [Ram],
[VideoCard], [SoundCard], [HardDrive], [AdditionalSystemInformation],
[Photo], [UserName], [DateJoined], [OS], [SystemPhoto])VALUES(@Name,
@Playingname, @Password, @Location, @Email, @Age, @Icq, @Aim, @Occupation,
@Bio, @PersonalInformation, @GamesPlayed, @Connect, @Processor, @Ram,
@Videocard, @Soundcard, @Harddrive, @Additionalsysteminformation, @Photo,
@UserName, @DateJoined, @OS, @SystemPhoto)"

Dim sqlcmd as OleDbCommand = new OleDbCommand(strSQLstring, objConn)

sqlcmd.Parameters.Add("@Name", OleDbType.VarChar).Value = strName
sqlcmd.Parameters.Add("@Playingame", OleDbType.VarChar).Value =
strPlayingname
sqlcmd.Parameters.Add("@Password", OleDbType.VarChar).Value = strPassword
sqlcmd.Parameters.Add("@Location", OleDbType.VarChar).Value = strLocation
sqlcmd.Parameters.Add("@Email", OleDbType.VarChar).Value = strEmail
sqlcmd.Parameters.Add("@Age", OleDbType.VarChar).Value = strAge
sqlcmd.Parameters.Add("@Icq", OleDbType.VarChar).Value = strIcq
sqlcmd.Parameters.Add("@Aim", OleDbType.VarChar).Value = strAim
sqlcmd.Parameters.Add("@Occupation", OleDbType.VarChar).Value =
strOccupation
sqlcmd.Parameters.Add("@Bio", OleDbType.VarChar).Value = strBio
sqlcmd.Parameters.Add("@PersonalInformation", OleDbType.VarChar).Value =
strPersonalInformation
sqlcmd.Parameters.Add("@GamesPlayed", OleDbType.VarChar).Value =
strGamesPlayed
sqlcmd.Parameters.Add("@Connect", OleDbType.VarChar).Value = strConnect
sqlcmd.Parameters.Add("@Processor", OleDbType.VarChar).Value = strProcessor
sqlcmd.Parameters.Add("@Ram", OleDbType.VarChar).Value = strRam
sqlcmd.Parameters.Add("@VideoCard", OleDbType.VarChar).Value = strVideoCard
sqlcmd.Parameters.Add("@SoundCard", OleDbType.VarChar).Value = strSoundCard
sqlcmd.Parameters.Add("@HardDrive", OleDbType.VarChar).Value = strHardDrive
sqlcmd.Parameters.Add("@Additionalsysteminformation",
OleDbType.VarChar).Value = strAdditionalsysteminformation
sqlcmd.Parameters.Add("@Photo", OleDbType.VarChar).Value = strPhoto
sqlcmd.Parameters.Add("@UserName", OleDbType.VarChar).Value = strUserName
sqlcmd.Parameters.Add("@DateJoined", OleDbType.VarChar).Value =
strDateJoined
sqlcmd.Parameters.Add("@OS", OleDbType.VarChar).Value = strOS
sqlcmd.Parameters.Add("@SystemPhoto", OleDbType.VarChar).Value =
strSystemPhoto

objConn.Open()
sqlcmd.ExecuteNonQuery()
objConn.Close()


HTH.
Ben Miller



----- Original Message -----
From: System-Administrator@...
To: AspNetAnyQuestionIsOk@yahoogroups.com
Sent: Wednesday, January 12, 2005 7:31 PM
Subject: Re: [AspNetAnyQuestionIsOk] Form wil not submit. amazing


It is using command builder to to that.
Dim objCommandBuilder As New OleDbCommandBuilder(objDataAdapter)

I have a hunch as I have read hours on the net using google to find this
that it might be about reserved Keywords. There is a field named Password
and a Field named Connect in the table row. I am building a insert string
and using [ and ] around those fields. I guess the command builder doesn`t

do that on it`s own. Here is the string how does it look?



`Build SQL String --------------------------------------

Dim strSQLstring As String

`strSQLstring = "SELECT * FROM tblBTC"

strSQLstring = "INSERT INTO tblBTC ([Name], [Playingname], [Password],
[Location], [Email], [Age], [icq], [aim], [Occupation], [bio],
[PersonalInformation], [GamesPlayed], [Connect], [Processor], [Ram],
[VideoCard], [SoundCard], [HardDrive], [AdditionalSystemInformation],
[Photo], [UserName], [DateJoined], [OS], [SystemPhoto])VALUES(`" & strName
&
"`,`" & strPlayingname & "`,`" & strPassword & "`,`" & strLocation & "`,`"
&
strEmail & "`,`" & strAge & "`,`" & strIcq & "`,`" & strAim & "`,`" &
strOccupation & "`,`" & strBio & "`,`" & strPersonalInformation & "`,`" &
strGamesPlayed & "`,`" & strConnect & "`,`" & strProcessor & "`,`" &
strRam
& "`,`" & strVideocard & "`,`" & strSoundcard & "`,`" & strHarddrive &
"`,`"
& strAdditionalsysteminformation & "`,`" & strPhoto & "`,`" & strUserName
&
"`,`" & strDateJoined & "`,`" & strOS & "`,`" & strSystemPhoto & "`)"

`-------------------------------------------------------



Have a nice day.
----- Original Message -----
From: "Dean Fiala" <dfiala@...>
To: <AspNetAnyQuestionIsOk@yahoogroups.com>
Sent: Wednesday, January 12, 2005 8:57 PM
Subject: Re: [AspNetAnyQuestionIsOk] Form wil not submit. amazing


>
> Let`s see the insert statement...
> --
> Dean Fiala
> Very Practical Software, Inc
> http://www.vpsw.com
>
>
>
> Yahoo! Groups Links
>
>
>
>
>
>
>
>




----------------------------------------------------------------------------
--
Yahoo! Groups Links

a.. To visit your group on the web, go to:
http://groups.yahoo.com/group/AspNetAnyQuestionIsOk/

b.. To unsubscribe from this group, send an email to:
AspNetAnyQuestionIsOk-unsubscribe@yahoogroups.com

c.. Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.




[Non-text portions of this message have been removed]




Yahoo! Groups Links








This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential or privileged
information. If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited. If
you are not the intended recipient, please notify the sender
immediately by return email and delete this communication and destroy all
copies.
Reply with quote
Send private message
Post new topic Reply to topic
Display posts from previous:   
freelanceprogrammers.org Forum Index » ASP
 

All times are GMT
Page 1 of 1
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Freelace Website Designer - Customer web design and software building.
China Wholesale - Electronics Products
Character Studio - Tutorials and Help