Luis said:
I can't understand you...
But you know how to read documentation?
"Use parameters" but... can you said me one example? because I put in
google
Use Parameters.
* Open online documentation.
* Then start thinking. Along this line: I use SqlConnection, let's see
whether ethere is a SqlParameter.
* Hit.
* Read documentation.
* Read samples.
* Program.
In case you have problems with the documentation, a viable approach is -
google.
Let's see.
"+sqlparameter +sample" as search string.
FIrst site: .NET Samples - ASP.NET Data Access (.NET Framework QuickStarts)
COULD be something. Lets go there.Na, not good.
Let's see further.Fourth link: Inserting Record into Database
Could be it.
http://www.aspnet101.com/aspnet101/aspnet/codesample.aspx?code=showinsert
Guess what - complete code sample. OK, in VB.NET, but moving between
languages THAT similar for a similar API should not be that hard on trivial
samples.
SQL Injecion attack and I can't undestand...
And again.
* Open Google.
* enter "+sql +injection +attack" as search term.
* Whow - first titem:
SQL Injection Attacks - Are You Safe?
* Third Item:
The alt.2600 / #hack FAQ: What is an SQL Injection Attack
* Fourth Item:
Secure Your ASP.NET Application from a SQL Injection Attack
Hm - you know how to click the hyperlinks, right? Just wondering.
The first title I got links to
http://www.sitepoint.com/article/794 and has
a VERY nice explanation of what "crime" you actually commit by your SQL - it
basiclly is, if the rest of the application is written as well, an
invitation for every hacker out there to delete your database. THis is a
known attack for years now, and everytime I stumble over someone not knowing
what a SQL Injecton attack is I really wonder what planet they live on so
that they do not read current security warnings. SQL Injection attacks are
CRITICAL.
If you can not understand what is in there, you should NOT program databases
but should follow the following path:
* Go to a bookshop or a book online website.
* Get a book about SQL, introductory books. The "for Dummies" books are very
good (without ANY pun intended - I keep them around for reference here and I
really like them) and are pretty thorough and well explained. You could also
get some SQL books from Joe Celko (he really rocks in SQL - very good guy)
and last but not least: reading the complete API documentation and
documentation for your database server is a MUST.
Alternatively:
* Get some training in SQL through a training company.
You should take some good advice from this:
* Newsgroups are perfect BUT
* They are no excuse not to do your homework. This includes
* Reading the documentation first, including going through all the
examples you find.
* Using your own brain. This includes getting your way around google.
* They are no excuse for learning your stuff. Reading some good books is a
way more efficient way to get knowledge than running around and asking
questions for which you actually don't have the knowledge to understand the
answer.
Newsgroups will nve help you getting the basic knowledge. Te are no
replacement for books and the documentation.
Thomas Tomiczek
THONA Software & Consulting Ltd.
(Microsoft MVP C#/.NET)
Thanks
Thomas Tomiczek said:
Use....
PARAMETERS.
NEVER EVER put together your SQL like this.
Look up the term "SQL Injecion attack" in google.
Thomas Tomiczek
THONA Software & Consulting Ltd.
(Microsoft MVP C#/.NET)
Hi,
I can a big problem... because I have a byte[] data = new byte[length],
and
I need to save this to a field on my MySQL database (here I have a BLOB
field) but ¿can I save it? because if I put:
Insert into archiv(ref, databinary) VALUES('"+ref+"', '"+ data+"')
In my Database only save "System.byte[]"
Can Someone help me?
Luis
no problem, I find and if I