c# - Is this a proper way of putting quotes in SQL query in ADO.NET - 


string query = @"insert uczniowie (id, name, surname, age)" +                  "values('" + textbox1.text + "'" +                           ", '" + textbox2.text + "'" +                           ",'" + textbox3.text + "'" +                           ",'" + textbox3.text + "'";

no, it's not since it's open sql injection attack. rather use parameterized query like

string query = "insert uczniowie (id, name, surname, age) values(@id, @name, @surname, @age)";

see msdn documentation on how to: execute parameterized query more information on same


Comments

Post a Comment

Popular posts from this blog

networking - Vagrant-provisioned VirtualBox VM is not reachable from Ubuntu host -

this question exact duplicate of: puphpet/vagrant: unable access lamp vm ip address 1 answer i following basic vagrant tutorial , vagrant provisions box on ubuntu without complaining. moreover, can vagrant ssh vm. however, vm not reachable host: it's not possible ping it's ip address. what have achieved: installed virtualbox (5.1.24 r117012 (qt5.5.1)) , vagrant (1.9.7) onto ubuntu (16.04.2 lts) machine. provisioned vm vagrant up , vagrant finishes job , not complain. vagrant ssh works. i have manually installed lighttpd on guest vm , can ping/curl address: localhost within guest vm. this when trying reach guest vm host: ~/tmp/myfirstvagrantproject$ ping 172.22.22.22 ping 172.22.22.22 (172.22.22.22) 56(84) bytes of data. ... icmp_seq=4 destination net unreachable ... 171 packets transmitted, 0 received, +21 errors, 100% packet loss, time 173...
Read more

c# - ASP.NET Core - There is already an object named 'AspNetRoles' in the database -

i'm receiving error applicationdbcontext database when trying update entity framework. i've googled, tried fixes here on so, no avail. i'm deleting database each time make change, once deploy, not option. here's error: pm> update-database -context applicationdbcontext system.data.sqlclient.sqlexception: there object named 'aspnetroles' in database. @ system.data.sqlclient.sqlconnection.onerror(sqlexception exception, boolean breakconnection, action 1 wrapcloseinaction) @ system.data.sqlclient.tdsparser.throwexceptionandwarning(tdsparserstateobject stateobj, boolean callerhasconnectionlock, boolean asyncclose) @ system.data.sqlclient.tdsparser.tryrun(runbehavior runbehavior, sqlcommand cmdhandler, sqldatareader datastream, bulkcopysimpleresultset bulkcopyhandler, tdsparserstateobject stateobj, boolean& dataready) @ system.data.sqlclient.sqlcommand.runexecutenonquerytds(string methodname, boolean async, int32 timeout, boolean...
Read more

android - IllegalStateException: Cannot call this method while RecyclerView is computing a layout or scrolling -

i trying remove item recyclerview , error. java.lang.illegalstateexception: cannot call method while recyclerview computing layout or scrolling i using notifydatasetchanged() . how can solve this? here adapter code public class listadapters extends recyclerview.adapter<listadapters.myviewholder> { public arraylist<string> tvdatalist; context c; int pos; listadapters.myviewholder myviewholder; private layoutinflater layoutinflater; int[] arr; public class myviewholder extends recyclerview.viewholder implements view.onclicklistener { public edittext edttxt; public checkbox cb; public myviewholder(view view) { super(view); edttxt = (edittext) view.findviewbyid(r.id.edttxt); cb = (checkbox) view.findviewbyid(r.id.cb); } @override public void onclick(view v) { } } public listadapters(context c, arraylist<string> tvdatali...
Read more