c# - How to use multiple parameters in a SQL queries -

-

i came across statement on how prevent sql injection, changed code (commented out old codes):

namee = txtname.text;  //sqlcode = "select * [db].[dbo].[tablepdftest] [name] = '" + namee + "'"; sqlcode = "select * [db].[dbo].[tablepdftest] [name] = @name";  using (sqlcommand command = new sqlcommand(sqlcode, conn)) {       //command.commandtype = commandtype.text;       command.parameters.addwithvalue("name", namee);        using (reader = command.executereader())       {         // action goes here...       }  }

how can same multiple parameters?

my code using function padding 2 parameters variable function: 

public void writedata(string k, string c) {     conn = new sqlconnection(cstring);     conn.open();      //messagebox.show(k);     //messagebox.show(c);      var pdfpath = path.combine(server.mappath("~/pdftemplates/fw9.pdf"));      // form fields pdf , fill them in!     var formfieldmap = pdfhelper.getformfieldnames(pdfpath);      //if more multiple entries, verify name , last 4 ssn     //sqlcode = "select * [db].[dbo].[tablepdftest] [name] = '" + k + "' , [ssn3] = " + c + "";     sqlcode = "select * [db].[dbo].[tablepdftest] [name] = @name2 , [ssn3] = @ssnnum";     //messagebox.show("" + sqlcode.tostring());      using (sqlcommand command = new sqlcommand(sqlcode, conn))     {         //command.commandtype = commandtype.text;         command.parameters.addwithvalue("name2", k);         command.parameters.addwithvalue("ssnnum", c);          using (reader = command.executereader())         {             if (reader.hasrows)             {                 if (reader.read())                 {                     messagebox.show(reader.getvalue(0).tostring());                     /*formfieldmap["topmostsubform[0].page1[0].f1_01_0_[0]"] = reader.getvalue(0).tostring();                     formfieldmap["topmostsubform[0].page1[0].f1_02_0_[0]"] = reader.getvalue(1).tostring();                     formfieldmap["topmostsubform[0].page1[0].f1_04_0_[0]"] = reader.getvalue(2).tostring();                     formfieldmap["topmostsubform[0].page1[0].f1_05_0_[0]"] = reader.getvalue(3).tostring();                     formfieldmap["topmostsubform[0].page1[0].f1_07_0_[0]"] = reader.getvalue(4).tostring();                     formfieldmap["topmostsubform[0].page1[0].social[0].textfield1[0]"] = reader.getvalue(5).tostring();                     formfieldmap["topmostsubform[0].page1[0].social[0].textfield2[0]"] = reader.getvalue(6).tostring();                     formfieldmap["topmostsubform[0].page1[0].social[0].textfield2[1]"] = reader.getvalue(7).tostring();                     formfieldmap["topmostsubform[0].page1[0].social[0].textfield2[2]"] = reader.getvalue(8).tostring();                     formfieldmap["topmostsubform[0].page1[0].social[0].textfield2[3]"] = reader.getvalue(9).tostring();*/                 }             }         }     }      // requester's name , address (hard-coded)     //formfieldmap["topmostsubform[0].page1[0].f1_06_0_[0]"] = "medical group\n27 west ave\npurchase, ny 10577";      //var pdfcontents = pdfhelper.generatepdf(pdfpath, formfieldmap);      //pdfhelper.returnpdf(pdfcontents, "completed-w9.pdf"); }

enter image description here

enter image description here

you can add parammeter did before. how code loke like:

sqlcode = "select * [db].[dbo].[tablepdftest] [name] = @name , [ssn3] =@ssn3";  using (sqlcommand command = new sqlcommand(sqlcode, conn)) {       //command.commandtype = commandtype.text;       command.parameters.addwithvalue("@name", namee);       command.parameters.addwithvalue("@ssn3", c);        using (reader = command.executereader())       {         // action goes here...       }  }

Comments

Post a Comment

Popular posts from this blog

php - render data via PDO::FETCH_FUNC vs loop -

-
i've been using 2 methods render data. the first one: function name($id,$name){ return '<div id="'.$id.'">'.$name.'</div>'; } echo implode($pdo->query("select id,name user")->fetchall(pdo::fetch_func,'name')); the second one: $users = $pdo->query("select id,name user")->fetchall(pdo::fetch_obj); foreach($users $user){ echo name($user->id,$user->name); } i don't understand how pdo::fetch_func works. tried figure out. however, not well-documented. could please explain fetch mode? , also, 1 performs better? thank you. both methods wrong , have learn how use templates , how separate business logic presentation logic. $users = $pdo->query("select id,name user")->fetchall(pdo::fetch_obj); tpl::assign('users', $users); is code business logic part. then in template <?php foreach $users $row): ?> <div id="<?=$...
Read more

c++ - OpenCV Error: Assertion failed <scn == 3 ::scn == 4> in unknown function, -

-
i read alot other solution still confused should mine... #include <opencv2/objdetect/objdetect.hpp> #include <opencv2/highgui/highgui.hpp> #include <opencv2/imgproc/imgproc.hpp> #include <iostream> #include <stdio.h> using namespace std; using namespace cv; int main(int argc, const char** argv) { //create cascade classifier object used face detection cascadeclassifier face_cascade; //use haarcascade_frontalface_alt.xml library face_cascade.load("haarcascade_frontalface_alt.xml"); //setup video capture device , link first capture device videocapture capturedevice; capturedevice.open(0); //setup image files used in capture process mat captureframe; mat grayscaleframe; //create window present results namedwindow("outputcapture", 1); //create loop capture , find faces while (true) { //capture new image frame capturedevice >> captureframe; ...
Read more

The canvas has been tainted by cross-origin data in chrome only -

-
uncaught securityerror: failed execute 'getimagedata' on 'canvasrenderingcontext2d': canvas has been tainted cross-origin data i getting above error in chrome. code(following) works fine in mozilla. have not corss domain issue. why above error in chrome? var wheel_canvas, wheel_context, can_w, can_h, wheel_grd; var large_radius = 160; var small_radius = 120; var wheel_canvas = document.getelementbyid('wheel_canvas'); var wheel_context = wheel_canvas.getcontext('2d'); var can_w = $(wheel_canvas).width(); var can_h = $(wheel_canvas).height(); var centerx = can_w / 2, centery = can_h / 2; var wheel_grd = null; test('#ff0000'); function test(hex) { $('#clrpicker').css({'left': 210, 'top': 210 }); inverted = hexbw(hex); $('#color_val_show').val(hex); current_color_hex_val_selected = hex; $('#color_val_show').css({'color':inverted,'background':hex}); fillgradient...
Read more