Search Results

Search found 4815 results on 193 pages for 'parameterized queries'.

Page 115/193 | < Previous Page | 111 112 113 114 115 116 117 118 119 120 121 122  | Next Page >

• Preventing LDAP injection

  - by Matias

  I am working on my first desktop app that queries LDAP. I'm working in C under unix and using opends, and I'm new to LDAP. After woking a while on that I noticed that the user could be able to alter the LDAP query by injecting malicious code. I'd like to know which sanitizing techniques are known, not only for C/unix development but in more general terms, i.e., web development etc. I thought that escaping equals and semicolons would be enough, but not sure. Here is a little piece of code so I can make clearer the question: String ldapSearchQuery = "(cn=" + $userName + ")"; System.out.println(ldapSearchQuery); Obviously I do need to sanitize $userName, as stated in this OWASP ARTICLE

  Read the article

• SQL Max Group By Query Help

  - by Hcabnettek

  Hi All, I have a quick question. How do I select the two values I need in one query? Currently I'm doing this, which works fine, but it's obviously running two queries when one should do the trick. I tried MAX(columnA) and GROUP BY ColumnB, but that returns multiple row. I only want one row returned. DECLARE @biID bigint , @dtThreshold DateTime SELECT @biID = MAX(biID) FROM tbPricingCalculationCount WITH (NOLOCK) SELECT @dtThreshold = dtDateTime FROM tbPricingCalculationCount WITH (NOLOCK) WHERE biID = @biID I would like both those variables to be set correctly in one query. How can I do that? Thanks, ~ck

  Read the article

• To store images in SQL or not?

  - by Brett

  Generally, I had thought it was always better to store images in the filesystem and link to it via the database entry. However, I am trying to optimize my db design and am having a few questions. My images are all really small thumbmails in black and white (not greyscale, but true B&W) and are 70x70 in size. If we take the images (which is basically a 2D array of 1 and 0), it can be stored as binary data that would be approximately 600 bytes each. So my question is whether querying the 600 bytes stored in a db would be faster than querying a link followed by accessing the filesystem; assuming there are a lot of "image" queries being made. Does anyone have any experience with this area? If it matters, I am using MySQL, and MonetDB (separately, but have the same question for both). Many thanks, Brett

  Read the article

• Dynamic find methods Vs conditional statements

  - by piemesons

  Student.find(:all, :conditions => [‘name = ? and status = ?’ ‘mohit’, 1]) Vs Student.find_all_by_name_and_status(‘mohit’, 1) Both the queries will result the same set of row but first one is preferable cause in the second way there will be exception generated method_missing and then rails will try to relate it as dynamic method. if fine then result set to returned. Can any body explain me this in a good manner. What exactly is happening behind the screen. Please correct me if i am wrong.

  Read the article

• MySQLi PHP: Check if SQL INSERT query was fully successful using MySQLi

  - by Jonathan

  Hi, I have this big function that gets a lot of different data and insert it into multiple tables.. Not all the data is always available so not all the SQL INSERT queries are successful. I need to check which SQL INSERT query was fully successful and which wasn't to the do something with this data (like inserting into a log table or similar). Just to give you an example of how I think it can be done: $sql = 'INSERT INTO data_table (ID, column1, column2) VALUES(?, ?, ?)'; if ($stmt->prepare($sql)) { $stmt->bind_param('iss', $varID, $var1, $var2); if ($stmt->execute()) { $success == TRUE; //or something like that } } I'm not completely sure this is the best way and if its always really show if the data was inserted into the table... Any suggestions??

  Read the article

• Counting texels using a fragment shader

  - by Brett

  Hi, I have two textures generated using a fragment shader. I want to be able to count the number of texels in each texture that are above some colour intensity. My question is how can this be done? My initial thought is to count these texels using the fragment shader before generating the texture. However, this would require some sort of global counter. I can't use occlusion queries because the textures are created from other textures. I'm using OpenGL 2.1. Any ideas appreciated. Thanks

  Read the article

• MS Access 2003 - VBA for altering a table after a "SELECT * INTO tblTemp FROM tblMain" statement

  - by Justin

  Hi. I use functions like the following to make temporary tables out of crosstabs queries. Function SQL_Tester() Dim sql As String If DCount("*", "MSysObjects", "[Name]='tblTemp'") Then DoCmd.DeleteObject acTable, "tblTemp" End If sql = "SELECT * INTO tblTemp from TblMain;" Debug.Print (sql) Set db = CurrentDb db.Execute (sql) End Function I do this so that I can then use more vba to take the temporary table to excel, use some of excel functionality (formulas and such) and then return the values to the original table (tblMain). Simple spot i am getting tripped up is that after the Select INTO statement I need to add a brand new additional column to that temporary table and I do not know how to do this: sql = "Create Table..." is like the only way i know how to do this and of course this doesn't work to well with the above approach because I can't create a table that has already been created after the fact, and I cannot create it before because the SELECT INTO statement approach will return a "table already exists" message. Any help? thanks guys!

  Read the article

• What's a good Minimal Server-Side Javascript Framework?

  - by Nick Retallack

  So I was writing a web app with web.py that uses plenty of client-side javascript, and my database is on couchdb so the queries are in javascript too, and eventually I just got to thinking, why not skip the python and go all javascript? Besides, some functions need to run once on the client and again on the server to make sure you're not spoofing, so why translate between javascript and python? So I'm looking for a simple lightweight javascript web framework. All I really need is the url routing, request and response stuff (standard wsgi?), and a way to hook into a big http server like nginx. What do you guys recommend?

  Read the article

• PDO::PARAM for type decimal?

  - by dmontain

  I have 2 database fields `decval` decimal(5,2) `intval` int(3) I have 2 pdo queries that update them. The one that updates the int works ok $update_intval->bindParam(':intval', $intval, PDO::PARAM_INT); but I can't update the decimal field. I've tried the 3 ways below, but nothing works $update_decval->bindParam(':decval', $decval, PDO::PARAM_STR); $update_decval->bindParam(':decval', $decval, PDO::PARAM_INT); $update_decval->bindParam(':decval', $decval); It seems the problem is with the database type decimal? Is there a PDO::PARAM for a field of type decimal? If not, what do I use as a workaround?

  Read the article

• PHP SOAP client accessing server on non-standard port

  - by sims

  The service I'm trying to send requests to is accessible via a non-standard port - so not port 80. It is accessible locally via port 80. So I've tested the app locally and it works fine. But when I deploy it on the production server (not on the LAN), it fails. Once again for clarity: -dev server is on the LAN -SOAP server is on the LAN -production server is on the WAN -SOAP server is accessible through the NAT/FW via a non-standard http port (not 80) The soap client is created with the specified WSDL URI. For example: $this->client = new Zend_Soap_Client('http://server.com:10080/path/service.asmx?WSDL'); But queries to not work: $this->client->function($query); I get an: Internal Server Error Exception thrown. Is PHP broken in this regard? Is there a workaround?

  Read the article

• How to register a QueryExecuterFactory in jasper reports in java

  - by Bosso

  Hi, I implemented JRQueryExecuter and want to use it in a report. Using iReport I managed to register and use the executer. Now I want to use it in a java application, but I can't find any resources how to register the factory. I thought it's enough to have the implementation in the classpath, but I get the following exception: Caused by: net.sf.jasperreports.engine.JRException: No query executer factory class registered for tmql queries. at net.sf.jasperreports.engine.query.DefaultQueryExecuterFactoryBundle.getQueryExecuterFactory(DefaultQueryExecuterFactoryBundle.java:80) at net.sf.jasperreports.engine.util.JRQueryExecuterUtils.getQueryExecuterFactory(JRQueryExecuterUtils.java:57) at net.sf.jasperreports.engine.design.JRDesignDataset.queryLanguageChanged(JRDesignDataset.java:1006) Can anybody give me a hint? regards Hannes

  Read the article

• Querying a Cassandra column family for rows that have not been updated in X days

  - by knorv

  I'm moving an existing MySQL based application over to Cassandra. So far finding the equivalent Cassandra data model has been quite easy, but I've stumbled on the following problem for which I'd appreciate some input: Consider a MySQL table holding millions of entities: CREATE TABLE entities ( id INT AUTO_INCREMENT NOT NULL, entity_information VARCHAR(...), entity_last_updated DATETIME, PRIMARY KEY (id), KEY (entity_last_updated) ); The table is regularly queried for entities that need to be updated: SELECT id FROM entities WHERE entity_last_updated IS NULL OR entity_last_updated < DATE_ADD(NOW(), INTERVAL -7*24 HOUR) ORDER BY entity_last_updated ASC; The entities returned by this queries are then updated using the following query: UPDATE entities SET entity_information = ?, entity_last_updated = NOW() WHERE id = ?; What would be the corresponding Cassandra data model that would allow me to store the given information and effectively query the entities table for entities that need to be updated (that is: entities that have not been updated in the last seven days)?

  Read the article

• Query optimization

  - by Lijo

  Hi Team, I am trying to learn SQL query optimization using SQL Server 2005. However, I did not find any practical example where I can improve performance by tweaking query alone. Can you please list some example queries - prior and after optimization? It has to be query tuning – not adding index, not making covering index, not making any alteration to table. No change is supposed to be done on table and index. [ I understand that indexes are important. This is only for learning purpose] It would be great if you can exaplain using temp table instead of refering any sample databases like adventureworks. Expecting your support... Thanks Lijo

  Read the article

• Team Foundation Error: The request ID is incorrect or not recognized

  - by Andrei

  Hello everybody. I'm trying to connect to the Team Foundation Server's ClientService.asmx web services. Over here, the TFS has webservices for retrieving work items, queries, metadata and more...a quite complete and useful set of information to get. My problem is that trying to access these services leads to an error: TF51313: The request ID is incorrect or not recognized I assume it has something to do with the RequestHeader Id structure. I give it a GUID inside the code I'm working on, but I don't know how correct it is...or what value it should have to begin with. Note: I can't use the TFS API/SDK because I am building a mobile application. Also an application on the TFS server side to communicate with the API and expose web services is not an option. Thanks.

  Read the article

• A checklist for fixing .NET applications to SQL Server timeout problems and improve execution time

  - by avgbody

  A checklist for improving execution time between .NET code and SQL Server. Anything from the basic to weird solutions is appreciated. Code: Change default timeout in command and connection by avgbody. Use stored procedure calls instead of inline sql statement by avgbody. Look for blocking/locking using Activity monitor by Jay Shepherd. SQL Server: Watch out for parameter sniffing in stored procedures by AlexCuse. Beware of dynamically growing the database by Martin Clarke. Use Profiler to find any queries/stored procedures taking longer then 100 milliseconds by BradO. Increase transaction timeout by avgbody. Convert dynamic stored procedures into static ones by avgbody. Check how busy the server is by Jay Shepherd.

  Read the article

• ruby on rails named scope implementation

  - by Engwan

  From the book Agile Web Development With Rails class Order < ActiveRecord::Base named_scope :last_n_days, lambda { |days| {:conditions => ['updated < ?' , days] } } named_scope :checks, :conditions => {:pay_type => :check} end The statement orders = Orders.checks.last_n_days(7) will result to only one query to the database. How does rails implement this? I'm new to Ruby and I'm wondering if there's a special construct that allows this to happen. To be able to chain methods like that, the functions generated by named_scope must be returning themselves or an object than can be scoped further. But how does Ruby know that it is the last function call and that it should query the database now? I ask this because the statement above actually queries the database and not just returns an SQL statement that results from chaining.

  Read the article

• SQL - re-arrange a table via query

  - by abelenky

  I have a poorly designed table that I inherited. It looks like: User Field Value ------------------- 1 name Aaron 1 email [email protected] 1 phone 800-555-4545 2 name Mike 2 email [email protected] 2 phone 777-123-4567 (etc, etc) I would love to extract this data via a query in the more sensible format: User Name Email Phone ------------------------------------------- 1 Aaron [email protected] 800-555-4545 2 Mike [email protected] 777-123-4567 I'm a SQL novice, but have tried several queries with variations of Group By, all without anything even close to success. Is there a SQL technique to make this easy?

  Read the article

• Entity Framework, full-text search and temporary tables

  - by markus

  I have a LINQ-2-Entity query builder, nesting different kinds of Where clauses depending on a fairly complex search form. Works great so far. Now I need to use a SQL Server fulltext search index in some of my queries. Is there any chance to add the search term directly to the LINQ query, and have the score available as a selectable property? If not, I could write a stored procedure to load a list of all row IDs matching the full-text search criteria, and then use a LINQ-2-Entity query to load the detail data and evaluate other optional filter criteria in a loop per row. That would be of course a very bad idea performance-wise. Another option would be to use a stored procedure to insert all row IDs matching the full-text search into a temporary table, and then let the LINQ query join the temporary table. Question is: how to join a temporary table in a LINQ query, as it cannot be part of the entity model?

  Read the article

• Can't change data type on MS Access 2007

  - by khalidfazeli

  Hi All, I have a huge database (800MB) which consists of a field called 'Date Last Modified' at the moment this field is entered as a text data type but need to change it to a Date/Time field to carry out some queries. I have another exact same database but with only 35MB of data inside it and when I change the data type it works fine, but when I try to change data type on big database it gives me an error: Micorosoft Office Access can't change the data type. There isn't enough disk space or memory After doing some research some sites mentioned of changing the registry file (MaxLocksPerFile) tried that as well, but no luck :-( Can anyone help please?

  Read the article

• MySQL to AppEngine

  - by Daniel Naito

  Hi Nick! How are you? I'm from Brazil and study at FATEC (college located in Brazil). I'm trying to learn about AppEngine. Now, I'm trying to load a large database from MySQL to AppEngine to perform some queries, but I don't know how i can do it. I did some testing with CSV files,but is there any way to perform the direct import from MySQL? This database is from Pentaho BI Server (www.pentaho.com). Thank you for your attention. Regards, Daniel Naito

  Read the article

• Can I use the TFS Object Model to interact with TFS via F#?

  - by Russell

  I am looking for some quick ways to do some (more) complex queries across who has what checked out and things like that (eg. which files have 1 person checked out). I have been learning F# over the last year or so and saw the potential to use both the functional aspects of F# to quickly create some useful and more complex TFS commands. I was wondering if anyone else has done this, or have any ideas on how I would go about doing this. PS: I am using TFS 2005. Thanks Russell

  Read the article

• Slug ID's with the same name?

  - by James Jeffery

  I want to create slug URL's from a users title in my system. If a user types "The best way's to get slim; period!", then I want the slug to be "the-best-ways-to-get-slim-period". Also, if someone has already created a page with that title I want the slug to be "the-best-ways-to-get-slim-period-1". My question is how can I check the database before a record is created? Ok, obviously I am going to have to perform a check in the database, and then a write. That's 2 queries. Is this the normal way to do it? Also, are there any conventional regular expressions for filtering non alpha/number characters and replacing spaces with hyphens? Any help is much appreciated. Thanks.

  Read the article

• PHP - ADO recordsets

  - by Josh

  I am referencing a COM component from PHP. This COM component returns records using ADO. I am assuming I will need to reference ADO in PHP for this to function. How do I do this? Secondly (related to the first question) I have run accross ADODB abstraction libraries, however these seem to mostly deal with queries and handle the ADO internally. How do I get the returned ADO recordset into a PHP friendly array, and likewise pass in an ADO array to the COM object? Thank you, Josh

  Read the article

• text indexes vs integer indexes in mysql

  - by imanc

  Hey, I have always tried to have an integer primary key on a table no matter what. But now I am questioning if this is always necessary. Let's say I have a product table and each product has a globally unique SKU number - that would be a string of say 8-16 characters. Why not make this the PK? Typically I would make this field a unique index but then have an auto incrementing int field as the PK, as I assumed it would be faster, easier to maintain, and would allow me to do things like get the last 5 records added with ease. But in terms of optimisation, assuming I'd only ever be matching the full text field and next doing text matching queries (e.g. like %%) can you guys think of any reasons not to use a text based primary key, most likely of type varchar()? Cheers, imanc

  Read the article

• Using a database class in my user class

  - by Josh

  In my project I have a database class that I use to handle all the MySQL stuff. It connects to a database, runs queries, catches errors and closes the connection. Now I need to create a members area on my site, and I was going to build a users class that would handle registration, logging in, password/username changes/resets and logging out. In this users class I need to use MySQL for obvious reasons... which is what my database class was made for. But I'm confused as to how I would use my database class in my users class. Would I want to create a new database object for my user class and then have it close whenever a method in that class is finished? Or do I somehow make a 'global' database class that can be used throughout my entire script (if this is the case I need help with that, no idea what to do there.) Thanks for any feedback you can give me.

  Read the article

< Previous Page | 111 112 113 114 115 116 117 118 119 120 121 122  | Next Page >