Search Results

Search found 30023 results on 1201 pages for 'sql to linq'.

Page 120/1201 | < Previous Page | 116 117 118 119 120 121 122 123 124 125 126 127  | Next Page >

  • SQL Injection on INSERT

    - by freddy
    Hi, I'm currently testing Vulnerabiltys to SQL Injections for my companys application as an it-trainee. So I found, that the application is indeed vulnerable to injections because I can alter some of the insert statements. So I altered the insert Statement to this: INSERT INTO tablename( column, column1, column2, column3, column4,column5, column6, column7, column8 ) VALUES ( 10965972, 185796154, 25, 23,2023, '', CURRENT_DATE, 'v0201100', 18); DELETE * FROM tablename;-- , 2023,'a', CURRENT_DATE, 'v0201100', 18 ) I thought this should be a correct statement, but the MySQL Server returned this Error: MySQL Error: 1064 (You have an error in your SQL syntax;[...] Would be nice if somebody could help and tell my why the syntax is wrong... Thanks for your help :-)

    Read the article

  • connecting c# to sql-server

    - by every_answer_gets_a_point
    i am using this example to connect c# to sql server. can you please tell me what i have to include in order to be able to use sqlconnection? it must be something like: using Sqlconnection; ??? string connectionString = @"Data Source=.\SQLEXPRESS;AttachDbFilename=""C:\SQL Server 2000 Sample Databases\NORTHWND.MDF"";Integrated Security=True;Connect Timeout=30;User Instance=True"; SqlConnection sqlCon = new SqlConnection(connectionString); sqlCon.Open(); string commandString = "SELECT * FROM Customers"; SqlCommand sqlCmd = new SqlCommand(commandString, sqlCon); SqlDataReader dataReader = sqlCmd.ExecuteReader(); while (dataReader.Read()) { Console.WriteLine(String.Format("{0} {1}", dataReader["CompanyName"], dataReader["ContactName"])); } dataReader.Close(); sqlCon.Close();

    Read the article

  • How to migrate large amounts of data from old database to new

    - by adam0101
    I need to move a huge amount of data from a couple tables in an old database to a couple different tables in a new database. The databases are SQL Server 2005 and are on the same box and sql server instance. I was told that if I try to do it all in one shot that the transaction log would fill up. Is there a way to disable the transaction log per table? If not, what is a good method for doing this? Would a cursor do it? This is just a one-time conversion.

    Read the article

  • A column insert or update conflicts with a rule imposed by a previous CREATE RULE statement.

    - by Ronnie Chester Lynwood
    hello. im working on a online game. i got some problems with inserting new data to table. im getting 2010-4-8 2:14, *** 37000, 513, [Microsoft][ODBC SQL Server Driver][SQL Server]A column insert or update conflicts with a rule imposed by a previous CREATE RULE statement. The statement was terminated. The conflict occurred in database 'KN_online', table 'ACCOUNT_CHAR', column 'strAccountID'., 261 NationSelect*** this error in logs. what does this means? how can i fix this? i've tried to delete RULE for my DB but I'm unable to delete RULE. im getting the rule 'dbo.unallowedchars' cannot be dropped because it is bounded to one or more clumn. I set all permissions right but its still not working.. thanks..

    Read the article

  • Why won't this SQL CAST work?

    - by Kev
    I have a nvarchar(50) column in a SQL Server 2000 table defined as follows: TaskID nvarchar(50) NULL I need to fill this column with some random SQL Unique Identifiers (I am unable to change the column type to uniqueidentifier). I tried this: UPDATE TaskData SET TaskID = CAST(NEWID() AS nvarchar) but I got the following error: Msg 8115, Level 16, State 2, Line 1 Arithmetic overflow error converting expression to data type nvarchar. I also tried: UPDATE TaskData SET TaskID = CAST(NEWID() AS nvarchar(50)) but then got this error: Msg 8152, Level 16, State 6, Line 1 String or binary data would be truncated. I don't understand why this doesn't work but this does: DECLARE @TaskID nvarchar(50) SET @TaskID = CAST(NEW() AS nvarchar(50)) I also tried CONVERT(nvarchar, NEWID()) and CONVERT(nvarchar(50), NEWID()) but got the same errors.

    Read the article

  • SQL 2005 w/ C# optimal "Paging"

    - by David Murdoch
    When creating a record "grid" with custom paging what is the best/optimal way to query the total number of records as well as the records start-end using C#? SQL to return paged record set: SELECT Some, Columns, Here FROM ( SELECT ROW_NUMBER() OVER (ORDER BY Column ASC) AS RowId, * FROM Records WHERE (...) ) AS tbl WHERE ((RowId > @Offset) AND (RowId <= (@Offset + @PageSize)) ) SQL to count total number of records: SELECT COUNT(*) FROM Records WHERE (...) Right now, I make two trips to the server: one for getting the records, and the other for counting the total number of records. What is/are the best way(s) to combine these queries to avoid multiple DB trips?

    Read the article

  • Dynamic table design (common lookup table), need a nice query to get the values

    - by Swoosh
    sql2005 This is my simplified example: (in reality there are 40+ tables in here, I only showed 2) I got a table called tb_modules, with 3 columns (id, description, tablename as varchar): 1, UserType, tb_usertype 2, Religion, tb_religion (Last column is actually the name of a different table) I got an other table that looks like this: tb_value (columns:id, tb_modules_ID, usertype_OR_religion_ID) values: 1111, 1, 45 1112, 1, 55 1113, 2, 123 1114, 2, 234 so, I mean 45, 55, 123, 234 are usertype OR religion ID's (45, 55 usertype, 123, 234 religion ID`s) Don't judge, I didn't design the database Question How can I make a select, showing * from tb_value, plus one column That one column would be TITLE from the tb_usertype or RELIGIONNAME from the tb_religion table I would like to make a general thing. Was thinking initially about maybe a SQL function that returns a string, but I think I would need dynamic SQL, which is not ok in a function. Anyone a better idea ?

    Read the article

  • SQL Server 2008 - Search Query

    - by user208662
    Hello, I am not a SQL Expert. I’m trying to elegantly solve a query problem that others have had to have had. Surprisingly, Google is not returning anything that is helping. Basically, my application has a “search” box. This search field will allow a user to search for customers in the system. I have a table called “Customer” in my SQL Server 2008 database. This table is defined as follows: Customer UserName (nvarchar) FirstName (nvarchar) LastName (nvarchar) As you can imagine, my users will enter queries of varying cases and probably mis-spell the customer’s names regularly. How do I query my customer table and return the 25 results that are closest to their query? I have no idea how to do this ranking and consider the three fields listed in my table. Thank you!

    Read the article

  • SQL Server 2008 log size management problems

    - by b0x0rz
    I'm trying to shrink the log of a database AND set the recovery to simple, but always there is an error, whatever i try. USE 4_o5; GO ALTER DATABASE 4_o5 SET RECOVERY SIMPLE; GO DBCC SHRINKFILE (4_o5_log, 10); GO the output of sp_helpfile says that log file is located under (hosted solution): I:\dataroot\4_o5_log.LDF please help me perform this operation as the log file got large when importing a lot of data and now this info is no longer needed, have multiple (lots of) backups since then. the exact error message when performing the query above is: incorrect syntax near '4'. RECOVERY is not a recognized SET option. incorrect syntax near _5_log'. i am using visual studio 2010 (also have SQL Server Express installed locally, SQL Server 2008 proper installed at provider (shared)) thnx a lot

    Read the article

  • How to get the position of a record in a table (SQL Server)

    - by Peter Siegmann
    Following problem: I need to get the position of a record in the table. Let's say I have five record in the table: Name: john doe, ID: 1 Name: jane doe, ID: 2 Name: Frankie Boy, ID: 4 Name: Johnny, ID: 9 Now, "Frankie Boy" is in the third position in the table. But How to get this information from the SQL server? I could count IDs, but they are not reliable, Frankie has the ID 4, but is in the third position because the record with the ID '3' was deleted. Is there a way? I am aware of ROW_RANK but it would be costly, because I need to select basically the whole set first before I can rank row_rank them. I am using MS SQL Server 2008 R2.

    Read the article

  • @@TRANCOUNT and a current connection

    - by AspOnMyNet
    Assume I connect to SQL server 2008 via SQL Server Management Studio ( SSMS ) and open new window W1 by clicking on New Query tab and write the following inside W1: BEGIN TRANSACTION; If I execute this statement 5 times, and then write (inside W1) SELECT @@TRANCOUNT; , then the value returned will be 5. But if I open another window W2 ( inside the same SSMS instance and thus on the same connection ) and write inside W2 SELECT @@TRANCOUNT; then value returned will be 0. @@TRANCOUNT variable returns the number of active transactions for the current connection. Both W1 and W2 windows were opened on the same connection, so shouldn’t ( according to the above quote ) in both W1 and W2 variable @@TRANCOUNT hold the same value? thanx

    Read the article

  • How can I load a sql "dump" file into sql alchemy

    - by JudoWill
    I have a large sql dump file ... with multiple CREATE TABLE and INSERT INTO statements. Is there any way to load these all into a SQLAlchemy sqlite database at once. I plan to use the introspected ORM from sqlsoup after I've created the tables. However, when I use the engine.execute() method it complains: sqlite3.Warning: You can only execute one statement at a time. Is there a way to work around this issue. Perhaps splitting the file with a regexp or some kind of parser, but I don't know enough SQL to get all of the cases for the regexp. Any help would be greatly appreciated. Will EDIT: Since this seems important ... The dump file was created with a MySQL database and so it has quite a few commands/syntax that sqlite3 does not understand correctly.

    Read the article

  • Export products and variants from SQL Server

    - by mickyjtwin
    I have a SQL Server DB that has a table of products, and another table which contains a list of the sku variants of each product if it has one. I want to export all the products and their SKU's into excel. At the moment, I have a helper SQL function which performs the subquery against a product_id and concatenates all the SKU's into a comma-delimited string, e.g: Product Code, Name, SKUs 111 P1 77, 22, 11 Is there an easier way to do this, so that each SKU is a row which the associated product code as well, i.e: Product Code, Name, SKUs 111 P1 77 111 P1 22 111 P1 11

    Read the article

  • Raw SQL sent to SQL Server from .NET on stored procedure call

    - by Jeff Meatball Yang
    Is there a way to get the raw text that is sent to SQL Server, as seen in SQL Profiler, from the ADO.NET call? using(SqlConnection conn = new SqlConnection(connString)) { SqlCommand cmd = conn.CreateCommand(); cmd.CommandType = CommandType.StoredProcedure; cmd.CommandText = "GetSomeData"; cmd.Parameters.Add("@id").Value = someId; cmd.Parameters.Add("@someOtherParam").Value = "hello"; conn.Open(); SqlDataReader dr = cmd.ExecuteReader(); // this sends up the call: exec GetSomeData @id=24, @someOtherParam='hello' // how can I capture that and write it to debug? Debug.Write("exec GetSomeData @id=24, @someOtherParam='hello'"); }

    Read the article

  • Why prefix sql function names?

    - by AaronLS
    What is a scenario that exemplifies a good reason to use prefixes, such as fn_GetName, on function names in SQL Server? It would seem that it would be unnecessary since usually the context of its usage would make it clear that it's a function. I have not used any other language that has ever needed prefixes on functions, and I can't think of a good scenario that would show why SQL is any different. My only thinking is that perhaps in older IDE's it was useful for grouping functions together when the database objects were all listed together, but modern IDE's already make it clear what is a function.

    Read the article

  • Storing DateTime (UTC) vs. storing DateTimeOffset

    - by Frederico
    I usually have an "interceptor" that right before reading/writing from/to the database does datetime conversion (from UTC to localtime, and from localtime to utc), so I can use DateTime.Now (derivations and comparisions) throughout the system without worrying about timezones. Regarding serialization and moving data between computers, there is no need to bother, as the datetime is always UTC. Should I continue storing my dates (SQL 2008 - datetime) in UTC format or should I instead store it using DateTimeOffset (SQL 2008 - datetimeoffset)? UTC Dates in the database (datetime type) have been working and known for so long, why change it? What are the advantages? I have already looked into articles like this one, but I'm not 100% convinced though. Any thoughts?

    Read the article

  • hash password in SQL Server (asp.net)

    - by ile
    Is this how hashed password stored in SQL Server should look like? This is function I use to hash password (I found it in some tutorial) public string EncryptPassword(string password) { //we use codepage 1252 because that is what sql server uses byte[] pwdBytes = Encoding.GetEncoding(1252).GetBytes(password); byte[] hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(pwdBytes); return Encoding.GetEncoding(1252).GetString(hashBytes); } EDIT I tried to use sha-1 and now strings seem to look like as they are suppose to: public string EncryptPassword(string password) { return FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1"); } // example output: 39A43BDB7827112409EFED3473F804E9E01DB4A8 Result from the image above looks like broken string, but this sha-1 looks normal.... Will this be secure enough?

    Read the article

  • Trigger an action to increment all rows of an int column which are greater than or equal to the inserted row

    - by Dev
    I am performing some insertion to an SQL table with has three columns and several rows of data The three columns are Id,Product,ProductOrder with the following data Id Product ProductOrder 1 Dell 1 2 HP 3 3 lenovo 2 4 Apple 10 Now, I would like a trigger which fires an action and increments all the ProductOrders by 1which are greater than or equal to the inserted ProductOrder. For example, I am inserting a record with Id=5 Product=Sony, ProductOrder=2 Then it should look for all the products with ProductOrder greater than or equal to 2 and increment them by 1. So, the resultant data in the SQL table should be as follows Id Product ProductOrder 1 Dell 1 2 HP 4 3 lenovo 3 4 Apple 11 5 Sony 2 From above we can see that ProductOrder which are equal or greater than the inserted are incremented by 1 like HP,Lenovo,Apple May I know a way to implement this?

    Read the article

  • SQL Native Client 10 Performance miserable (due to server-side cursors)

    - by namezero
    we have an application that uses ODBC via CDatabase/CRecordset in MFC (VS2010). We have two backends implemented. MSSQL and MySQL. Now, when we use MSSQL (with the Native Client 10.0), retrieving records with SELECT is dramatically slow via slow links (VPN, for example). The MySQL ODBC driver does not exhibit this nasty behavior. For example: CRecordset r(&m_db); r.Open(CRecordset::snapshot, L"SELECT a.something, b.sthelse FROM TableA AS a LEFT JOIN TableB AS b ON a.ID=b.Ref"); r.MoveFirst(); while(!r.IsEOF()) { // Retrieve CString strData; crs.GetFieldValue(L"a.something", strData); crs.MoveNext(); } Now, with the MySQL driver, everything runs as it should. The query is returned, and everything is lightning fast. However, with the MSSQL Native Client, things slow down, because on every MoveNext(), the driver communicates with the server. I think it is due to server-side cursors, but I didn't find a way to disable them. I have tried using: ::SQLSetConnectAttr(m_db.m_hdbc, SQL_ATTR_ODBC_CURSORS, SQL_CUR_USE_ODBC, SQL_IS_INTEGER); But this didn't help either. There are still long-running exec's to sp_cursorfetch() et al in SQL Profiler. I have also tried a small reference project with SQLAPI and bulk fetch, but that hangs in FetchNext() for a long time, too (even if there is only one record in the resultset). This however only happens on queries with LEFT JOINS, table-valued functions, etc. Note that the query doesn't take that long - executing the same SQL via SQL Studio over the same connection returns in a reasonable time. Question1: Is is possible to somehow get the native client to "cache" all results locally use local cursors in a similar fashion as the MySQL driver seems to do it? Maybe this is the wrong approach altogether, but I'm not sure how else to do this. All we want is to retrieve all data at once from a SELECT, then never talk the server again until the next query. We don't care about recordset updates, deletes, etc or any of that nonsense. We only want to retrieve data. We take that recordset, get all the data, and delete it. Question2: Is there a more efficient way to just retrieve data in MFC with ODBC?

    Read the article

  • Using current database name in T-SQL has Using statement

    - by AmRoSH
    Hello everybody. I have application runs T-SQL statements to update more than one database the problem is i'm using the following t-sql USE [msdb] GO DECLARE @jobId BINARY(16) EXEC msdb.dbo.sp_add_job @job_name=N'test2', @enabled=1, @start_step_id=1, @notify_level_eventlog=0, @notify_level_email=2, @notify_level_netsend=2, @notify_level_page=2, @delete_level=0, @description=N'', @category_name=N'[Uncategorized (Local)]', @owner_login_name=N'sa', @notify_email_operator_name=N'', @notify_netsend_operator_name=N'', @notify_page_operator_name=N'', @job_id = @jobId OUTPUT select @jobId GO EXEC msdb.dbo.sp_add_jobserver @job_name=N'test2', @server_name = N'AMR-PC\SQL2008' GO USE [msdb] GO EXEC msdb.dbo.sp_add_jobstep @job_name=N'test2', @step_name=N'test', @step_id=1, @cmdexec_success_code=0, @on_success_action=1, @on_fail_action=2, @retry_attempts=0, @retry_interval=0, @os_run_priority=0, @subsystem=N'TSQL', @command=N'EXEC sp_MSforeachdb '' EXEC sp_MSforeachtable @command1=''''DBCC DBREINDEX (''''''''*'''''''')'''', @replacechar=''''*''''''', @database_name=N'Client5281', @output_file_name=N'C:\Documents and Settings\Amr\Desktop\Scheduel Reports\report', @flags=2 GO USE [msdb] GO DECLARE @schedule_id int EXEC msdb.dbo.sp_add_jobschedule @job_name=N'test2', @name=N'test', @enabled=1, @freq_type=8, @freq_interval=1, @freq_subday_type=1, @freq_subday_interval=0, @freq_relative_interval=0, @freq_recurrence_factor=1, @active_start_date=20100517, @active_end_date=99991231, @active_start_time=0, @active_end_time=235959, @schedule_id = @schedule_id OUTPUT select @schedule_id GO and i'm using (USE [msdb]) before any block and i want to get database name to replace this @database_name=N'**Client5281**', with the current database name instead of ([msdb]) that i'm using. i hope that i explained what i want well.

    Read the article

< Previous Page | 116 117 118 119 120 121 122 123 124 125 126 127  | Next Page >