Search Results

Search found 12287 results on 492 pages for 'column oriented'.

Page 68/492 | < Previous Page | 64 65 66 67 68 69 70 71 72 73 74 75  | Next Page >

  • Prevent SQL Injection in Dynamic column names

    - by Mr Shoubs
    I can't get away without writing some dynamic sql conditions in a part of my system (using Postgres). My question is how best to avoid SQL Injection with the method I am currently using. EDIT (Reasoning): There are many of columns in a number of tables (a number which grows (only) and is maintained elsewhere). I need a method of allowing the user to decide which (predefined) column they want to query (and if necessary apply string functions to). The query itself is far too complex for the user to write themselves, nor do they have access to the db. There are 1000's of users with varying requirements and I need to remain as flexible as possible - I shouldn't have to revisit the code unless the main query needs to change - Also, there is no way of knowing what conditions the user will need to use. I have objects (received via web service) that generates a condition (the generation method is below - it isn't perfect yet) for some large sql queries. The _FieldName is user editable (parameter name was, but it didn't need to be) and I am worried it could be an attack vector. I put double quotes (see quoted identifier) around the field name in an attempt to sanitize the string, this way it can never be a key word. I could also look up the field name against a list of fields, but it would be difficult to maintain on a timely basis. Unfortunately the user must enter the condition criteria, I am sure there must be more I can add to the sanatize method? and does quoting the column name make it safe? (my limited testing seems to think so). an example built condition would be "AND upper(brandloaded.make) like 'O%' and upper(brandloaded.make) not like 'OTHERBRAND'" ... Any help or suggestions are appreciated. Public Function GetCondition() As String Dim sb As New Text.StringBuilder 'put quote around the table name in an attempt to prevent some sql injection 'http://www.postgresql.org/docs/8.2/static/sql-syntax-lexical.html sb.AppendFormat(" {0} ""{1}"" ", _LogicOperator.ToString, _FieldName) Select Case _ConditionOperator Case ConditionOperatorOptions.Equals sb.Append(" = ") ... End Select sb.AppendFormat(" {0} ", Me.UniqueParameterName) 'for parameter Return Me.Sanitize(sb) End Function Private Function Sanitize(ByVal sb As Text.StringBuilder) As String 'compare against a similar blacklist mentioned here: http://forums.asp.net/t/1254125.aspx sb.Replace(";", "") sb.Replace("'", "") sb.Replace("\", "") sb.Replace(Chr(8), "") Return sb.ToString End Function Public ReadOnly Property UniqueParameterName() As String Get Return String.Concat(":" _UniqueIdentifier) End Get End Property

    Read the article

  • What do you call functions which get and set?

    - by nickf
    The jQuery framework has a lot of functions which will either retrieve or mutate values depending on the parameters passed: $(this).html(); // get the html $(this).html('blah'); // set the html Is there a standard name for functions which behave like this?

    Read the article

  • What should layers in dotnet application ? Pleas guide me

    - by haansi
    Hi, I am using layered architecture in dotnet (mostly I work on web projects). I am confuse what layers should I use ? I have small idea that there should be the following layers. user interface customer types (custom entities) business logic layer data access layer My purpose is sure quality of work and maximum re-usability of code. some one suggested to add common types layer in it. Please guide me what should be layers ? and in each layer what part should go ? thanks for your precious time and advice. haansi

    Read the article

  • Class hierarchy problem (with generic's variance!)

    - by devoured elysium
    The problem: class StatesChain : IState, IHasStateList { private TasksChain tasks = new TasksChain(); ... public IList<IState> States { get { return _taskChain.Tasks; } } IList<ITask> IHasTasksCollection.Tasks { get { return _taskChain.Tasks; } <-- ERROR! You can't do this in C#! I want to return an IList<ITask> from an IList<IStates>. } } Assuming the IList returned will be read-only, I know that what I'm trying to achieve is safe (or is it not?). Is there any way I can accomplish what I'm trying? I wouldn't want to try to implement myself the TasksChain algorithm (again!), as it would be error prone and would lead to code duplication. Maybe I could just define an abstract Chain and then implement both TasksChain and StatesChain from there? Or maybe implementing a Chain<T> class? How would you approach this situation? The Details: I have defined an ITask interface: public interface ITask { bool Run(); ITask FailureTask { get; } } and a IState interface that inherits from ITask: public interface IState : ITask { IState FailureState { get; } } I have also defined an IHasTasksList interface: interface IHasTasksList { List<Tasks> Tasks { get; } } and an IHasStatesList: interface IHasTasksList { List<Tasks> States { get; } } Now, I have defined a TasksChain, that is a class that has some code logic that will manipulate a chain of tasks (beware that TasksChain is itself a kind of ITask!): class TasksChain : ITask, IHasTasksList { IList<ITask> tasks = new List<ITask>(); ... public List<ITask> Tasks { get { return _tasks; } } ... } I am implementing a State the following way: public class State : IState { private readonly TaskChain _taskChain = new TaskChain(); public State(Precondition precondition, Execution execution) { _taskChain.Tasks.Add(precondition); _taskChain.Tasks.Add(execution); } public bool Run() { return _taskChain.Run(); } public IState FailureState { get { return (IState)_taskChain.Tasks[0].FailureTask; } } ITask ITask.FailureTask { get { return FailureState; } } } which, as you can see, makes use of explicit interface implementations to "hide" FailureTask and instead show FailureState property. The problem comes from the fact that I also want to define a StatesChain, that inherits both from IState and IHasStateList (and that also imples ITask and IHasTaskList, implemented as explicit interfaces) and I want it to also hide IHasTaskList's Tasks and only show IHasStateList's States. (What is contained in "The problem" section should really be after this, but I thought puting it first would be way more reader friendly). (pff..long text) Thanks!

    Read the article

  • Sequence Diagram return a new constructed Object

    - by user256007
    I am drawing a Sequence Diagram where the scenario is. 1. an Actor calls :Table::query(query:String) :Table::query Calls :Connection::execute(query) :Connection::execute < a new :Row Object :Connection::execute calls :Row::fillData(result) :Connection::execute returns :Row ...... There are More But I am Stuck in Step 5 I cant Understand how to draw that, :Connection::execute returning the newly Constructed Row itself, in a Standard way.

    Read the article

  • How to avoid having very large objects with Domain Driven Design

    - by Pablojim
    We are following Domain Driven Design for the implementation of a large website. However by putting the behaviour on the domain objects we are ending up with some very large classes. For example on our WebsiteUser object, we have many many methods - e.g. dealing with passwords, order history, refunds, customer segmentation. All of these methods are directly related to the user. Many of these methods delegate internally to other child object but this still results in some very large classes. I'm keen to avoid exposing lots of child objects e.g. user.getOrderHistory().getLatestOrder(). What other strategies can be used to avoid this problems?

    Read the article

  • Keeping a certain row or column in an HTML table fixed

    - by WarDoGG
    I have huge amounts of data populating an HTML <table> having more than 200 rows and 200 columns. However, when i scroll the page horizontally or vertically to view the data, the header columns (like th for instance) go beyond the page. How can i scroll through the table and still keep the top row and leftmost column fixed so that i will always know what data im seeing.

    Read the article

  • Different Editors for one column in EditorGridPanel ExtJS

    - by Sloane
    Hi, I am trying to show/load different editor on different rows of a editorgridpanel. Like a textbox on one row combobox/superboxselect on another and it could be any order, random. The conditions which dictate which editor will be shown reside in the database. Please tell me if this is possible and if so, how do i go about it.. I have tried pulling the conditions asynchronously which are pulled on a click event for the respective column, but calling it async causes problems. Please advise

    Read the article

  • constructor function's object literal returns toString() method but no other method

    - by JohnMerlino
    I'm very confused with javascript methods defined in objects and the "this" keyword. In the below example, the toString() method is invoked when Mammal object instantiated: function Mammal(name){ this.name=name; this.toString = function(){ return '[Mammal "'+this.name+'"]'; } } var someAnimal = new Mammal('Mr. Biggles'); alert('someAnimal is '+someAnimal); Despite the fact that the toString() method is not invoked on the object someAnimal like this: alert('someAnimal is '+someAnimal.toString()); It still returns 'someAnimal is [Mammal "Mr. Biggles"]' . That doesn't make sense to me because the toString() function is not being called anywhere. Then to add even more confusion, if I change the toString() method to a method I make up such as random(): function Mammal(name){ this.name=name; this.random = function(){ return Math.floor(Math.random() * 15); } } var someAnimal = new Mammal('Mr. Biggles'); alert(someAnimal); It completely ignores the random method (despite the fact that it is defined the same way was the toString() method was) and returns: [object object] Another issue I'm having trouble understanding with inheritance is the value of "this". For example, in the below example function person(w,h){ width.width = w; width.height = h; } function man(w,h,s) { person.call(this, w, h); this.sex = s; } "this" keyword is being send to the person object clearly. However, does "this" refer to the subclass (man) or the super class (person) when the person object receives it? Thanks for clearing up any of the confusion I have with inheritance and object literals in javascript.

    Read the article

  • sqlite3 timestamp column

    - by Flavius
    Hi I feel stupid, but I can't get a TIMESTAMP column to be shown in human understandable way in a SELECT. I could do that in MySQL, not in sqlite3. Could someone show me an example please? Thanks

    Read the article

  • Bad method names and what it says about code structure.

    - by maxfridbe
    (Apologies in advance if this is a re-post but I didn't find similar posts) What bad method name patterns have you seen in code and what did it tell you about the code. For instance, I keep seeing: public void preform___X___IfNecessary(...); I believe that this is bad because the operation X has an inversion of conditions. Note that this is a public method because classes methods might legitimately require private helpers like this

    Read the article

  • PHP MVC Framework Structure

    - by bigstylee
    I am sorry about the amount of code here. I have tried to show enough for understanding while avoiding confusion (I hope). I have included a second copy of the code at Pastebin. (The code does execute without error/notice/warning.) I am currently creating a Content Management System while trying to implement the idea of Model View Controller. I have only recently come across the concept of MVC (within the last week) and trying to implement this into my current project. One of the features of the CMS is dynamic/customisable menu areas and each feature will be represented by a controller. Therefore there will be multiple versions of the Controller Class, each with specific extended functionality. I have looked at a number of tutorials and read some open source solutions to the MVC Framework. I am now trying to create a lightweight solution for my specific requirements. I am not interested in backwards compatibility, I am using PHP 5.3. An advantage of the Base class is not having to use global and can directly access any loaded class using $this->Obj['ClassName']->property/function();. Hoping to get some feedback using the basic structure outlined (with performance in mind). Specifically; a) Have I understood/implemented the concept of MVC correctly? b) Have I understood/implemented Object Orientated techniques with PHP 5 correctly? c) Should the class propertise of Base be static? d) Improvements? Thank you very much in advance! <?php /* A "Super Class" that creates/stores all object instances */ class Base { public static $Obj = array(); // Not sure this is the correct use of the "static" keyword? public static $var; static public function load_class($directory, $class) { echo count(self::$Obj)."\n"; // This does show the array is getting updated and not creating a new array :) if (!isset(self::$Obj[$class]) && !is_object(self::$Obj[$class])) //dont want to load it twice { /* Locate and include the class file based upon name ($class) */ return self::$Obj[$class] = new $class(); } return TRUE; } } /* Loads general configuration objects into the "Super Class" */ class Libraries extends Base { public function __construct(){ $this->load_class('library', 'Database'); $this->load_class('library', 'Session'); self::$var = 'Hello World!'; //testing visibility /* Other general funciton classes */ } } class Database extends Base { /* Connects to the the database and executes all queries */ public function query(){} } class Session extends Base { /* Implements Sessions in database (read/write) */ } /* General functionality of controllers */ abstract class Controller extends Base { protected function load_model($class, $method) { /* Locate and include the model file */ $this->load_class('model', $class); call_user_func(array(self::$Obj[$class], $method)); } protected function load_view($name) { /* Locate and include the view file */ #include('views/'.$name.'.php'); } } abstract class View extends Base { /* ... */ } abstract class Model extends Base { /* ... */ } class News extends Controller { public function index() { /* Displays the 5 most recent News articles and displays with Content Area */ $this->load_model('NewsModel', 'index'); $this->load_view('news', 'index'); echo $this->var; } public function menu() { /* Displays the News Title of the 5 most recent News articles and displays within the Menu Area */ $this->load_model('news/index'); $this->load_view('news/index'); } } class ChatBox extends Controller { /* ... */ } /* Lots of different features extending the controller/view/model class depending upon request and layout */ class NewsModel extends Model { public function index() { echo $this->var; self::$Obj['Database']->query(/*SELECT 5 most recent news articles*/); } public function menu() { /* ... */ } } $Libraries = new Libraries; $controller = 'News'; // Would be determined from Query String $method = 'index'; // Would be determined from Query String $Content = $Libraries->load_class('controller', $controller); //create the controller for the specific page if (in_array($method, get_class_methods($Content))) { call_user_func(array($Content, $method)); } else { die('Bad Request'. $method); } $Content::$var = 'Goodbye World'; echo $Libraries::$var . ' - ' . $Content::$var; ?> /* Ouput */ 0 1 2 3 Goodbye World! - Goodbye World

    Read the article

  • Is there a way to restrict access to a public method to only a specific class in C#?

    - by Anon
    I have a class A with a public method in C#. I want to allow access to this method to only class B. Is this possible? UPDATE: This is what i'd like to do: public class Category { public int NumberOfInactiveProducts {get;} public IList<Product> Products {get;set;} public void ProcessInactiveProduct() { // do things... NumberOfInactiveProducts++; } } public class Product { public bool Inactive {get;} public Category Category {get;set;} public void SetInactive() { this.Inactive= true; Category.ProcessInactiveProduct(); } } I'd like other programmers to do: var prod = Repository.Get<Product>(id); prod.SetInactive(); I'd like to make sure they don't call ProcessInactiveProduct manually: var prod = Repository.Get<Product>(id); prod.SetInactive(); prod.Category.ProcessInactiveProduct(); I want to allow access of Category.ProcessInactiveProduct to only class Product. Other classes shouldn't be able to call Category.ProcessInactiveProduct.

    Read the article

  • How to easily substitute a Base class

    - by JTom
    Hi, I have the following hierarchy of classes class classOne { virtual void abstractMethod() = 0; }; class classTwo : public classOne { }; class classThree : public classTwo { }; All classOne, classTwo and classThree are abstract classes, and I have another class that is defining the pure virtual methods class classNonAbstract : public classThree { void abstractMethod(); // Couple of new methods void doIt(); void doItToo(); }; And right now I need it differently...I need it like class classNonAbstractOne : public classOne { void abstractMethod(); // Couple of new methods void doIt(); void doItToo(); }; class classNonAbstractTwo : public classTwo { void abstractMethod(); // Couple of new methods void doIt(); void doItToo(); }; and class classNonAbstractThree : public classThree { void abstractMethod(); // Couple of new methods void doIt(); void doItToo(); }; But all the nonAbstract classes have the same new methods, with the same code...and I would like to avoid copying all the methods and it's code to every nonAbstract class. How could I accomplish that? Hopefully it's understandable...

    Read the article

  • How to reference a specific object in an array of objects using jTemplates

    - by Travis
    I am using the excellent jTemplates plugin to generate content. Given a data object like this... var data = { name: 'datatable', table: [ {id: 1, name: 'Anne'}, {id: 2, name: 'Amelie'}, {id: 3, name: 'Polly'}, {id: 4, name: 'Alice'}, {id: 5, name: 'Martha'} ] }; ..I'm wondering if it is possible to directly specify an object in an array of objects using $T. (I'm hoping there is something like $T.table:3 available) Currently the only way I can think of to access a specific object in an array is to do something like this... {#foreach $T.table as record} {#if $T.record$iteration == 3} This is record 3! Name: {$T.record.name} {#/if} {#/for} However that seems clumsy... Any suggestions? Thanks

    Read the article

  • how to make grid column as drop down list for all rows using jquery

    - by kumar
    Hello friends.. colNames: ['A','B','C','D'], colModel: [ { name: 'A', index: 'A', width: 90 }, { name: 'B', index: 'B', width: 100 }, { name: 'C', index: 'C', width: 70 }, { name: 'D', index: 'D', edittype: 'select', width: 100, editoptions: { value: { 1: 'Yes', 2: 'No'}} } ], My concersn here is.. I am displying A B C D values from db2... for Last Column D I need to put defalut drop down list for all the rows. Thanks can any body help me out.. thanks

    Read the article

  • Creating get/set method dynamically in javascript

    - by portoalet
    I am trying to create a UserDon object, and trying to generate the get and set methods programmatically ( based on Pro Javascript book by John Resig page 37 ), and am testing this on Firefox 3.5 The problem is: in function UserDon, "this" refers to the window object instead of the UserDon object. So after calling var userdon = new UserDon(...) I got setname and getname methods created on the window object (also setage and getage). How can I fix this? function UserDon( properties ) { for( var i in properties ) { (function(){ this[ "get" + i ] = function() { return properties[i]; }; this[ "set" + i ] = function(val) { properties[i] = val; }; })(); } } var userdon = new UserDon( { name: "Bob", age: 44 });

    Read the article

  • UNIQUE CONSTRAINT on a column from foreign table in SQL Server 2008

    - by bodziec
    I have two tables: create table [dbo].[Main] ( [ID] [int] identity(1,1) primary key not null, [Sign] [char](1) not null ) create table [dbo].[Names] ( [ID_Main][int] primary key not null, [Name][nvarchar](128) not null, constraint [FK_Main_Users] foreign key ([ID_Main]) references [dbo].[Main]([ID]), constraint [CK_Name] unique ([Name], [Sign]) ) The problem is with the second constraint CK_Name Is there a way to make a constraint target column from a foreign table?

    Read the article

< Previous Page | 64 65 66 67 68 69 70 71 72 73 74 75  | Next Page >