I have some code which utilizes parameterized queries to prevent against injection, but I also need to be able to dynamically construct the query regardless of the structure of the table. What is the proper way to do this? Here's an example, say I have a table with columns Name, Address, Telephone. I have a web page where I run Show C...
I've been trying to solve this, and have been getting stuck, so I thought I'd ask. Imagine two ActionBeans, A and B. A.jsp has this section in it: ... <jsp:include page="/B.action"> <jsp:param name="ponies" value="on"/> </jsp:include> <jsp:include page="/B.action"> <jsp:param name="ponies" value="off"/> </jsp:include> ... Take i...
I am currently trying to use NAnt and CruiseControl.NET to manage various aspects of my software development. Currently, NAnt handles just about everything, including replacing environment specific settings (e.g., database connection strings) based on an input target that I specify on the command line. CruiseControl.NET is used to build...
Parameterized Queries in .Net always look like this in the examples: SqlCommand comm = new SqlCommand("SELECT * FROM Products WHERE Category_ID=@categoryid", conn); comm.Parameters.Add("@categoryid", SqlDbType.Int); comm.Parameters["@categoryid"].Value = CategoryID; But I'm running into a brick wall trying to do the following: Sql...
I am using parameterized queries in my C# code to interact with an Oracle database. What can I do to log the statements in a more readable fashion? Suppose I have a parameterized query like: INSERT INTO PERSON (ID, NAME, BIRTHDATE) VALUES (:id, :name, :birthdate) Ideally I would like to see the log entry with all parameters replaced ...
I'm trying to set up a report to run monthly in Crystal Reports Server 2008 that will give me the next month's Affordable Care Plan termination dates. However, as far as I can tell, I can only give it a particular date string, not "7 days after the report is scheduled". How do I do this? (Same question for CR2008, actually, but the serve...
Is there a way to set my own custom test case name when using Parameterized tests in Junit4? I'd like to change the default "[Test class].runTest[n]" to something meaningful... ...
I've been trying to extend the ArrayList class without much success. I want to extend it, and be able to parameterize it. So normally you have something like ArrayList<SomeObject> list = new ArrayList<SomeObject>(); I want MyList<SomeObject> list = new MyList<SomeObject>(); Simply extending ArrayList doesn't work. public class M...
I have an application that builds dynamic parameterized SQL queries. The following query returns an inner exception of "syntax error at or near "="... I am thinking it is in the way that I am assigning the parameter to the column name but, I'm not sure. Code follows. SELECT TOP 50 77 AS Repository, DocID, LastFileDate, ImageCount, Lo...
I am doing some maintenance work on an older system that is running PHP 4 and talks to a MS SQL2000 database via FreeTDS. I know, it already sounds somewhat scary! A lot of the code used unsafe string-concatenation for generating SQL queries. I have done some work to try and filter the input to make things safer but it is giving me a ...
I am getting strange formatting errors while trying to update a row in SQLite through a C# wrapper. The issue is not in the wrapper, but in how I am passing the parameters to the parametric query. Is there a way to see the SQL generated to send to the DB? I've looked up a lot but it seems it is not very common wanting this or at least, ...
Is it possible, and if so, how... To do parameterized queries with SQLite WITHOUT having to go through ADO.NET. I've been asked to do some testing with SQLite for a project that needs to have a zero-admin install... ie: no special permissions, things added to windows registry, etc. I would suspect that using an ADO.NET would require s...
Hi all. I'm trying to write a parameterized query in ASP Classic, and it's starting to feel like i'm beating my head against a wall. I'm getting the following error: Must declare the scalar variable "@something". I would swear that is what the hello line does, but maybe i'm missing something... <% OPTION EXPLICIT %> <!-- #includ...
Guice provides a means to find all bindings for a given type (Injector#findBindingsByType) and it also provides a TypeLiteral class from which it seems possible to construct a wildcard type. What I would like to do is find all bindings for some type that is parameterised by a wildcard type but I can't figure out how to do it. A look at t...
We are currently using SubSonic 3.0.0.2 and playing about with the Linq for it, we've noticed that the underlying SQL is not parameterized. I'm aware that the query tool is and we can work with that but I'm just curious if having parameterized with Linq is possible? Am I missing something? or is this not yet implemented in SubSonic. ...
Suppose I have a search screen that is intended for looking up items. There are various optional search options on the screen that will cause the SQL query statement to vary. Here are some example searches: Description search Description search + item supplier id Description search + item supplier id + item hierarchy level 1 id Descri...
Hello, I am new to eclipse. I am using JUnit 4. and i have written a set up method in my class which extends Testcase where some initialization happens. I have some set of testcases in the same class. I have test data in zipped form and attached to work space. Currently i am able to run all test cases for a single test data. Somehow i w...
Every sample I've seen uses stored procedures. I've adopted an old application written in Classic ASP that uses inline SQL. This is an obvious issue, so I need to convert it to safer code. The client does not wish that I use stored procedures in this application, so is there a way to run parameterized queries without stored procedures...
What pitfalls may I encounter by not setting the cmd.CommandType attribute when running a dynamic sql call? I can not use adovbs.inc, and using cmd.CommandType = 200 yields the error: ADODB.Command (0x800A0BB9) Arguments are of the wrong type, are out of acceptable range, or are in conflict with one another. So by commenti...
I just ran into a strange thing...there is some code on our site that is taking a giant SQL statement, modifying it in code by doing some search and replace based on some user values, and then passing it on to SQL Server as a query. I was thinking that this would be cleaner as a parameterized query to a stored proc, with the user valu...