Database

No, this is not how it works. We gladly help when you get stuck but we aren't going to do all your work for you. You didn't even manage to post this in the correct forum. There are only 10 types of people in the world, those who understand binary and those who don't.

Your request is rude. Consider yourself lucky you got some pointers. If the brain were so simple we could understand it, we would be so simple we couldn't. — Lyall Watson

Instead of running it every XX minutes - why not keep it running all day - just sleep the task between runs. http://microsoft-ssis.blogspot.com/2011/04/pause-in-ssis.html[^]

Afzaal Ahmad Zeeshan wrote: Learn more I think this may be an invalid assumption :laugh: Never underestimate the power of human stupidity RAH

I know there are a lot of posts but I finally understand and did what I was told to do. I broke the query up with parameters and I am still getting the security error. My code is below the with the parameters removed from the hard coded string, the calling code, and the implementing code: The 3 classes with the SQL w/ with the parameters broken out, the calling code, and the implementing code: Class with the parameters broken out: public class MyParam { public string name { get; set; } public string value { get; set; } } /// /// Summary description for QueryContainer SGH /// public class QueryContainer { string \_query; public List parameterList = new List(); public QueryContainer(string query) { \_query = query; } public string Query { get { return \_query; } set { \_query = value; } } } The calling code: public int GetAccountSortByAccountCode(int account) { QueryContainer Instance = new QueryContainer("SELECT ac\_sort\_order FROM lkup\_account\_codes where ac\_code = [@account](http://www.codeproject.com/Members/account)"); MyParam myParam = new MyParam(); myParam.name = "@account"; myParam.value = account.ToString(); Instance.parameterList.Add(myParam); return Convert.ToInt32(ExecuteScaler(Instance, 1)); } The implementing code: if (\_connection == null || \_connection.State == ConnectionState.Closed) { OpenConnection(); } DbCommand command = \_provider.CreateCommand(); command.Connection = \_connection; { command.CommandText = Instance.Query; command.CommandType = CommandType.Text; foreach (var p in Instance.parameterList) { SqlParameter param = new SqlParameter(p.name, p.value); command.Parameters.Add(param); } if (\_useTransaction) { command.Transaction = \_transaction; } try { returnValue = command.ExecuteScalar(); }

For simple dates I have a view that goes from start of previous year to + 10 years but for some apps I have a table Holiday with all the public holidays of various countries we deal with. Never underestimate the power of human stupidity RAH

SELECT employeename, departmentname, salary FROM employees WHERE departmentno = 10; The difficult we do right away... ...the impossible takes slightly longer.

Glad you solved it! Cheers :) If the brain were so simple we could understand it, we would be so simple we couldn't. — Lyall Watson

Worked like a charm! Thanks! Had to adjust a couple of things, but that got my mind into better understanding the SQL sample

:-D No problem. Glad you found it. There are only 10 types of people in the world, those who understand binary and those who don't.

It's in the planning to do something like this, but for the immediate problem it won't help me. But thanks for the effort. V. (MQOTD rules and previous solutions)

Now that is a good explination Mongo: Mongo only pawn... in game of life.

Did you check your registry? In Word you can only store 2 bytes. That is why I use Writer.

In addition to the SQL Injection[^] vulnerability, you're also storing passwords in plain text. You should only ever store a salted hash of the user's password. You should also wrap the connection and command objects in Using blocks, to ensure that their resources are properly cleaned up. You should also give your controls proper names, so that their meaning is obvious. Using the default names (TextBox1, TextBox2, etc.) will only confuse you when you come back to this code later. To fix the immediate problem, use a parameterized query: Using con As New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\surendera\Documents\student.accdb") Using cmd As New OleDbCommand("INSERT into user_acnt (user_name, pas_word) values (?, ?)", con) ' OleDb doesn't use named parameters, so the names don't matter here: cmd.Parameters.AddWithValue("p0", login.UserNameTextBox.Text) cmd.Parameters.AddWithValue("p1", login.PasswordTextBox.Text) con.Open() cmd.ExecuteNonQuery() End Using End Using Then, go and read the following articles, and change your database design to store the passwords securely: Secure Password Authentication Explained Simply[^] Salted Password Hashing - Doing it Right[^] "These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer

Looking into Oracle docs seems like a good idea to me: https://docs.oracle.com/cd/E17952_01/refman-5.1-en/alter-table.html[^] If the brain were so simple we could understand it, we would be so simple we couldn't. — Lyall Watson

Interesting. I used a DataTable in my RDLC report generator class. Forget that I can sort in the report RDLC Tablix. So I passed a structure to my database class, to load a DataTable in the report class, to pass to the RDLC. Guess I should take the DataTable straight to the database function to populate it. I wrote this early last summer, sort of forgot how it worked. But good call David on the DataTable.