urgent: can anyone plz tell the error in santex of SQL Query
-
i have applied the following query but in output one record appears repeatedly, can u check whether there is any error in query santax, perhaps i have used 'AND' 2 TIMES SELECT crime_mgmt.cr_location,crime_mgmt.cr_date,offensive_issue.c_desc FROM crime_mgmt,offensive_issue WHERE crime_mgmt.fir_num = offensive_issue.fir_num AND crime_mgmt.cr_date BETWEEN '" + crimewithdate.text.ToString() + "' AND '" + crimewithdate.text1.ToString() + "'ORDER BY crime_mgmt.cr_date ASC
-
i have applied the following query but in output one record appears repeatedly, can u check whether there is any error in query santax, perhaps i have used 'AND' 2 TIMES SELECT crime_mgmt.cr_location,crime_mgmt.cr_date,offensive_issue.c_desc FROM crime_mgmt,offensive_issue WHERE crime_mgmt.fir_num = offensive_issue.fir_num AND crime_mgmt.cr_date BETWEEN '" + crimewithdate.text.ToString() + "' AND '" + crimewithdate.text1.ToString() + "'ORDER BY crime_mgmt.cr_date ASC
SELECT crime_mgmt.cr_location,crime_mgmt.cr_date,offensive_issue.c_desc FROM crime_mgmt inner join offensive_issue on crime_mgmt.fir_num = offensive_issue.fir_num WHERE crime_mgmt.cr_date BETWEEN '" + crimewithdate.text.ToString() + "' AND '" + crimewithdate.text1.ToString() + "'ORDER BY crime_mgmt.cr_date ASC and dont forget to enclose it properly as far as thequotes are concerned. you're better off chking the value of the actual query formed while debugging.
Rocky You can't climb up a ladder with your hands in your pockets.
-
i have applied the following query but in output one record appears repeatedly, can u check whether there is any error in query santax, perhaps i have used 'AND' 2 TIMES SELECT crime_mgmt.cr_location,crime_mgmt.cr_date,offensive_issue.c_desc FROM crime_mgmt,offensive_issue WHERE crime_mgmt.fir_num = offensive_issue.fir_num AND crime_mgmt.cr_date BETWEEN '" + crimewithdate.text.ToString() + "' AND '" + crimewithdate.text1.ToString() + "'ORDER BY crime_mgmt.cr_date ASC
-
i have applied the following query but in output one record appears repeatedly, can u check whether there is any error in query santax, perhaps i have used 'AND' 2 TIMES SELECT crime_mgmt.cr_location,crime_mgmt.cr_date,offensive_issue.c_desc FROM crime_mgmt,offensive_issue WHERE crime_mgmt.fir_num = offensive_issue.fir_num AND crime_mgmt.cr_date BETWEEN '" + crimewithdate.text.ToString() + "' AND '" + crimewithdate.text1.ToString() + "'ORDER BY crime_mgmt.cr_date ASC
-
i have applied the following query but in output one record appears repeatedly, can u check whether there is any error in query santax, perhaps i have used 'AND' 2 TIMES SELECT crime_mgmt.cr_location,crime_mgmt.cr_date,offensive_issue.c_desc FROM crime_mgmt,offensive_issue WHERE crime_mgmt.fir_num = offensive_issue.fir_num AND crime_mgmt.cr_date BETWEEN '" + crimewithdate.text.ToString() + "' AND '" + crimewithdate.text1.ToString() + "'ORDER BY crime_mgmt.cr_date ASC
Interesting, and quite disappointing, that no one picked you up on the fact that your code is susceptable to a SQL Injection attack. Please learn about SQL Injection Attacks and tips on how to prevent them[^] - most likely by following that advice you will solve other problems as well.
Upcoming FREE developer events: * Glasgow: SQL Server Managed Objects AND Reporting Services ... My website
-
Interesting, and quite disappointing, that no one picked you up on the fact that your code is susceptable to a SQL Injection attack. Please learn about SQL Injection Attacks and tips on how to prevent them[^] - most likely by following that advice you will solve other problems as well.
Upcoming FREE developer events: * Glasgow: SQL Server Managed Objects AND Reporting Services ... My website
Colin Angus Mackay wrote:
Interesting, and quite disappointing, that no one picked you up on the fact that your code is susceptable to a SQL Injection attack
I'm sorry Colin. I didn't even read his post until after I read your response. Mind you, it's interesting that the system he was working on had something to do with crime management (I'm inferring this from the table name). I would have thought that he'd want to make things as secure as possible beforehand.
Deja View - the feeling that you've seen this post before.
-
Colin Angus Mackay wrote:
Interesting, and quite disappointing, that no one picked you up on the fact that your code is susceptable to a SQL Injection attack
I'm sorry Colin. I didn't even read his post until after I read your response. Mind you, it's interesting that the system he was working on had something to do with crime management (I'm inferring this from the table name). I would have thought that he'd want to make things as secure as possible beforehand.
Deja View - the feeling that you've seen this post before.
Pete O`Hanlon wrote:
I would have thought that he'd want to make things as secure as possible beforehand.
Indeed. Unless, of course, he's in league with certain elements..... :~
Upcoming FREE developer events: * Glasgow: SQL Server Managed Objects AND Reporting Services ... My website