help
-
hello!!!! my C# code is not going on i have some difficulties to write on my database(postgresql with pgadmin4) this is my code please help me :sigh:
using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Threading.Tasks; using System.Windows.Forms; using Npgsql; using NpgsqlTypes; using WindowsFormsApplication1.Beans; namespace WindowsFormsApplication1 { public partial class inscription : Form { public static Client client; DateTime date; string Conx = "Server=localhost;Port=5432;Database=postgres;User=postgres;pwd=yannick93"; NpgsqlCommand MyCmd = null; NpgsqlConnection MyCnx = null; public inscription() { InitializeComponent(); } private void label1_Click(object sender, EventArgs e) { } private void label4_Click(object sender, EventArgs e) { } private void textBox1_TextChanged(object sender, EventArgs e) { } private void b_annuler1_Click(object sender, EventArgs e) { } private void b_confirm1_Click(object sender, EventArgs e) { String nom = esp_nom.Text; String prenom = esp_prenom.Text; String adr = esp_adr.Text; String ville = esp_ville.Text; String pass = esp_pass.Text; String confirm = esp_conf.Text; if (nom == "" || prenom == "" || adr == "" || ville == "" || pass == "" || confirm == "") { MessageBox.Show("veuiller entrer tous les parametres", "parametres manquants"); } else { if (!pass.Equals(confirm)) { MessageBox.Show("veuillez bien saisir votre mot de pass", "erreur de confirmation"); } else { Connexion connect = new Connexion(); try { // connect.con.Open(); date = DateTime.Now; String dateh = date.ToShortTimeString(); String datej = date.ToShortDateString(); var tabh = dateh.Split(':'); var tabj = datej.Split('/'); String h = tabh[ -
hello!!!! my C# code is not going on i have some difficulties to write on my database(postgresql with pgadmin4) this is my code please help me :sigh:
using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Threading.Tasks; using System.Windows.Forms; using Npgsql; using NpgsqlTypes; using WindowsFormsApplication1.Beans; namespace WindowsFormsApplication1 { public partial class inscription : Form { public static Client client; DateTime date; string Conx = "Server=localhost;Port=5432;Database=postgres;User=postgres;pwd=yannick93"; NpgsqlCommand MyCmd = null; NpgsqlConnection MyCnx = null; public inscription() { InitializeComponent(); } private void label1_Click(object sender, EventArgs e) { } private void label4_Click(object sender, EventArgs e) { } private void textBox1_TextChanged(object sender, EventArgs e) { } private void b_annuler1_Click(object sender, EventArgs e) { } private void b_confirm1_Click(object sender, EventArgs e) { String nom = esp_nom.Text; String prenom = esp_prenom.Text; String adr = esp_adr.Text; String ville = esp_ville.Text; String pass = esp_pass.Text; String confirm = esp_conf.Text; if (nom == "" || prenom == "" || adr == "" || ville == "" || pass == "" || confirm == "") { MessageBox.Show("veuiller entrer tous les parametres", "parametres manquants"); } else { if (!pass.Equals(confirm)) { MessageBox.Show("veuillez bien saisir votre mot de pass", "erreur de confirmation"); } else { Connexion connect = new Connexion(); try { // connect.con.Open(); date = DateTime.Now; String dateh = date.ToShortTimeString(); String datej = date.ToShortDateString(); var tabh = dateh.Split(':'); var tabj = datej.Split('/'); String h = tabh[run the debugger and inspect the string "insert" and see if you can run that directly using one of the postgresql clients. This will most likely identify the issue. Also read up on sql injection attacks as you are inviting someone to destroy your database.
Never underestimate the power of human stupidity - RAH I'm old. I know stuff - JSOP
-
run the debugger and inspect the string "insert" and see if you can run that directly using one of the postgresql clients. This will most likely identify the issue. Also read up on sql injection attacks as you are inviting someone to destroy your database.
Never underestimate the power of human stupidity - RAH I'm old. I know stuff - JSOP
The annoying thing is that he has already copy'n'pasted the code to avoid SQL Injection elsewhere without understanding what the heck he is doing or why...
Sent from my Amstrad PC 1640 Never throw anything away, Griff Bad command or file name. Bad, bad command! Sit! Stay! Staaaay... AntiTwitter: @DalekDave is now a follower!
-
run the debugger and inspect the string "insert" and see if you can run that directly using one of the postgresql clients. This will most likely identify the issue. Also read up on sql injection attacks as you are inviting someone to destroy your database.
Never underestimate the power of human stupidity - RAH I'm old. I know stuff - JSOP
-
run the debugger and inspect the string "insert" and see if you can run that directly using one of the postgresql clients. This will most likely identify the issue. Also read up on sql injection attacks as you are inviting someone to destroy your database.
Never underestimate the power of human stupidity - RAH I'm old. I know stuff - JSOP
i doont no how to run the debugger
-
PLEASE i do not understand well what you are saying :sigh:
Quote:
read up on sql injection attacks as you are inviting someone to destroy your database.
What that means is this: never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead. When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
DROP TABLE MyTable;
A perfectly valid "delete the table" command
--'
And everything else is a comment. So it does: selects any matching rows, deletes the table from the DB, and ignores anything else. So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
Sent from my Amstrad PC 1640 Never throw anything away, Griff Bad command or file name. Bad, bad command! Sit! Stay! Staaaay... AntiTwitter: @DalekDave is now a follower!
-
i doont no how to run the debugger
Then learn! The debugger is the biggest, badest, best tool in your box: chances are you will spend more time using that than you will your editor - even when you get more experience - because as you advance, so your code becomes more complex, and testing and diagnosing problems also becomes more complicated. So find out how to use the debugger, and start finding your problems. Judging by the amount of HTML there is stuffed into your sample, you are using VS Code, so start reading here: Debugging in Visual Studio Code[^] If you aren't, then start here: Navigate code with the debugger - Visual Studio | Microsoft Docs[^]
Sent from my Amstrad PC 1640 Never throw anything away, Griff Bad command or file name. Bad, bad command! Sit! Stay! Staaaay... AntiTwitter: @DalekDave is now a follower!
-
i doont no how to run the debugger
-
i doont no how to run the debugger
Ok so you do not know the basics of software development, you should get a beginners book and work through the examples as you read the book BEFORE you start trying to build.
Never underestimate the power of human stupidity - RAH I'm old. I know stuff - JSOP
