thanx Regards Shajeel

When you close the web browser and open it again, wouldn't ASP.NET create a new one for you? Vasudevan Deepak Kumar Personal Homepage Tech Gossips A pessimist sees only the dark side of the clouds, and mopes; a philosopher sees both sides, and shrugs; an optimist doesn't see the clouds at all - he's walking on them. --Leonard Louis Levinson

but i want to raise event for function xyz. post back is working but my code is in xyz. Regards Shajeel

Shajeel wrote: all examples in the article starts with ' No, one of the examples began with a number, not a quote: string sql = "SELECT * FROM Orders WHERE DATEPART(YEAR, OrderDate) = "+ this.orderYearTb.Text); and the attacker began his string with a zero. Does seem to me that all the examples I've seen had statement delimiters embedded within them. Therefore, I have two functions I run against the input. The first effectively converts ' to '', but also checks for a maximum length of the argument. If I know the maximum length of the field my user wants to compare against, a string longer than this is rejected outright as a possible attack. The next function removes any unquoted semicolons. This will cause attacking SQL to be ill-formed and rejected for syntax. But DON'T respond to the user with the ill-formed string. They may be able to see thru the protection scheme. While this two-prong approach defeates every injection example I have ever seen, it does not guarantee, as Colin suggested, that someone clever won't come up with a way to defeat it. Plus, as Pete inferred, the SQL validation (in my case, converting ' to '' and removing unquoted semicolons) must be done immediately before submitting the SQL string to the db for processing. You must not rely on external validation. David --------- Empirical studies indicate that 20% of the people drink 80% of the beer. With C++ developers, the rule is that 80% of the developers understand at most 20% of the language. It is not the same 20% for different people, so don't count on them to understand each other's code. http://yosefk.com/c++fqa/picture.html#fqa-6.6 ---------

thank you both of you Regards Shajeel

Thanks for the reply. We are actually using Oracle and VC 6 services and table is not actually temporary, it is simple table but data in it is only stored for message passing and then removed. I just wanted to know whether there is any better solution but it seems like our solution is the best we can get as we cannot modify first application. Regards Shajeel

Thanks Regards Shajeel

I'm just suspicious - What is defined twice in two different classes ?  Is this really what you want? Hiding it with a linker option may not be the best solution :) Mark Mark Salsbery Microsoft MVP - Visual C++ :java:

Problem is that my application is running on dozens of other boxes, so it is not the problem in which i want to change my code. This is some sort of configuration problem which i am not able to resolve. Regards Shajeel

Hi Shajeel It shouldn't matter which way round you have the where-clause, because SQL-Server (and Oracle) are able to recognise that the index is potentially applicable (because both RDBMS products use a cost-based optimiser). The main criteria as-to whether the index will be used will be how selective the index is (i.e. how many records does SQL-Server think will be returned from the query based on its statistics). Regards Andy

np :)

Shajeel wrote: i am seeing source of page1 whereas the ie displays page2. That's just plain not possible, unless the source is being changed in script ( you see the original source ). Shajeel wrote: i m getting error when in base page i have used some javascript and it is saying hidden field is null. OK, apparently, your hidden field is null. You need to check your javascript and markup, and if you want meaningful help, you need to post it, so we can comment on your code. Christian Graus - Microsoft MVP - C++ Metal Musings - Rex and my new metal blog "I am working on a project that will convert a FORTRAN code to corresponding C++ code.I am not aware of FORTRAN syntax" ( spotted in the C++/CLI forum )

then how can i use it with datagrid now i m using DataTable dt = GetDataTableFromDB(); grid.DataSource = dt; grid.DataBind(); Session["dt"] = dt; this data table contains all the rows based on search criterea and which can be 10 million, then in sortcommand event i m using DataTable dt = (DataTable)Session["dt"]; DataView dv = dt.DefaultView; //Sort criterea grid.DataSource = dv; grid.DataBind(); Regards Shajeel

Cool! Happy Independence day to all Pakistani folks out here :-) Regards, Nish Nish’s thoughts on MFC, C++/CLI and .NET (my blog) Currently working on C++/CLI in Action for Manning Publications. Also visit the Ultimate Toolbox blog (New)

i m using javascript Regards Shajeel