❔ SQL Statement only returning one row
Only chest press gets returned, where as I need both
76 Replies
if you want only the exercise
what is DatabaseUtils.ReadData ?
never seen it around before
we usually use Entity framework or Dapper
and its not recommended to use List<object>
Its also not recommended to use raw strings in a query like that
Nick Chapsas
YouTube
"Your Code Has a SQL Injection!" | Code Cop #007
Use code GRPC20 and get 20% off the brand new "gRPC in .NET" course on Dometrain: https://dometrain.com/course/from-zero-to-hero-grpc-in-dotnet
Become a Patreon and get special perks: https://www.patreon.com/nickchapsas
Hello everybody, I'm Nick, and in this video, I'll show you what SQL Injection actually is and explain why people on LinkedIn...
that's quite a bad video to link
it does not explain SQL injection
oh no it's AskSQL
there's a cursed function like that in all the work code i inherited
anyway, you didn't share how you're adding this data to the database
your current query looks for an exact username match, so if you accidentally added a space or something to one it won't return it
if not that then something in your ReadData function is wrong
explain "quite a bad" its pretty much 1:1 whats happening here (timestamp) and he explains it
the video is aimed toward people generically saying "this code is bad! sql injection!" when those people don't know the full code of the user, and don't explain SQL injection
if
username is not a user-inputted string, it's not SQL injection
there are much better ways to explain what SQLi is, than showing this videoIt shows what its not, it shows what it is, it shows an example, it even says that if its not controllable its not injectable. It explains 2/3 of the explanation of:
SQL injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. This can allow an attacker to view data that they are not normally able to retrieve. This might include data that belongs to other users, or any other data that the application can access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behavior. In some situations, an attacker can escalate a SQL injection attack to compromise the underlying server or other back-end infrastructure. It can also enable them to perform denial-of-service attacks.It doesn't explain that last paragraph or demonstrate it He explained all of that (except the last paragraph), how is that a "quite a bad"? He says word for word "... if the user from an API post request or query string parameter is controlling this I they can pass down anything they want so what I can say for example if I wanted to attack this query is okay what if I say that where ID is one and ..." then proceeds to demonstrate injection, i'd say that does explain SQL injection, no?
um so how do i fix my problem
thats what it says but only returns one row
what IS your problem?
only returns one row? That's because there's only one row in the
CustomExercises tableyou didn't include all the code between making your query and getting your response
DatabaseUtils.ReadData is a black box that none of us know anything about
Sorry
theres 2
then that's how many rows that query is returning
well, it's clear why you only get one row
your ReadData method only ever reads the first row of the response
reader.Read() advances the reader to the next row in the result, you aren't calling it in a loop
in addition, you're pivoting the first row into your list which doesn't make senseOleDbDataReader.Read Method (System.Data.OleDb)
Advances the OleDbDataReader to the next record.
ohhhhhhhhh
okay thank you
does this look any better 😭
the
if shouldn't be there
as it is now you're skipping the first record by calling Read twice before accessing the fieldsahh okay thank you
try to define a class instead of using
List<object>also that
you could end up with a method like
List<T> ReadData<T>(string query, Func<DbDataReader, T> rowReader) if you want to keep it reusable
or if you don't care to reinvent the wheel, use dapper or another ORM which does this kind of mapping for you
im taking each row and inserting it into essentially a 3d list i think
or thats what im trynna do
a 2d list, but yes
R is saying that's not a good idea, because it's safer to map your DB results to strongly typed models
i can tell you copied and pasted that line from the example on the link, do you know why it's not working?
oh wait cuz its getting the first and second item
and their different
data types?
that line assumes your row matches that format
as in the first column has an int and the second column has a string
ohhh
whats the best way about doing this, im fairly new to c# and just followed a guide
the one that still had an
if was basically it if you just want a List<List<object>>System.Collections.Generic.List`1[System.Object]
how do i access the data in this
it's a list
o
if you want to print the elements you have to loop over them or use
string.Join or something
but your elements are lists, so you'll have to loop over each of those lists too
data_final should be List<List<object>>
you really should never use object ever tbh
if i was writing this i'd do something super generic like this extension method
but this has flaws too, like it doesn't support parameterized queries which you 100% need to use for anything involving user inputi see ill try get it workin w that knowledge thanks
i got the problem solved but i was wondering if you can help me w smthin else @Jimmacle
i wanna make it so when a button is pressed in one form, it will create another button in another form
When a custom exercise is created, it would add and isplay it on the add exercise list
is that winforms or wpf?
winforms
first make the button you want to click fire a method
where would i go from here 😭
have a reference to the other opened form u want to access
how do you create a refernce thats the part i cant rlly figure out
all of the opened forms can be accessed in
Application.Forms
what is the class name of your other form?addexercise
give it a name using the Property
Name
eg in its constructor Name = "foo";
then you can get its reference using Application.Forms["foo"];
or
can work toowhat does this do
it gets the reference of ur form u want to open
the forms already open i just want to add a button in the addexercise form
when the create button in the customform is fired
yes i know, but you dont have its reference
oh
hmm do u have a custom class called
Application in your project or something?nah i dont
press Ctrl + left click on
Application
oh its OpenForms not Forms
oh yh there we go
okay reference is made
where do i go from here
well define a method in that class and call it from the reference
eg
then let that method programatically add the button to the list
so create a method inside of the customexercise right
u mean addexercise
and then use the method in customexc
if you dont know how to programatically add a button, look at your form's file name that ends with
designer.cs
it will give you some ideawouldnt it be better to use invoke
like this
do you know what Invoke does?
oh wait that's an event
not a control
i used invoke to send data from one form to another
surely that can work w what im trynna achieve, no?
?
I think jaix is referring to using events
you could have one form subscribe to an event on the other form
but you're not really adding much there
yeah so i used invoke so that when a button is clicked on one form, it creates a panel on another form
surely i can do that with what im trynna do but im so confused
personally I don't think using events adds anything here
also
Invoke isn't special here, it's just a way to raise an event
usually seen in the form of SomeEvent?.Invoke(), to not raise the event if it has no subscribers
whereas SomeEvent() would throw an exception if it had no subscribersdelegate() and delegate.Invoke() are semantically identical
only difference is personal preference
unless you want to do ?. like cotton saidWas this issue resolved? If so, run
/close - otherwise I will mark this as stale and this post will be archived until there is new activity.