I wish I could give more thumbs ups. I have learned that when I see your videos pop up in my google querys I'm about to solve my problems and learn more than i came for. I came for a simple parameters demo and got the an excellent SQL injection explanation, the answer to my questions and and a demo of how sharp you are. I saw you type in the error while entering the @pass param and wondered how long it would take you to find it. One line of troubleshooting code later and Bam you narrowed right in on it. I Know it would have taken me longer to figure that out. I have resolved to see all your videos even before seeing this one. I like how with your videos I don't get 100 peices of info from different sites/people and have to spend hours puzzling them together. Please, please keep them coming!!! I wish I could see all your favorite handy classes. Good Job Man!
Thanks for this great tutorial Sir.... I tried the SQL Injections on my Sample Programs and I noticed my Programs are Vulnerable to SQL Injections.... Thanks!!!
Thanks for the great tutorials. I use your SQLContol class extensively and wondered if you could show how to use it to retrieve an output parameter when calling a stored procedure?
+Ian McLean I can honestly say that I've never attempted this, though I'm certainly up to the challenge! :-) I'm curious to know which version of the SQLControl class you're using, since there have been a number of improvements since I first began building it. It's exciting and encouraging to know that it's being used out there.
+Ian McLean Well, this was certainly an interesting project. I'm not certain if I'm doing the best way possible, but it definitely appears to be working well. What I did: 1.) Create a simple Stored Procedure to fetch a Service Tag number from my database based upon the Asset Tag number. 2.) Created a Function to Execute the Stored Procedure and retrieve the Output Parameter value [ServiceTag] and return it to a TextBox control. Let me know if you want the source code and I'll package it up and put it in my DropBox for you.
I'm not sure which version I use, I think it may be a mash-up of several. I could post the code if it helps? I'm not really a programmer but your tutorials have been invaluable in helping me learn VB.
+Ian McLean Happy to help, Ian. :-) Here are links to a project screenshot & download: Project Screenshot - www.dropbox.com/s/40u7nw8wi86r1to/SPOutputParam.png?dl=0 Project Source Code - www.dropbox.com/s/iq722t206th6ves/SPOutputParam.zip?dl=0 Naturally, you'll need to alter the connection string and adjust the queries to work with your database. Hopefully, everything is commented sufficiently to give you a clear understanding of what is happening. Let me know if you have any questions. :-)
Awesome tutorial - A real eye opener! "Welcome to the VBToolbox, In this tutorial I will be teaching you how to hack.... I mean parametrize..." haha :D JK
VB Toolbox Is this a valid parametrizing short cut, Or will it cause problems with bigger projects? Sorry for pasting code here ;3 It looks very messy on TH-cam... cmd = New SqlCeCommand("Insert Into Users(name, phone) Values (@nme, @num)", con) cmd.Parameters.Add("@nme", InputBox("Please enter Name", "Name", "Jimmy", , )) cmd.Parameters.Add("@num", InputBox("Please enter a Phone Number", "Phone", "083-234-2344", , ))
Wow. Good question. I've not tried piping an input dialog directly to a command, though I don't see why it would break, unless there was no value entered (user cancels, escapes, etc) and it tries to fire the insert whilst lacking variable info and *POOF!* - The Codepocalypse! Okay, perhaps that was overly dramatic. lol Another issue that I might be somewhat bothersome is that locking in your values (cmd creation) kinda turns your sub into a one trick pony. That's all it will ever do and if you want another SQL statement elsewhere you'll end up duplicating you code. Of course, I'm only assuming that this would actually be a sub, whereas you may just be showing me your dataflow, rather than a full sub, in which case - oops! My bad. :-D
VB Toolbox LOL! ^_^ Yea that's all true though, and I do tend to make code that isn't very reusable, but I'm working on that by learning new techniques :) thanks for the advice
Question, so I know it's probably not practical setting the SQL login to the 'sa' account to your DB in the SQLControl file. I know there are programs out there that can take an executable and break it down into the code it was written in, could they just pull up the SQL control class and see all the SQL login information? I feel that could be dangerous, BUT I do see options in my management studio to set permissions to security accounts.
You are correct. It's always risky storing or sending credentials in plain text. To use built in NTFS authentication, use a Trusted Connection (Trusted_Connection=True;) in place of SQL permissions in your connection string. You just have to make sure that the desired windows/domain users have been granted proper permissions to the database in SQL server.
I wish I could give more thumbs ups. I have learned that when I see your videos pop up in my google querys I'm about to solve my problems and learn more than i came for. I came for a simple parameters demo and got the an excellent SQL injection explanation, the answer to my questions and and a demo of how sharp you are. I saw you type in the error while entering the @pass param and wondered how long it would take you to find it. One line of troubleshooting code later and Bam you narrowed right in on it. I Know it would have taken me longer to figure that out. I have resolved to see all your videos even before seeing this one. I like how with your videos I don't get 100 peices of info from different sites/people and have to spend hours puzzling them together. Please, please keep them coming!!! I wish I could see all your favorite handy classes. Good Job Man!
+Scott Vickrey Thank you, Scott! I really appreciate the positive feedback. :-D
Thanks for this great tutorial Sir.... I tried the SQL Injections on my Sample Programs and I noticed my Programs are Vulnerable to SQL Injections.... Thanks!!!
Amazing and friendly, your teachings here.
A must... to become aware... the ways we can be cheated by "spy" users !
Thank you.
Wow this is great. I've never thought of this before. Thanks! :)
YOUR MY HERO thks for the help for my sch project
Your videos are amazing. Thank you for this!
Thank you, Robert! I appreciate the encouraging feedback. :-D
Very nice video's! they have been quite helpfull. Is there any chance you will be doing a LINQ tutorial with lamba's?
Thanks for the great tutorials. I use your SQLContol class extensively and wondered if you could show how to use it to retrieve an output parameter when calling a stored procedure?
+Ian McLean I can honestly say that I've never attempted this, though I'm certainly up to the challenge! :-)
I'm curious to know which version of the SQLControl class you're using, since there have been a number of improvements since I first began building it.
It's exciting and encouraging to know that it's being used out there.
+Ian McLean Well, this was certainly an interesting project. I'm not certain if I'm doing the best way possible, but it definitely appears to be working well.
What I did:
1.) Create a simple Stored Procedure to fetch a Service Tag number from my database based upon the Asset Tag number.
2.) Created a Function to Execute the Stored Procedure and retrieve the Output Parameter value [ServiceTag] and return it to a TextBox control.
Let me know if you want the source code and I'll package it up and put it in my DropBox for you.
I'm not sure which version I use, I think it may be a mash-up of several. I could post the code if it helps?
I'm not really a programmer but your tutorials have been invaluable in helping me learn VB.
+VB Toolbox Wow that was quick. I posted my last message before seeing this one. I'd be grateful for the source, thanks so much.
+Ian McLean Happy to help, Ian. :-)
Here are links to a project screenshot & download:
Project Screenshot - www.dropbox.com/s/40u7nw8wi86r1to/SPOutputParam.png?dl=0
Project Source Code - www.dropbox.com/s/iq722t206th6ves/SPOutputParam.zip?dl=0
Naturally, you'll need to alter the connection string and adjust the queries to work with your database. Hopefully, everything is commented sufficiently to give you a clear understanding of what is happening.
Let me know if you have any questions. :-)
Will you be doing a CodeDOM tutorial? I'm having a massive struggle with it.
thank u so much..... for these vedio....s...... i need it very badly..!!! thank one again sir
+sumit mondal Sure thing! :-) I'm happy that they've been helpful to you.
Yep ....a lot...but sir. ..can u provide me vedios on WCF and WPF
Pls sir
Awesome tutorial - A real eye opener!
"Welcome to the VBToolbox, In this tutorial I will be teaching you how to hack.... I mean parametrize..." haha :D JK
VB Toolbox
Is this a valid parametrizing short cut, Or will it cause problems with bigger projects? Sorry for pasting code here ;3 It looks very messy on TH-cam...
cmd = New SqlCeCommand("Insert Into Users(name, phone) Values (@nme, @num)", con)
cmd.Parameters.Add("@nme", InputBox("Please enter Name", "Name", "Jimmy", , ))
cmd.Parameters.Add("@num", InputBox("Please enter a Phone Number", "Phone", "083-234-2344", , ))
Wow. Good question. I've not tried piping an input dialog directly to a command, though I don't see why it would break, unless there was no value entered (user cancels, escapes, etc) and it tries to fire the insert whilst lacking variable info and *POOF!* - The Codepocalypse!
Okay, perhaps that was overly dramatic. lol
Another issue that I might be somewhat bothersome is that locking in your values (cmd creation) kinda turns your sub into a one trick pony. That's all it will ever do and if you want another SQL statement elsewhere you'll end up duplicating you code. Of course, I'm only assuming that this would actually be a sub, whereas you may just be showing me your dataflow, rather than a full sub, in which case - oops! My bad. :-D
VB Toolbox LOL! ^_^
Yea that's all true though, and I do tend to make code that isn't very reusable, but I'm working on that by learning new techniques :) thanks for the advice
Question, so I know it's probably not practical setting the SQL login to the 'sa' account to your DB in the SQLControl file.
I know there are programs out there that can take an executable and break it down into the code it was written in, could they just pull up the SQL control class and see all the SQL login information?
I feel that could be dangerous, BUT I do see options in my management studio to set permissions to security accounts.
You are correct. It's always risky storing or sending credentials in plain text.
To use built in NTFS authentication, use a Trusted Connection (Trusted_Connection=True;) in place of SQL permissions in your connection string. You just have to make sure that the desired windows/domain users have been granted proper permissions to the database in SQL server.
Thanks
can u update code in pastebin or something? because im using different visual basic version
How to get serial number of connected USB, in vb.net?
Nice tutorial but anyone have the source code - link does not work anymore