dcsimg
Results 1 to 12 of 12

Thread: Weirdness (Involves databases)

  1. #1

    Thread Starter
    Hyperactive Member
    Join Date
    Nov 2002
    Location
    Someplace 'ore the rainbow
    Posts
    392

    Weirdness (Involves databases)

    I'm writing software that has to get information from a database that's on a server. I'm using winsock and downloading a page from the server (sending the SQL statement as a querystring). The program part works fine.

    When I use the SQL string:
    "SELECT Name FROM Students" it works fine, returning:
    Code:
    Chandler Prall<BR>Amy Guesswork<BR>Cinderella<BR>Eric Ayon<BR>
    The problem occurs when I add another field to the statement:
    "SELECT Name,Phone FROM Students"
    Will return (in the HTML code):
    Code:
    HTTP/1.1 200 OK
    Server: Microsoft-Chandler Prall<BR>3036323357<BR>Amy Guesswork<BR>3032222222<BR>Cinderella<BR>303555
    If I add another field to the statement it works fine, in fact, it is when I select only two (any two) fields that it gives me the extra crap.

    As long as my server's up, you can try it out:
    http://disiance.homeip.net:81/schedu...ROM%20Students

    Fields to use:
    Name, Phone, Email, LessonStartTime, LessonEndTime

    cjqp
    Last edited by cjqp; Sep 7th, 2004 at 10:24 AM.
    When your answer is the Arc Sin of 1.015, you should check your Pythagorean triple.

  2. #2
    Big D Danial's Avatar
    Join Date
    Jul 2000
    Location
    ASP.Net Forum
    Posts
    2,877
    It could be to do with the fact that Name is Keyword.

    try this :

    "SELECT [Name],Phone FROM Students"

    BTW: I am tempted to pass this as query : "Delete * From Students" or even drop all tables!


    Be careful and avoid pass sql query as parameter. Rather pass the criteria.

    e.g

    TableName, SearchField, SearchValue

    Then construct the SQL in the code

    e.g

    sql = "Select * From " & TableName & " Where " & SearchField & "=" & searchvalue

    then execute that.

    Even this is not safe, SQL injection attack can be performed on this if you dont take few extra steps.

    Hope this helps.

    Danial
    [VBF RSS Feed]

    There is a great war coming. Are you sure you are on the right side? Atleast I have chosen a side.

    If I have been helpful, Please Rate my Post. Thanks.

    This post was powered by :

  3. #3

    Thread Starter
    Hyperactive Member
    Join Date
    Nov 2002
    Location
    Someplace 'ore the rainbow
    Posts
    392
    Thanks for the information on the potential risk here...knew it existed with the SQL injection, but didn't think about DELETE directly, that's why I have backups of the database...but yeah. Anyway, [Name] didn't help, and if I have Phone,Email it still gives the same problem.

    cjqp
    When your answer is the Arc Sin of 1.015, you should check your Pythagorean triple.

  4. #4
    Big D Danial's Avatar
    Join Date
    Jul 2000
    Location
    ASP.Net Forum
    Posts
    2,877
    Hmm yes, the problem is with 2 fields, not sure why. I assume its returning some kind of error and that is getting truncated.

    See if there is any error generated..
    [VBF RSS Feed]

    There is a great war coming. Are you sure you are on the right side? Atleast I have chosen a side.

    If I have been helpful, Please Rate my Post. Thanks.

    This post was powered by :

  5. #5

    Thread Starter
    Hyperactive Member
    Join Date
    Nov 2002
    Location
    Someplace 'ore the rainbow
    Posts
    392
    Hmm, there's no error being generated, and it looks as if the junk is the first part of the headers being sent.
    I changed the SQL statement part of the code, now URL would be like http://disiance.homeip.net:81/schedu...lds=Name,Phone .

    cjqp
    When your answer is the Arc Sin of 1.015, you should check your Pythagorean triple.

  6. #6
    Big D Danial's Avatar
    Join Date
    Jul 2000
    Location
    ASP.Net Forum
    Posts
    2,877
    Originally posted by cjqp
    Hmm, there's no error being generated, and it looks as if the junk is the first part of the headers being sent.
    I changed the SQL statement part of the code, now URL would be like http://disiance.homeip.net:81/schedu...lds=Name,Phone .

    cjqp
    Its not only junk, if it was just jun you can easily parse it. But it is not returnin the right number of records. If you notice when 2 fields are used the record numbers are less then when you use 3 fields.
    [VBF RSS Feed]

    There is a great war coming. Are you sure you are on the right side? Atleast I have chosen a side.

    If I have been helpful, Please Rate my Post. Thanks.

    This post was powered by :

  7. #7

    Thread Starter
    Hyperactive Member
    Join Date
    Nov 2002
    Location
    Someplace 'ore the rainbow
    Posts
    392
    Yes, it cuts it off at the end. It sends the number of characters it is supposed to send, it just sends the wrong ones...This is what is actually returned by the server:
    Code:
    HTTP/1.1 200 OK
    Server: Microsoft-IIS/5.1
    Date: Tue, 07 Sep 2004 18:08:33 GMT
    Content-Length: 118
    Content-Type: text/html
    Set-Cookie: ASPSESSIONIDQQQQQDEO=MAMJKIOCPOOJMONEHFGHCGEJ; path=/
    Cache-control: private
    
    HTTP/1.1 200 OK
    Server: Microsoft-IIS/5.1
    Date: Tue, 07 Sep 2004 18:08:33 GMT
    Content-Length: 118
    Chandler Prall<B
    The first part is what browsers parse out, the headers, as you can see the first part on the bottom is a duplication of the headers.
    Note: When my program tries the 2 fields, it gets that information, and then tries to close, but the winsock will stick in the closing state for minutes. This leads me to believe that the winsock expects something else from the server, but I'm not sure.

    cjqp
    When your answer is the Arc Sin of 1.015, you should check your Pythagorean triple.

  8. #8

    Thread Starter
    Hyperactive Member
    Join Date
    Nov 2002
    Location
    Someplace 'ore the rainbow
    Posts
    392
    Grr, now its messing up sometimes on Name,Phone,Email. If you put those three in it will mess up, but hitting refresh fixes it, and this way doesn't crash the winsock control in the program.

    cjqp
    When your answer is the Arc Sin of 1.015, you should check your Pythagorean triple.

  9. #9
    Big D Danial's Avatar
    Join Date
    Jul 2000
    Location
    ASP.Net Forum
    Posts
    2,877
    Originally posted by cjqp
    Grr, now its messing up sometimes on Name,Phone,Email. If you put those three in it will mess up, but hitting refresh fixes it, and this way doesn't crash the winsock control in the program.

    cjqp
    How are you returning the record?

    Are you constracting a html page or simply using response.write and looping the recordset?

    Trying constracting full html page then parse it out in your code after you recieve it from winsock.

    I havent used winsock that much, but it could be that winsock is treating the text as header rather then body.

    Just wild guess work.
    [VBF RSS Feed]

    There is a great war coming. Are you sure you are on the right side? Atleast I have chosen a side.

    If I have been helpful, Please Rate my Post. Thanks.

    This post was powered by :

  10. #10

    Thread Starter
    Hyperactive Member
    Join Date
    Nov 2002
    Location
    Someplace 'ore the rainbow
    Posts
    392
    Ok, I added the <HTML>and<BODY> tags, now it screws up on showing one record. Could there be a setting somewhere in IIS that's causing this?

    cjqp
    When your answer is the Arc Sin of 1.015, you should check your Pythagorean triple.

  11. #11
    Frenzied Member
    Join Date
    Aug 2000
    Location
    O!
    Posts
    1,177
    Originally posted by cjqp
    Note: When my program tries the 2 fields, it gets that information, and then tries to close, but the winsock will stick in the closing state for minutes. This leads me to believe that the winsock expects something else from the server, but I'm not sure.
    cjqp
    This is normal. If you do a netstat, you should see the port is in the TIME_WAIT state. "The TIME_WAIT value is set to 2 times the maximum segment lifetime, which is related to the time-to-live (TTL) value of IP datagrams within the network. Simply put, this allows TCP to ensure that connections are properly closed. The side initiating the close must hang around long enough for the other side to send its final packet." This wait period is normally about 4 minutes.

    Just curious, but what are you using for the LocalPort value?

  12. #12

    Thread Starter
    Hyperactive Member
    Join Date
    Nov 2002
    Location
    Someplace 'ore the rainbow
    Posts
    392
    I'm using 0 as the localport. Any ideas as to my predicament?

    cjqp
    When your answer is the Arc Sin of 1.015, you should check your Pythagorean triple.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width