Re: Can i pass a SqlConnection object with opened connection to a method/function as a parameter?

From: Parco (parco_at_nowlover.com)
Date: 10/02/04 

Date: Sun, 3 Oct 2004 02:25:56 +0800

those static methods like GetLoginUser, DataTools.EscapeMask are just for
string editing, and do not relate to the sql objects

and i have tried your methods, but still get the same error, why? how to
solve?

"Richard Blewett [DevelopMentor]" <richardb@develop.com> ¦b¶l¥ó
news:unHJx%23HqEHA.2484@TK2MSFTNGP09.phx.gbl ¤¤¼¶¼g...
> Ummm OK, and which line throws the invalid cast exception?
>
> Why do you thing this is to do with the SqlConnection? It could be in
GetLoginUser, DataTools.EscapeMask or that the stored procedure doesn't
return a short as you have coded. What type doe the stored procedure return?
>
> I have to warn you that this isn't a great way to do data access. For a
start the database is actually going to execute
>
> sp_executeSql(EXEC checkpermission ...)
>
> So you should do
> SqlCommand objcmd = new SqlCommand("[checkpermission]");
> objcmd.CommandType = CommandType.StoredProcedure;
>
> The add the parameters via the parameters collection as you also have the
possibility of a SQL injection attack by using string concatenation
(although luckily your strings don't appear based on, at least directly,
user input).
>
> Regards
>
> Richard Blewett - DevelopMentor
> http://staff.develop.com/richardb/weblog
>
>
nntp://news.microsoft.com/microsoft.public.dotnet.framework/<#KKSDiGqEHA.3668@TK2MSFTNGP15.phx.gbl>
>
> This is my assembly object's method:
>
>
> public static bool CheckPermission(SqlConnection objconn, string
> permissionitem, string itemname, string loginuser)
> {
> SqlCommand objcmd = new SqlCommand("EXEC [checkpermission]
> @permissionitem = '" + DataTools.EscapeMask(permissionitem) + "',
@itemname
> = '" + DataTools.EscapeMask(itemname) + "', @loginacc = '" +
> DataTools.EscapeMask(GetLoginUser(loginuser, LoginAccount)) + "',
@logincus
> = '" + DataTools.EscapeMask(GetLoginUser(loginuser, LoginCustomer)) +
"'",
> (SqlConnection)objconn);
> short intresult = (short)objcmd.ExecuteScalar();
> bool checkresult;
>
> if(intresult > 0)
> {
> checkresult = true;
> }
> else
> {
> checkresult = false;
> }
>
> objcmd.Dispose();
>
> return checkresult;
> }
>
>
> This is my code of ASP.NET page which using the method:
>
>
> SqlConnection objconn = new
> SqlConnection(ConfigurationSettings.AppSettings["connstr_webhosting"]);
> objconn.Open();
>
> bool permited = (bool)CPanel.CheckPermission(objconn, "systeminfo",
> "yes", User.Identity.Name);
>
>
> How to solve it?
>
>
> "Richard Blewett [DevelopMentor]" <richardb@develop.com> ?b?l??
> news:uiz4%23tFqEHA.2900@TK2MSFTNGP12.phx.gbl ?????g...
> > This should be fine, can you show us the code of how you pass the
> connection and what you do with it when you get it
> >
> > Regards
> >
> > Richard Blewett - DevelopMentor
> > http://staff.develop.com/richardb/weblog
> >
> >
>
nntp://news.microsoft.com/microsoft.public.dotnet.framework/>
> >
> > Can i pass a SqlConnection object with opened connection to a
> > method/function as a parameter?
> >
> > For example, i need a method to process something from ASP.NET by a
.NET
> > assembly, but i don't want to connect a new connection anymore and just
> use
> > the existed opened sqlconnection object to do it and pass the object to
> the
> > method.
> >
> > that is a static method.
> > but iis told me an exception error that is System.InvalidCastException
> >
> >
> > why?
> > and how to solved?
> > or how to do it?
> >
> >
> >
> > ---
> > Incoming mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.771 / Virus Database: 518 - Release Date: 28/09/2004
> >
> >
> >
> > [microsoft.public.dotnet.framework]
>
>
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.771 / Virus Database: 518 - Release Date: 28/09/2004
>
>
>
> [microsoft.public.dotnet.framework]

Relevant Pages