Re: Can i pass a SqlConnection object with opened connection to a method/function as a parameter?

From: Richard Blewett [DevelopMentor] (richardb_at_develop.com)
Date: 10/02/04

• Next message: Parco: "Re: Can i pass a SqlConnection object with opened connection to a method/function as a parameter?"
• Previous message: Jon Skeet [C# MVP]: "Re: Adding the .NET Framework in an Application"
• In reply to: Parco: "Re: Can i pass a SqlConnection object with opened connection to a method/function as a parameter?"
• Next in thread: Parco: "Re: Can i pass a SqlConnection object with opened connection to a method/function as a parameter?"
• Reply: Parco: "Re: Can i pass a SqlConnection object with opened connection to a method/function as a parameter?"
• Messages sorted by: [ date ] [ thread ]

To: microsoft.public.dotnet.framework
Date: Sat, 02 Oct 2004 12:01:35 -0700

What line of code generates the exception? I'm guessing its the cast to short from the ExecuteScalar

 Regards

 Richard Blewett - DevelopMentor
 http://staff.develop.com/richardb/weblog

   nntp://news.microsoft.com/microsoft.public.dotnet.framework/>

 those static methods like GetLoginUser, DataTools.EscapeMask are just for
 string editing, and do not relate to the sql objects
 
 and i have tried your methods, but still get the same error, why? how to
 solve?
 
 
 
 
 
 "Richard Blewett [DevelopMentor]" <richardb@develop.com> ?b?l??
 news:unHJx%23HqEHA.2484@TK2MSFTNGP09.phx.gbl ?????g...
> Ummm OK, and which line throws the invalid cast exception?
>
> Why do you thing this is to do with the SqlConnection? It could be in
 GetLoginUser, DataTools.EscapeMask or that the stored procedure doesn't
 return a short as you have coded. What type doe the stored procedure return?
>
> I have to warn you that this isn't a great way to do data access. For a
 start the database is actually going to execute
>
> sp_executeSql(EXEC checkpermission ...)
>
> So you should do
> SqlCommand objcmd = new SqlCommand("[checkpermission]");
> objcmd.CommandType = CommandType.StoredProcedure;
>
> The add the parameters via the parameters collection as you also have the
 possibility of a SQL injection attack by using string concatenation
 (although luckily your strings don't appear based on, at least directly,
 user input).
>
> Regards
>
> Richard Blewett - DevelopMentor
> http://staff.develop.com/richardb/weblog
>
>
 nntp://news.microsoft.com/microsoft.public.dotnet.framework/<#KKSDiGqEHA.3668@TK2MSFTNGP15.phx.gbl>
>
> This is my assembly object's method:
>
>
> public static bool CheckPermission(SqlConnection objconn, string
> permissionitem, string itemname, string loginuser)
> {
> SqlCommand objcmd = new SqlCommand("EXEC [checkpermission]
> @permissionitem = '" + DataTools.EscapeMask(permissionitem) + "',
 @itemname
> = '" + DataTools.EscapeMask(itemname) + "', @loginacc = '" +
> DataTools.EscapeMask(GetLoginUser(loginuser, LoginAccount)) + "',
 @logincus
> = '" + DataTools.EscapeMask(GetLoginUser(loginuser, LoginCustomer)) +
 "'",
> (SqlConnection)objconn);
> short intresult = (short)objcmd.ExecuteScalar();
> bool checkresult;
>
> if(intresult > 0)
> {
> checkresult = true;
> }
> else
> {
> checkresult = false;
> }
>
> objcmd.Dispose();
>
> return checkresult;
> }
>
>
> This is my code of ASP.NET page which using the method:
>
>
> SqlConnection objconn = new
> SqlConnection(ConfigurationSettings.AppSettings["connstr_webhosting"]);
> objconn.Open();
>
> bool permited = (bool)CPanel.CheckPermission(objconn, "systeminfo",
> "yes", User.Identity.Name);
>
>
> How to solve it?
>
>
> "Richard Blewett [DevelopMentor]" <richardb@develop.com> ?b?l??
> news:uiz4%23tFqEHA.2900@TK2MSFTNGP12.phx.gbl ?????g...
> > This should be fine, can you show us the code of how you pass the
> connection and what you do with it when you get it
> >
> > Regards
> >
> > Richard Blewett - DevelopMentor
> > http://staff.develop.com/richardb/weblog
> >
> >
>
 nntp://news.microsoft.com/microsoft.public.dotnet.framework/>
> >
> > Can i pass a SqlConnection object with opened connection to a
> > method/function as a parameter?
> >
> > For example, i need a method to process something from ASP.NET by a
 .NET
> > assembly, but i don't want to connect a new connection anymore and just
> use
> > the existed opened sqlconnection object to do it and pass the object to
> the
> > method.
> >
> > that is a static method.
> > but iis told me an exception error that is System.InvalidCastException
> >
> >
> > why?
> > and how to solved?
> > or how to do it?
> >
> >
> >
> > ---
> > Incoming mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.771 / Virus Database: 518 - Release Date: 28/09/2004
> >
> >
> >
> > [microsoft.public.dotnet.framework]
>
>
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.771 / Virus Database: 518 - Release Date: 28/09/2004
>
>
>
> [microsoft.public.dotnet.framework]
 
 
 
 ---
 Incoming mail is certified Virus Free.
 Checked by AVG anti-virus system (http://www.grisoft.com).
 Version: 6.0.771 / Virus Database: 518 - Release Date: 28/09/2004

 
 [microsoft.public.dotnet.framework]

• Next message: Parco: "Re: Can i pass a SqlConnection object with opened connection to a method/function as a parameter?"
• Previous message: Jon Skeet [C# MVP]: "Re: Adding the .NET Framework in an Application"
• In reply to: Parco: "Re: Can i pass a SqlConnection object with opened connection to a method/function as a parameter?"
• Next in thread: Parco: "Re: Can i pass a SqlConnection object with opened connection to a method/function as a parameter?"
• Reply: Parco: "Re: Can i pass a SqlConnection object with opened connection to a method/function as a parameter?"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint