Re: How to omit blank spaces in the text?

Hi Chris,

You need to be using Command objects and CreateParameter rather than Connection.Execute *any* time that you are using user input directly. Search the web for SQL Injection, and look in the help around CreateParameter.





"chris-university student" <chrisuniversitystudent@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:D868A13E-BF24-4275-9243-B5EDB32F04B7@xxxxxxxxxxxxxxxx
i'm using vb 6 pro...
i've got a form that the user selects tablerecords from databoxes and
through a comparison,occurs a new record at another table(at cmd_click)here
is my code:

______________________________________

Private Sub Command1_Click()

Dim cn As ADODB.Connection
Set cn = New ADODB.Connection
Dim ssql As String, ssql2 As String, ssql3 As String, trimname As String
Set rn = New ADODB.Recordset
trimname = Replace(cmbname.Text, " ", "")

cn.CursorLocation = adUseClient
cn.ConnectionString = "File Name=c:\Program Files\startup\startupfile1.udl;"
cn.Open
ssql = "select DATE,NAME_SURNAME,DESCRIPTION,ADDRESS,EXTRA_HOURS from MOVES"
rn.Open ssql, cn, adOpenStatic, adLockOptimistic


intresponse = MsgBox("�á êáôá÷ùñçèåß;", vbYesNoCancel + vbQuestion +
vbDefaultButton3, "�Å� ÊÉ�ÇÓÇ")
If (intresponse = vbYes) Then
With rn
If Not (.BOF And .EOF) Then
mvBookMark = .Bookmark
End If
.AddNew
.Fields("EMP_CODE").Value = cn.Execute("SELECT EMP_CODE FROM EMPLOYEES
WHERE EMPLOYEES.NAME_SURNAME = '" & trimname & "' ;")
.Fields("WORK_CODE") = cn.Execute("SELECT WORK_CODE FROM WORKPLACE
WHERE(WORKPLACE.DESCRIPTION LIKE '" & cmbwp.Text & "' AND WORKPLACE.ADDRESS
LIKE '" & cmbadr.Text & "');")
.Fields("DATE") = txt1.Text
.Fields("DESCRIPTION") = cmbwp.Text
.Fields("ADDRESS") = cmbadr.Text
.Fields("EXTRA_HOURS") = txt2.Text
.Update
End With
Unload frmhours
Load frmhours
frmhours.Show
Unload Me
ElseIf (intresponse = vbNo) Then
txt1.SetFocus
txt2.SetFocus
cmbwp.SetFocus
cmbadr.SetFocus
Else
rn.CancelUpdate
If mvBookMark > 0 Then
rn.Bookmark = mvBookMark
Else
rn.AddNew
End If
End If
End Sub

Private Sub Command3_Click()
Unload Me
End Sub

Private Sub Form_Load()
Dim db As Connection

Set db = New Connection

db.ConnectionString = "File Name=c:\Program Files\startup\startupfile1.udl;"
db.Open

Set adoPrimaryRS = New Recordset
adoPrimaryRS.Open "select * from EMPLOYEES ", db, adOpenStatic,
adLockOptimistic
Do Until adoPrimaryRS.EOF
cmbname.AddItem adoPrimaryRS!NAME_SURNAME
adoPrimaryRS.MoveNext
Loop
Set adoPrimaryRS = New Recordset
adoPrimaryRS.Open "select * from WORKPLACE ", db, adOpenStatic,
adLockOptimistic
Do Until adoPrimaryRS.EOF
cmbwp.AddItem adoPrimaryRS!Description
adoPrimaryRS.MoveNext
Loop
Set adoPrimaryRS = New Recordset
adoPrimaryRS.Open "select * from WORKPLACE ", db, adOpenStatic,
adLockOptimistic
Do Until adoPrimaryRS.EOF
cmbadr.AddItem adoPrimaryRS!ADDRESS
adoPrimaryRS.MoveNext
Loop
End Sub

"Bill McCarthy" wrote:

There's a whole plethora of non printing and white space characters. If
this is for passwords, you're best to read the characters one by one and
ensure they are within a range you are happy with. For example, the
character set from &H21 to &H7E provides for ASCI alpha numeric characters
as well as punctuation characters etc. So you loop through the string,
using Mid or similar, checking the Asc of each character is within the given
range you decide to support.



"chris-university student"
<chrisuniversitystudent@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3443CED0-8BBC-49D2-8C7F-FC92956B1719@xxxxxxxxxxxxxxxx
> hey,,,,i've got the same problem...with spaces
> only that the compiler doesn't recognise neither Trim or Replace...
> has something to do with libraries?
>
> "Dave O." wrote:
>
>> In this context a hash can be a number formed from the ASCII values of
>> each
>> character and the positions of each character, the idea is that you >> will
>> get
>> a different number for the same characters in a different order. The
>> maths
>> should throw away some of the numbers (normally the most significant
>> figure(s)) so that it is impossible to reverse the maths to get the
>> original
>> plaintext. This is very different from encryption where you do need to
>> get
>> the original plaintext back.
>> When the password is first created you calculate the hash and store >> that,
>> then to test a password you use the same routine to calculate the hash >> of
>> the entered password then compare that with the stored hash, if they
>> match
>> then it is almost certain the entered password is correct. I say >> "almost"
>> because most hash routines will return a long so there are only just >> over
>> 4
>> billion possible hashes but an infinite number of potential passwords >> or
>> phrases, hence in theory it is possible for a wrong password to work >> but
>> the
>> odds are about 4,000,000,000 to 1 against, so I don't lose a lot of >> sleep
>> over it.
>> Another advantage is that you are just storing a number so the user >> can
>> have
>> as long a password or pass-phrase they want. Pass-phrases are good
>> because
>> they can be really long and still easy to remember.
>>
>> As for the actual hash routine, have a look around, some people may
>> suggest
>> some or there should be some available on the net.
>>
>> Regards
>> Dave O.
>>
>> "Ruslan" <Ruslan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:294B3C16-F1D3-48F6-A131-8E97630B1C90@xxxxxxxxxxxxxxxx
>> > Dear Dave,
>> > I need some clarification on the following :
>> > '
>> > You should create a non-reversible hash from the password, store >> > that
>> > and
>> > then compare it to the hash of the entered password.
>> > '
>> > Could you clarify for me how does it work in detail?
>> >
>> >
>> >
>> >
>> >
>> > "Dave O." wrote:
>> >
>> >> If you are just trying to remove spaces from a string, this will do
>> >> the
>> >> job
>> >> Replace(Text1.Text," ","")
>> >>
>> >> Another point is that storing the passwords as clear text in the
>> >> database
>> >> is
>> >> so insecure that it's so trivial to circumvent it's almost a joke.
>> >> You should create a non-reversible hash from the password, store >> >> that
>> >> and
>> >> then compare it to the hash of the entered password.
>> >>
>> >> As for spaces in a password, there is no real reason to exclude >> >> them
>> >> from
>> >> inside a password, only exclude them from the start or end of the
>> >> password,
>> >> in which case Trim(Text1.Text) would remove any spaces fore & aft.
>> >>
>> >> Regards
>> >> Dave O.
>> >>
>> >> "Ruslan" <Ruslan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> news:E09C61BB-0A8E-4072-981F-8990517CB210@xxxxxxxxxxxxxxxx
>> >> > Please assist in solving the following problem.
>> >> > In text1 field (max length is e.g. 20) User entered some password
>> >> > with
>> >> > the
>> >> > length e.g. 12.
>> >> > AT the same time I have the list of all passwords in SQL >> >> > database.
>> >> > When VB checks text1 field with the database it compares ...
>> >> > (123456..............) with (123456)
>> >> > as a result it says that password is not correct.
>> >> > Is there any way to omit blank spaces (..............) whenever >> >> > they
>> >> > appear
>> >> > after an entered password in text1?
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>


.