security - Single quote character in query string causes SQL injection -

-

i wondering if adding single quote mark embedded query string parameter in hard coded sql query cause sql injection error? can see after @docnum parameter using both percent , single quote characters. somewhere in code causing error. if use single percent character % instead of both % , single quote character %' unlike in stringbuilder appended line below stop error occurring?

sb.append("and docnumtcn  thumbsdown @docnum%' " );

if i'm correct here, suspect you're trying document number can like another. perhaps you're trying achieve this:

sb.append("and docnumtcn '%' + @docnum + '%' ")

the confusing part thumbsdown field you've got in there.


Comments

Post a Comment

Popular posts from this blog

python - No exponential form of the z-axis in matplotlib-3D-plots -

-
Image
i have similar problem described in how prevent numbers being changed exponential form in python matplotlib figure : i don't want (in special case) weird scientific formatting of axis. problem different have problem @ z -axis. 2-d plots can use ax.get_yaxis().get_major_formatter().set_useoffset(false) . , there no function ax.get_zaxis() what use format z -axis same way? edit: example: from mpl_toolkits.mplot3d import axes3d import numpy np import sys import matplotlib import matplotlib.pyplot pyplot def func(xi, ti): res = 10e3 + np.cos(ti) * np.sin(xi) return res if __name__ == '__main__': timespacing = 20 timestart = 0 timeend = 1 time = np.linspace(timestart, timeend, timespacing) widthspacing = 50 widthstart = 0 widthend = 3 width = np.linspace(widthstart, widthend, widthspacing) reslist = [] matplotlib.rcparams['legend.fontsize'] = 10 fig = pyplot.figure() ax = fig.gca(projection = '3d...
Read more

python - PIL cannot identify image file for io.BytesIO object -

-
i using pillow fork of pil , keep receiving error oserror: cannot identify image file <_io.bytesio object @ 0x103a47468> when trying open image. using virtualenv python 3.4 , no installation of pil. i have tried find solution based on others encountering same problem, however, solutions did not work me. here code: from pil import image import io # portion part of test code byteimg = image.open("some/location/to/a/file/in/my/directories.png").tobytes() # non test code databytesio = io.bytesio(byteimg) image.open(databytesio) # <- error here the image exists in initial opening of file , gets converted bytes. appears work else can't figure out why fails me. edit: databytesio.seek(0) does not work solution (tried it) since i'm not saving image via stream, i'm instantiating bytesio data, therefore (if i'm thinking of correctly) seek should @ 0. (this solution author himself. have moved here.) solution: # portion part ...
Read more

java - disabling a node without disable its children in javafx -

-
is there solution disable node in javafx without disabling children ? want disable nodes in pane except 1 of them dynamically. tried solution , other solutions doesn't work , think has bad performance! node.getparent().requestfocus(); for(int i=0 ; i<pane.getchildren().size() ; i++){ if( !pane.getchildren().get(i).isfocused()){ pane.getchildren().get(i).setdisable(true); } } edited: also tried solution: added transparent pane main pain , add special node . doesb't work complex components because should keep sizes , locations of it's children ! i want user interact 1 node of whole scene , other nodes should disable . the current javadoc of booleanproperty disableproperty() of node says: "...... setting disable true cause node , subnodes become disabled ....... https://docs.oracle.com/javase/8/javafx/api/javafx/scene/node.html#setdisable-boolean- https://docs.oracle.com/javase/8/javafx/api/javafx/scene/node.h...
Read more