Afraits

Thats what I mean about parameters not being able to be validated by ADO.NET or a dataprovider beyond the datatype check there are just too many variations for it to be practical. Plus there is no reason why someone couldn't have a username or password like the ones you mention. The only way to stop it in my understanding is for such things to be validated at input before they are passed to ADO or the underlying data providers and databases, and custome messages such as "Your selected username includes control characters - please restrict your username to alpha numeric characters and not symbols such as @ & or %. Been landed with awkward data processing job so might be a few days before I can report back on experiments.

To my mind neither SQLserver nor the SQLClient can possibly perform any validation on parameters beyond checking they are the correct datatype because other than that any value might be a valid search criteria. Any parameter validation is the responsiblity of the programmer building the SQLcommand, for which regular expressions would be an ideal way to check for possible injection attacks. I'm going to experiment a bit further to investigate to see if parameterised queries do stop SQL injection attacks on text parameters but as such attacks require text strings to be passed to the query using parameterised queries will prevent attacks based on numeric or date fields with no further work. If you want to know how they do the datatype checking I don't know.

Is the password a database level password? If so your connection string is slightly wrong, instead of the UserID & password your need to use Jet OLEDB:Database Password ie strCN = "Provider=Microsoft.Jet.OLEDB.4.0;" & _ "Data Source='" & strDBPath & "';" & _ "Jet OLEDB:Database Password=" & strDBPW

Note None of the following may be remotely close but it seems logical, I believe that by using parameters you are effectively preventing any access to the underlying SQL statement. If you use SQL="Select * from mytable where(Colcondition=" & variable & ")" can be modified by appropriate use of variable to SQL="Select * from mytable where (Colcondition=1) go Delete * from importanttable go PRINT getdate()" Effectively creating a completely different SQL statement with serious consequences. The use of parameters means that the underlying SQL statement is locked/compiled and the parameters are passed in without any risk of the statement being adjusted. ie in the above example mytable.colcondition would be searched for values equal to "1) go Delete * from importanttable go PRINT getdate(" I don't think it weeds out characters or does any other kind of validation beyond checking that parameter supplied is of the datatype expected or implicitably convertable to said datatype. That said however none of the above may actually be true but in my mind it makes sense and thats how I see it. The other reason for parameterised queries is that they can be stored as encrypted stored procedures - further protecting the code & DB.

CONVERT(varchar(12),DateField,103) will return just the date part of the field without the time in the format dd/mm/yyyy. Note that this will return the date as a string variable, if you want to keep it as a date (eg for sorting purposes) then using the datagrid to format the date to the desired format may be a better way of dealing with it.

textbox1.text=datetimepicker1.value.tostring("dddd") Should see you right.

What does sSQLFilter contain once the variables have been dropped in?

Example Setup 3 dataadapters to northwind DB for Customers, Orders & [Order details] tables, create typed dataset and define relationships between the three tables Add datagrid to form and set datasource to the typed dataset and datamember to the customers table, use the three adapters to fill the dataset in the form load and run - your results should look like the attachment, was that what you were trying to achieve? Example is in C# but as virtually everything is using .NET components it should be understandable Note: the connection will need to be adjusted to your implementation of northwind DB CSharpADONavigation.zip

The dataadapter.update will update all rows that have changed since the last update with the one call (if thats what you are asking re the batch update) - however internally i'm not sure what goes on. To me it appears that within the .update call each row is checked then updated individually but I'm not sure. Insert command example try { //overloaded creation of data adapter (to avoid connection) SqlDataAdapter Adapter=new SqlDataAdapter("SELECT * FROM Pets", "Data Source=K2-SQL2;Initial Catalog=Northwind;Integrated Security=SSPI"); //add in insert command Adapter.InsertCommand=new SqlCommand("INSERT INTO Pets (PetName,Breed,IQ) VALUES (@Petname,@Breed,@IQ)", Adapter.SelectCommand.Connection); //add in parameters for the command Adapter.InsertCommand.Parameters.Add("@Breed",SqlDbType.VarChar ,50,"Breed"); Adapter.InsertCommand.Parameters.Add("@Petname",SqlDbType.VarChar ,50,"PetName"); Adapter.InsertCommand.Parameters.Add("@IQ",SqlDbType.SmallInt,2,"IQ"); //create & fill dataset Adapter.Update( petsTable); } catch(Exception Ex) { Console.WriteLine("There was a serious problem...."); Console.WriteLine(Ex.ToString()); } This assumes Pets table containing newly added rows, similar processes would be required for the UPDATE and DELETE commands to handle rows in the dataset that exist in the DB and have been changed or deleted. ADO.NET may handle this with 1 communication but thats the internal workings of it which I don't know. Hope that helps.

Have a look at the heirarchical properties of datagrids, they are bound to datasets containing multiple tables bound with relationships, eg Customers ->orders _> order details, clicking on a row will display the child rows of that parent, v easy to do with v little code - I believe examples are on MSDN - if I have time I'll try to dig one out for you today.

You don't appear to be defining the necessary update,insert & delete commands and attaching them to the data adapter, plus I can't see where you are linking the connection to the adapter. Basically when adapter.update is called each changed row in the table to be updated is checked to see whether it is updated, inserted or deleted, the appropriate SQL command connected to the adapter is then fired to update the row in the DB. There is a command builder class that can do this for you, otherwise you have to build the paramaterised commands yourself. Check the help files for how to do this and if you have any other questions let me know, I'l try to dig out a couple of examples for you in the mean time.

Your problem is that the condition on the if statement is '<>', that means if any row in the second dataset differs from the one in the first being checked you will add to the list box. matched=false For x = 0 To DsPOPPartCodes1.POP_Parts_Costs.Rows.Count - 1 If " " + Replace(PCodeDesc, ",", "") = DsPOPPartCodes1.POP_Parts_Costs.Rows(x).Item(2).ToString Then matched=true Exit For End If Next if matched=false then Dim lvbPartRow As New ListViewItem(PCode) lvbPartRow.SubItems.Add(PCodeDesc) lvbPartCodes.Items.Add(lvbPartRow) Counter = Counter + 1 lblCheckDone.Text = Counter endif This logic will fix the problem. One other point - if the data is in datasets - why not have the data loaded into 2 tables in the same dataset then running an outer join SQL query between the tables to select ones that don't match?

Memory leak, lack of disk space (affects Windows swap file), lack of memory on the printer, recursive functions being called to many times, or just a (un)helpful microsoft error that atually means something else. If its intermittent a memory leak or a recursive function call going wrong are most likely candidates.

Checking the references your app uses should answer that question for you. If you are using Access then I think that everything you need would be contained within the standard .NET framework. If (for future reference) you use a provider for something that doesn't come with the .NET framework perhaps MYSQL as an example - then the setup package for that provider would need to be distributed with your app, after checking licensing requiremnets of course.

As long as the user has the tools to access the mdb file - ie for .NET the appropriate system.data namespaces and OLEDB or ODBC drivers/providers then they don't need Access installed on their PC. If there is any doubt these namespaces & drivers/providers should be included in your setup project.

Had a chance to test this now and yes having a table built up from a non DB source, then creating a data adapter to the DB table and setting up the insert command appropriately does work. Test code beneath (NB Pets table added to northwind DB before running) Console.WriteLine("Creating pets table"); DataTable petsTable=new DataTable("Pets"); Console.WriteLine("Adding Columns to table"); petsTable.Columns.Add("PetName",System.Type.GetType("System.String")); petsTable.Columns.Add("Breed",System.Type.GetType("System.String")); petsTable.Columns.Add("IQ",System.Type.GetType("System.Int16")); petsTable.Rows.Add(new Object[] {"Frisky","Tortoise",112}) ; petsTable.Rows.Add(new Object[] {"Fluffy","Grizzly Bear",6}) ; petsTable.Rows.Add(new Object[] {"Jez","Hamster",1}) ; //attempt to add to a DB table with same details try { //overloaded creation of data adapter (to avoid connection) SqlDataAdapter Adapter=new SqlDataAdapter("SELECT * FROM Pets", "Data Source=K2-SQL2;Initial Catalog=Northwind;Integrated Security=SSPI"); //add in insert command Adapter.InsertCommand=new SqlCommand("INSERT INTO Pets (PetName,Breed,IQ) VALUES (@Petname,@Breed,@IQ)",Adapter.SelectCommand.Connection); //add in parameters for the command Adapter.InsertCommand.Parameters.Add("@Breed",SqlDbType.VarChar ,50,"Breed"); Adapter.InsertCommand.Parameters.Add("@Petname",SqlDbType.VarChar ,50,"PetName"); Adapter.InsertCommand.Parameters.Add("@IQ",SqlDbType.SmallInt,2,"IQ"); //update dataset Adapter.Update( petsTable); } catch(Exception Ex) { Console.WriteLine("There was a serious problem...."); Console.WriteLine(Ex.ToString()); } My ADO.NET work has all been done in C# but as its mostly the data objects themselves it should be ok for the VBers

I've not tried this but I think it might be worth a go, if you have a data adapter configured to your table in the DB and you assign that data adapter to the Dataset and table contained within, then as your rows in the table will have a state of 'added' (presumably) calling dataAdapter.Update() should transfer them to your DB. It may be more complicated than that though and require use/customisation of the adapter's Insert command. I'll look into it a bit more.

I'm not sure why you are renaming the table but there is an overload method for filling the dataset which allows you to name the table as you fill it. daDataAdapter.Fill(dsDataset,"DataMembers") It may be due to the table being renamed that causes the problem but I'm not sure on that

Have you investigated System.XML? This namespace provides a number of classes to read/write and manipulate XML data.

I've recently been teaching myself C# & ADO.NET and having worked through a few books am reasonably confident about them. However my imagination (or it might be boredom as work is quiet) is lacking in trying to think up ways to use them in a more 'real' application. If there were enough new projects coming in it would be okay as I'd have real problems to practice with, but there aren't so I've been looking but not found much that impressed me. Does anyone know of any good sites that contain programming exercises, ideally of varying levels of difficulty/complexitity? Answers/solutions to exercises are not necessary though probably useful.

A method I used when dealing with errors in classes and com objects in VB6 is to store the exception within the object (in this case your processor) and provide a method to retrieve the exception. The listener can then call this method to retrieving the original exception for you to manipulate as required. If your exception handling is strucutred appropriately, this methodology of retreiving the exceptions should solve your problem.

Thanks I'll check them out - and yes other components are remaining legacy (for the time being at least - though we do have one written in VB4! that nobody wants to touch to give you an idea of when they are likely to be upgraded), so I do need to expose the .Net library to DCOM.

The company I work for has a datareceipt application written in VB6 which is setup to detect client files arriving via FTP, select a processing server and fire off a client specific ActiveX to process said data. As we are now trying to write all new software in .NET, the new client's processing code has been written as a .NET class library. What do I have to do to enable the receipt server to use DCOM to launch the processing object? No changes to the receipt application are authorised at this time and I have read that it is possible to make class libraries visible to DCOM so that DCOM works as if they were written in VB6 but I can't find the specifics of what I need to do. I would appreciate anyone who can point me in the direction of a good tutorial, or even better provide advice and/or examples in reply.